由于 CAS 政策过时,寻求 AppDomain.CreateDomain(string,evidence) 的替代方案
我正在阅读 Microsoft .Net Framework--Application Development Foundation Training Kit 书第 8 章第 2 课:配置应用程序域
ShowWinIni 是我要执行的程序的程序集名称
object[] hostEvidence = { new Zone(SecurityZone.MyComputer) };
Evidence e = new Evidence(hostEvidence, null);
// Create an AppDomain.
AppDomain d = AppDomain.CreateDomain("New Domain", e);
// Run the assembly
d.ExecuteAssemblyByName("ShowWinIni");
当我执行时:
AppDomain d = AppDomain.CreateDomain("New Domain", e);
我收到以下消息: “此方法隐式使用 CAS 策略,该策略已被 .NET Framework 废弃。出于兼容性原因,为了启用 CAS 策略,请使用 NetFx40_LegacySecurityPolicy 配置开关。请参阅 http://go.microsoft.com/fwlink/?LinkID=155570 了解更多信息。"
当我创建一个没有 Evidence 对象的 AppDomain 时,我可以很好地执行程序集。
当然,我访问了 http://go.microsoft.com/fwlink/?LinkID=155570< /a> 但我仍然对如何创建具有指定权限的应用程序域感到困惑。
我发现的下一个最有用的网站是 http://msdn.microsoft.com/en -us/library/bb763046.aspx 但我的 StrongName 对象计算为 NULL。
StrongName fullTrustAssembly =
typeof(Program).Assembly.Evidence.GetHostEvidence<StrongName>();
程序是实现所有这些代码的类的名称。
预先感谢您的建议和提示!
I am working through the Microsoft .Net Framework--Application Development Foundation Training Kit book Chapter 8 Lesson 2: Configuring Application Domains
ShowWinIni being the assembly name for the program I want to execute
object[] hostEvidence = { new Zone(SecurityZone.MyComputer) };
Evidence e = new Evidence(hostEvidence, null);
// Create an AppDomain.
AppDomain d = AppDomain.CreateDomain("New Domain", e);
// Run the assembly
d.ExecuteAssemblyByName("ShowWinIni");
When I execute:
AppDomain d = AppDomain.CreateDomain("New Domain", e);
I get the following message:
"This method implicitly uses CAS policy, which has been obsoleted by the .NET Framework. In order to enable CAS policy for compatibility reasons, please use the NetFx40_LegacySecurityPolicy configuration switch. Please see http://go.microsoft.com/fwlink/?LinkID=155570 for more information."
I can execute the assembly fine when I create an AppDomain without an Evidence object.
Of course, I visited http://go.microsoft.com/fwlink/?LinkID=155570 but I am still confused as to how to create an application domain with specified privileges.
The next most helpful site I found was http://msdn.microsoft.com/en-us/library/bb763046.aspx but my StrongName object computes to NULL.
StrongName fullTrustAssembly =
typeof(Program).Assembly.Evidence.GetHostEvidence<StrongName>();
Program being the name of the class implementing all this code.
Thanks in advance for your advice and tips!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我找到了一种无需启用 NetFX40_LegacySecurityPolicy 即可使原始代码示例正常工作的方法。
如果您将 SecurityZone 更改为 Internet,这将不起作用,它将尝试使用过时的 CAS 安全策略,从而导致 NotSupportedException。我想要的是 SecurityException...这意味着我想要执行的程序集没有它所需的权限。
要在具有受限权限的 AppDomain 中执行程序集,您需要使用沙箱。我发现的沙箱最好的例子在这里:
http://www.simple-talk.com/dotnet/.net-framework/whats-new-in-code-access-security-in-.net-framework-4.0---part-i/< /a>
我认为该页面也很好地解释了 4.0 中对 CAS 所做的更改!
许多来源(包括 MSDN)让我确信在调用时需要提供 StrongName 数组:
正如我在原来的帖子中所述,我过去(现在仍然)在获取 StrongName 对象而不是
null时遇到困难。事实证明我根本不需要它!这是我完成的沙箱示例:
pathToUntrusted= 程序集文件路径的字符串表示形式untrustedAssembly= 程序集名称的字符串表示形式I found a way to make the original code example work without having to enable NetFX40_LegacySecurityPolicy.
This will not work if you change the SecurityZone to Internet, it will try to use the obsoleted CAS security policy resulting in a NotSupportedException. What I want is a SecurityException... meaning that the assembly I want to execute does not have the permissions it needs.
To execute an assembly in an AppDomain with restricted permissions, you need to use sandboxing. The best example of sandboxing I found is here:
http://www.simple-talk.com/dotnet/.net-framework/whats-new-in-code-access-security-in-.net-framework-4.0---part-i/
I think that page also explains the changes made to CAS in 4.0 very well!
Many sources, including MSDN, had me convinced I needed to provide a StrongName array when calling:
As stated in my original post, I was (and still am) having trouble getting a StrongName object instead of
null. Turns out I didn't even need it!This is my completed example for sandboxing:
pathToUntrusted= a string representation of the file path to my assemblyuntrustedAssembly= a string representation of the assembly name在寻求同事的帮助后,我成功了。
显然这本书的练习是为了在.Net 3.5 框架中使用而设计的,而我使用的是 4.0。修改我的项目和 ShowWinIni 项目属性以使用 3.5 框架后,一切正常...但我仍然想让它与 4.0 框架一起工作。
解决以下消息:
“此方法隐式使用 CAS 策略,该策略已被 .NET Framework 废弃。出于兼容性原因,为了启用 CAS 策略,请使用 NetFx40_LegacySecurityPolicy 配置开关。请参阅 http://go.microsoft.com/fwlink/?LinkID=155570 了解更多信息。"
我创建了一个 app.config 文件并向其中添加了以下内容:
您可以在 http://msdn.microsoft.com/en-us/library/dd409253.aspx
这最终使我的程序成为不受信任的应用程序,当我尝试调试时抛出安全异常。为了使我的应用程序再次可信,我启用了 ClickOnce 安全设置,并在项目属性中标记了“这是一个完全信任的应用程序”。
此时,我可以调试我的程序,但是当我执行此语句时,现在抛出了安全异常:
在我创建 AppDomain 对象时开始尝试包含 Evidence 对象之前,此语句运行良好。事实证明还有另一种方法...... AppDomain.ExecuteAssemblyByName(字符串,证据),您可以在 http://msdn.microsoft.com/en-us/library/5kd4z003.aspx。因此,我将上面的代码片段替换为以下内容:
“e”是我在原始问题中创建的 Evidence 对象。
现在我认为这不是最好的解决方案。理想情况下,我不想强迫我的程序使用 NetFx40_LegacySecurityPolicy,并且我相信现实世界的应用程序不应依赖于过时的方法。我认为如果有人和我一起阅读同一本书,这个解决方案值得发布。
After seeking help from colleagues, I got this working.
Apparently the book's exercise was designed to use in .Net's 3.5 framework, while I am using 4.0. After modifying both my project and the ShowWinIni project properties to use the 3.5 framework, everything worked... but I still wanted to make this work with the 4.0 framework.
To address the following message:
"This method implicitly uses CAS policy, which has been obsoleted by the .NET Framework. In order to enable CAS policy for compatibility reasons, please use the NetFx40_LegacySecurityPolicy configuration switch. Please see http://go.microsoft.com/fwlink/?LinkID=155570 for more information."
I created an app.config file and added the following to it:
You can read more about NetFx40_LegacySecurityPolicy at http://msdn.microsoft.com/en-us/library/dd409253.aspx
This ended up making my program an untrusted application, throwing a Security Exception when I tried to debug. To make my application trusty again, I enabled ClickOnce security settings and marked "This is a full trust application" in my project's properties.
At this point, I could debug my program but a Security Exception was now being thrown when I executed this statement:
This statement worked fine before I started trying to include an Evidence object when I created my AppDomain object. Well it turns out there's another method... AppDomain.ExecuteAssemblyByName(string, evidence), you can read about at http://msdn.microsoft.com/en-us/library/5kd4z003.aspx. So I replaced the above code snippet with the following:
'e' being my Evidence object created in my original question.
Now I do NOT think this is the best solution. Ideally, I would rather not force my program to use NetFx40_LegacySecurityPolicy and I believe real world apps should not rely on obsoleted methods. I thought this solution was worth posting should anyone be working through the same book as me.