由于 CAS 政策过时,寻求 AppDomain.CreateDomain(string,evidence) 的替代方案

发布于 2024-10-15 02:57:31 字数 1366 浏览 10 评论 0原文

我正在阅读 Microsoft .Net Framework--Application Development Foundation Training Kit 书第 8 章第 2 课:配置应用程序域

ShowWinIni 是我要执行的程序的程序集名称

object[] hostEvidence = { new Zone(SecurityZone.MyComputer) };
Evidence e = new Evidence(hostEvidence, null);

// Create an AppDomain.
AppDomain d = AppDomain.CreateDomain("New Domain", e);

// Run the assembly
d.ExecuteAssemblyByName("ShowWinIni");

当我执行时:

AppDomain d = AppDomain.CreateDomain("New Domain", e);

我收到以下消息: “此方法隐式使用 CAS 策略,该策略已被 .NET Framework 废弃。出于兼容性原因,为了启用 CAS 策略,请使用 NetFx40_LegacySecurityPolicy 配置开关。请参阅 http://go.microsoft.com/fwlink/?LinkID=155570 了解更多信息。"

当我创建一个没有 Evidence 对象的 AppDomain 时,我可以很好地执行程序集。

当然,我访问了 http://go.microsoft.com/fwlink/?LinkID=155570< /a> 但我仍然对如何创建具有指定权限的应用程序域感到困惑。

我发现的下一个最有用的网站是 http://msdn.microsoft.com/en -us/library/bb763046.aspx 但我的 StrongName 对象计算为 NULL。

StrongName fullTrustAssembly =
     typeof(Program).Assembly.Evidence.GetHostEvidence<StrongName>();

程序是实现所有这些代码的类的名称。

预先感谢您的建议和提示!

I am working through the Microsoft .Net Framework--Application Development Foundation Training Kit book Chapter 8 Lesson 2: Configuring Application Domains

ShowWinIni being the assembly name for the program I want to execute

object[] hostEvidence = { new Zone(SecurityZone.MyComputer) };
Evidence e = new Evidence(hostEvidence, null);

// Create an AppDomain.
AppDomain d = AppDomain.CreateDomain("New Domain", e);

// Run the assembly
d.ExecuteAssemblyByName("ShowWinIni");

When I execute:

AppDomain d = AppDomain.CreateDomain("New Domain", e);

I get the following message:
"This method implicitly uses CAS policy, which has been obsoleted by the .NET Framework. In order to enable CAS policy for compatibility reasons, please use the NetFx40_LegacySecurityPolicy configuration switch. Please see http://go.microsoft.com/fwlink/?LinkID=155570 for more information."

I can execute the assembly fine when I create an AppDomain without an Evidence object.

Of course, I visited http://go.microsoft.com/fwlink/?LinkID=155570 but I am still confused as to how to create an application domain with specified privileges.

The next most helpful site I found was http://msdn.microsoft.com/en-us/library/bb763046.aspx but my StrongName object computes to NULL.

StrongName fullTrustAssembly =
     typeof(Program).Assembly.Evidence.GetHostEvidence<StrongName>();

Program being the name of the class implementing all this code.

Thanks in advance for your advice and tips!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

苏别ゝ 2024-10-22 02:57:31

我找到了一种无需启用 NetFX40_LegacySecurityPolicy 即可使原始代码示例正常工作的方法。

EvidenceBase[] hostEvidence = { new Zone(SecurityZone.MyComputer) };
Evidence e = new Evidence(hostEvidence, null);

AppDomain d = AppDomain.CreateDomain("New Domain", e);

d.ExecuteAssemblyByName("ShowWinIni");

如果您将 SecurityZone 更改为 Internet,这将不起作用,它将尝试使用过时的 CAS 安全策略,从而导致 NotSupportedException。我想要的是 SecurityException...这意味着我想要执行的程序集没有它所需的权限。

要在具有受限权限的 AppDomain 中执行程序集,您需要使用沙箱。我发现的沙箱最好的例子在这里:
http://www.simple-talk.com/dotnet/.net-framework/whats-new-in-code-access-security-in-.net-framework-4.0---part-i/< /a>

我认为该页面也很好地解释了 4.0 中对 CAS 所做的更改!

许多来源(包括 MSDN)让我确信在调用时需要提供 StrongName 数组:

AppDomain.CreateDomain( string friendlyName,
                        Evidence securityInfo,
                        AppDomainSetup info,
                        PermissionSet grantSet,
                        params StrongName[] fullTrustAssemblies);

正如我在原来的帖子中所述,我过去(现在仍然)在获取 StrongName 对象而不是 null 时遇到困难。事实证明我根本不需要它!

这是我完成的沙箱示例:

Evidence ev = new Evidence();
ev.AddHostEvidence(new Zone(SecurityZone.Internet));
PermissionSet internetPS = SecurityManager.GetStandardSandbox(ev);

AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(pathToUntrusted);

AppDomain newDomain = AppDomain.CreateDomain("Sandbox Domain", null, adSetup, internetPS);

newDomain.ExecuteAssemblyByName(untrustedAssembly);

pathToUntrusted = 程序集文件路径的字符串表示形式

untrustedAssembly = 程序集名称的字符串表示形式

I found a way to make the original code example work without having to enable NetFX40_LegacySecurityPolicy.

EvidenceBase[] hostEvidence = { new Zone(SecurityZone.MyComputer) };
Evidence e = new Evidence(hostEvidence, null);

AppDomain d = AppDomain.CreateDomain("New Domain", e);

d.ExecuteAssemblyByName("ShowWinIni");

This will not work if you change the SecurityZone to Internet, it will try to use the obsoleted CAS security policy resulting in a NotSupportedException. What I want is a SecurityException... meaning that the assembly I want to execute does not have the permissions it needs.

To execute an assembly in an AppDomain with restricted permissions, you need to use sandboxing. The best example of sandboxing I found is here:
http://www.simple-talk.com/dotnet/.net-framework/whats-new-in-code-access-security-in-.net-framework-4.0---part-i/

I think that page also explains the changes made to CAS in 4.0 very well!

Many sources, including MSDN, had me convinced I needed to provide a StrongName array when calling:

AppDomain.CreateDomain( string friendlyName,
                        Evidence securityInfo,
                        AppDomainSetup info,
                        PermissionSet grantSet,
                        params StrongName[] fullTrustAssemblies);

As stated in my original post, I was (and still am) having trouble getting a StrongName object instead of null. Turns out I didn't even need it!

This is my completed example for sandboxing:

Evidence ev = new Evidence();
ev.AddHostEvidence(new Zone(SecurityZone.Internet));
PermissionSet internetPS = SecurityManager.GetStandardSandbox(ev);

AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(pathToUntrusted);

AppDomain newDomain = AppDomain.CreateDomain("Sandbox Domain", null, adSetup, internetPS);

newDomain.ExecuteAssemblyByName(untrustedAssembly);

pathToUntrusted = a string representation of the file path to my assembly

untrustedAssembly = a string representation of the assembly name

寻找我们的幸福 2024-10-22 02:57:31

在寻求同事的帮助后,我成功了。

显然这本书的练习是为了在.Net 3.5 框架中使用而设计的,而我使用的是 4.0。修改我的项目和 ShowWinIni 项目属性以使用 3.5 框架后,一切正常...但我仍然想让它与 4.0 框架一起工作。

解决以下消息:
“此方法隐式使用 CAS 策略,该策略已被 .NET Framework 废弃。出于兼容性原因,为了启用 CAS 策略,请使用 NetFx40_LegacySecurityPolicy 配置开关。请参阅 http://go.microsoft.com/fwlink/?LinkID=155570 了解更多信息。"

我创建了一个 app.config 文件并向其中添加了以下内容:

<configuration>
   <runtime>
      <NetFx40_LegacySecurityPolicy enabled="true"/>
   </runtime>
</configuration>

您可以在 http://msdn.microsoft.com/en-us/library/dd409253.aspx

这最终使我的程序成为不受信任的应用程序,当我尝试调试时抛出安全异常。为了使我的应用程序再次可信,我启用了 ClickOnce 安全设置,并在项目属性中标记了“这是一个完全信任的应用程序”。

此时,我可以调试我的程序,但是当我执行此语句时,现在抛出了安全异常:

d.ExecuteAssemblyByName("ShowWinIni");

在我创建 AppDomain 对象时开始尝试包含 Evidence 对象之前,此语句运行良好。事实证明还有另一种方法...... AppDomain.ExecuteAssemblyByName(字符串,证据),您可以在 http://msdn.microsoft.com/en-us/library/5kd4z003.aspx。因此,我将上面的代码片段替换为以下内容:

d.ExecuteAssemblyByName("ShowWinIni", e);

“e”是我在原始问题中创建的 Evidence 对象。

现在我认为这不是最好的解决方案。理想情况下,我不想强​​迫我的程序使用 NetFx40_LegacySecurityPolicy,并且我相信现实世界的应用程序不应依赖于过时的方法。我认为如果有人和我一起阅读同一本书,这个解决方案值得发布。

After seeking help from colleagues, I got this working.

Apparently the book's exercise was designed to use in .Net's 3.5 framework, while I am using 4.0. After modifying both my project and the ShowWinIni project properties to use the 3.5 framework, everything worked... but I still wanted to make this work with the 4.0 framework.

To address the following message:
"This method implicitly uses CAS policy, which has been obsoleted by the .NET Framework. In order to enable CAS policy for compatibility reasons, please use the NetFx40_LegacySecurityPolicy configuration switch. Please see http://go.microsoft.com/fwlink/?LinkID=155570 for more information."

I created an app.config file and added the following to it:

<configuration>
   <runtime>
      <NetFx40_LegacySecurityPolicy enabled="true"/>
   </runtime>
</configuration>

You can read more about NetFx40_LegacySecurityPolicy at http://msdn.microsoft.com/en-us/library/dd409253.aspx

This ended up making my program an untrusted application, throwing a Security Exception when I tried to debug. To make my application trusty again, I enabled ClickOnce security settings and marked "This is a full trust application" in my project's properties.

At this point, I could debug my program but a Security Exception was now being thrown when I executed this statement:

d.ExecuteAssemblyByName("ShowWinIni");

This statement worked fine before I started trying to include an Evidence object when I created my AppDomain object. Well it turns out there's another method... AppDomain.ExecuteAssemblyByName(string, evidence), you can read about at http://msdn.microsoft.com/en-us/library/5kd4z003.aspx. So I replaced the above code snippet with the following:

d.ExecuteAssemblyByName("ShowWinIni", e);

'e' being my Evidence object created in my original question.

Now I do NOT think this is the best solution. Ideally, I would rather not force my program to use NetFx40_LegacySecurityPolicy and I believe real world apps should not rely on obsoleted methods. I thought this solution was worth posting should anyone be working through the same book as me.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文