创建具有完全信任权限(包括网络权限)的托管 CLR AppDomain

发布于 2024-10-15 17:12:35 字数 2498 浏览 5 评论 0原文

我需要在非托管进程中托管 .NET 运行时。我有可以通过 COM 加载运行时的代码,并且可以将程序集加载到 AppDomain 中并很好地执行代码。

但是,我遇到了托管在网络共享上的应用程序的问题,并且必须更改应用程序策略才能让它们执行,但这不是一个选项。所以我想做的是将运行时的主 AppDomain 的权限级别设置为不受限制。

有人可以提供有关如何设置 AppDomain 策略级别的示例吗?我不太清楚如何从非托管代码实例化所需的类来创建 PolicyLevel 和相关对象并设置策略。基本上我不知道需要什么包含/命名空间引用才能使其在我使用的 C++ 代码中工作。

这是我此时拥有的代码:

/// Starts up the CLR and creates a Default AppDomain
DWORD WINAPI ClrLoad(char *ErrorMessage, DWORD *dwErrorSize)
{
    if (spDefAppDomain)
        return 1;


    //Retrieve a pointer to the ICorRuntimeHost interface
    HRESULT hr = CorBindToRuntimeEx(
                    ClrVersion, //Retrieve latest version by default
                    L"wks", //Request a WorkStation build of the CLR
                    STARTUP_LOADER_OPTIMIZATION_MULTI_DOMAIN | STARTUP_CONCURRENT_GC, 
                    CLSID_CorRuntimeHost,
                    IID_ICorRuntimeHost,
                    (void**)&spRuntimeHost
                    );

    if (FAILED(hr)) 
    {
        *dwErrorSize = SetError(hr,ErrorMessage);   
        return hr;
    }

    //Start the CLR
    hr = spRuntimeHost->Start();

    if (FAILED(hr))
        return hr;

    CComPtr<IUnknown> pUnk;

    //Retrieve the IUnknown default AppDomain
    //hr = spRuntimeHost->GetDefaultDomain(&pUnk);
    //if (FAILED(hr)) 
    //  return hr;


    WCHAR domainId[50];
    swprintf(domainId,L"%s_%i",L"wwDotNetBridge",GetTickCount());
    hr = spRuntimeHost->CreateDomain(domainId,NULL,&pUnk);  

    hr = pUnk->QueryInterface(&spDefAppDomain.p);
    if (FAILED(hr)) 
        return hr;

      // // Create a new AppDomain PolicyLevel.
   //PolicyLevel polLevel = PolicyLevel:: CreateAppDomainLevel();

   //// Create a new, empty permission set.
   // PermissionSet permSet = gcnew PermissionSet( PermissionState::Unrestricted);

   //// Add permission to execute code to the permission set.
   //permSet->AddPermission( gcnew SecurityPermission( SecurityPermissionFlag::Execution ) );

   ////// Give the policy level's root code group a new policy statement based
   ////// on the new permission set.
   ////polLevel->RootCodeGroup->PolicyStatement = gcnew PolicyStatement( permSet );

   //// Give the new policy level to the application domain.
   //spDefAppdomain->SetAppDomainPolicy( polLevel );



    return 1;
}

我选择了一些示例代码(已注释),这些代码似乎可以完成我需要的操作,但我无法弄清楚需要哪些 lib/include 引用来为 PermissionSet 和进行类型引用政策层面的工作。

任何想法非常感谢...

I need to host the .NET runtime in an unmanaged process. I have code that works to load the runtime via COM and I can load assemblies into the AppDomain and execute code just fine.

However, I run into problems with applications that are hosted on a network share and have to change the application policy in order to get them to execute which is not an option. So what I'd like to do is set the permission level for the runtime's main AppDomain to unrestricted.

Can somebody provide an example on how to set the AppDomain policy level? I can't quite figure out how to instantiate the required classes from un-managed code to create the PolicyLevel and related objects and set the policy. Basically I don't know what includes/namespace references I need to get this to work from the C++ code I use.

Here's the code I have at this point:

/// Starts up the CLR and creates a Default AppDomain
DWORD WINAPI ClrLoad(char *ErrorMessage, DWORD *dwErrorSize)
{
    if (spDefAppDomain)
        return 1;


    //Retrieve a pointer to the ICorRuntimeHost interface
    HRESULT hr = CorBindToRuntimeEx(
                    ClrVersion, //Retrieve latest version by default
                    L"wks", //Request a WorkStation build of the CLR
                    STARTUP_LOADER_OPTIMIZATION_MULTI_DOMAIN | STARTUP_CONCURRENT_GC, 
                    CLSID_CorRuntimeHost,
                    IID_ICorRuntimeHost,
                    (void**)&spRuntimeHost
                    );

    if (FAILED(hr)) 
    {
        *dwErrorSize = SetError(hr,ErrorMessage);   
        return hr;
    }

    //Start the CLR
    hr = spRuntimeHost->Start();

    if (FAILED(hr))
        return hr;

    CComPtr<IUnknown> pUnk;

    //Retrieve the IUnknown default AppDomain
    //hr = spRuntimeHost->GetDefaultDomain(&pUnk);
    //if (FAILED(hr)) 
    //  return hr;


    WCHAR domainId[50];
    swprintf(domainId,L"%s_%i",L"wwDotNetBridge",GetTickCount());
    hr = spRuntimeHost->CreateDomain(domainId,NULL,&pUnk);  

    hr = pUnk->QueryInterface(&spDefAppDomain.p);
    if (FAILED(hr)) 
        return hr;

      // // Create a new AppDomain PolicyLevel.
   //PolicyLevel polLevel = PolicyLevel:: CreateAppDomainLevel();

   //// Create a new, empty permission set.
   // PermissionSet permSet = gcnew PermissionSet( PermissionState::Unrestricted);

   //// Add permission to execute code to the permission set.
   //permSet->AddPermission( gcnew SecurityPermission( SecurityPermissionFlag::Execution ) );

   ////// Give the policy level's root code group a new policy statement based
   ////// on the new permission set.
   ////polLevel->RootCodeGroup->PolicyStatement = gcnew PolicyStatement( permSet );

   //// Give the new policy level to the application domain.
   //spDefAppdomain->SetAppDomainPolicy( polLevel );



    return 1;
}

I picked up some sample code (commented) that appears to do what I need it to, but I can't figure out what lib/include references I need to make the type references for PermissionSet and PolicyLevel work.

Any ideas much appreciated...

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

迷雾森÷林ヴ 2024-10-22 17:12:35

我认为您需要使用创建 AppDomain 的“非平凡”方法才能获得任何好处:

  • CreateDomainSetup(IUnknown** pAppDomainSetup),将为您返回一个 IAppDomainSetup 实例。
  • 适当地填写它(我认为所有策略内容都可用)
  • 使用CreateDomainEx,将初始化的设置实例作为第二个参数传递

参考文献:

I think you need to use the "non-trivial" method of creating an AppDomain in order to get to any of that goodness:

  • CreateDomainSetup(IUnknown** pAppDomainSetup), that'll get you back an IAppDomainSetup instance.
  • Fill that in appropriately (I think all the policy stuff is available in there)
  • Use CreateDomainEx, passing in your initialized setup instance as the second parameter
  • Profit?

References:

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文