创建具有完全信任权限(包括网络权限)的托管 CLR AppDomain
我需要在非托管进程中托管 .NET 运行时。我有可以通过 COM 加载运行时的代码,并且可以将程序集加载到 AppDomain 中并很好地执行代码。
但是,我遇到了托管在网络共享上的应用程序的问题,并且必须更改应用程序策略才能让它们执行,但这不是一个选项。所以我想做的是将运行时的主 AppDomain 的权限级别设置为不受限制。
有人可以提供有关如何设置 AppDomain 策略级别的示例吗?我不太清楚如何从非托管代码实例化所需的类来创建 PolicyLevel 和相关对象并设置策略。基本上我不知道需要什么包含/命名空间引用才能使其在我使用的 C++ 代码中工作。
这是我此时拥有的代码:
/// Starts up the CLR and creates a Default AppDomain
DWORD WINAPI ClrLoad(char *ErrorMessage, DWORD *dwErrorSize)
{
if (spDefAppDomain)
return 1;
//Retrieve a pointer to the ICorRuntimeHost interface
HRESULT hr = CorBindToRuntimeEx(
ClrVersion, //Retrieve latest version by default
L"wks", //Request a WorkStation build of the CLR
STARTUP_LOADER_OPTIMIZATION_MULTI_DOMAIN | STARTUP_CONCURRENT_GC,
CLSID_CorRuntimeHost,
IID_ICorRuntimeHost,
(void**)&spRuntimeHost
);
if (FAILED(hr))
{
*dwErrorSize = SetError(hr,ErrorMessage);
return hr;
}
//Start the CLR
hr = spRuntimeHost->Start();
if (FAILED(hr))
return hr;
CComPtr<IUnknown> pUnk;
//Retrieve the IUnknown default AppDomain
//hr = spRuntimeHost->GetDefaultDomain(&pUnk);
//if (FAILED(hr))
// return hr;
WCHAR domainId[50];
swprintf(domainId,L"%s_%i",L"wwDotNetBridge",GetTickCount());
hr = spRuntimeHost->CreateDomain(domainId,NULL,&pUnk);
hr = pUnk->QueryInterface(&spDefAppDomain.p);
if (FAILED(hr))
return hr;
// // Create a new AppDomain PolicyLevel.
//PolicyLevel polLevel = PolicyLevel:: CreateAppDomainLevel();
//// Create a new, empty permission set.
// PermissionSet permSet = gcnew PermissionSet( PermissionState::Unrestricted);
//// Add permission to execute code to the permission set.
//permSet->AddPermission( gcnew SecurityPermission( SecurityPermissionFlag::Execution ) );
////// Give the policy level's root code group a new policy statement based
////// on the new permission set.
////polLevel->RootCodeGroup->PolicyStatement = gcnew PolicyStatement( permSet );
//// Give the new policy level to the application domain.
//spDefAppdomain->SetAppDomainPolicy( polLevel );
return 1;
}
我选择了一些示例代码(已注释),这些代码似乎可以完成我需要的操作,但我无法弄清楚需要哪些 lib/include 引用来为 PermissionSet 和进行类型引用政策层面的工作。
任何想法非常感谢...
I need to host the .NET runtime in an unmanaged process. I have code that works to load the runtime via COM and I can load assemblies into the AppDomain and execute code just fine.
However, I run into problems with applications that are hosted on a network share and have to change the application policy in order to get them to execute which is not an option. So what I'd like to do is set the permission level for the runtime's main AppDomain to unrestricted.
Can somebody provide an example on how to set the AppDomain policy level? I can't quite figure out how to instantiate the required classes from un-managed code to create the PolicyLevel and related objects and set the policy. Basically I don't know what includes/namespace references I need to get this to work from the C++ code I use.
Here's the code I have at this point:
/// Starts up the CLR and creates a Default AppDomain
DWORD WINAPI ClrLoad(char *ErrorMessage, DWORD *dwErrorSize)
{
if (spDefAppDomain)
return 1;
//Retrieve a pointer to the ICorRuntimeHost interface
HRESULT hr = CorBindToRuntimeEx(
ClrVersion, //Retrieve latest version by default
L"wks", //Request a WorkStation build of the CLR
STARTUP_LOADER_OPTIMIZATION_MULTI_DOMAIN | STARTUP_CONCURRENT_GC,
CLSID_CorRuntimeHost,
IID_ICorRuntimeHost,
(void**)&spRuntimeHost
);
if (FAILED(hr))
{
*dwErrorSize = SetError(hr,ErrorMessage);
return hr;
}
//Start the CLR
hr = spRuntimeHost->Start();
if (FAILED(hr))
return hr;
CComPtr<IUnknown> pUnk;
//Retrieve the IUnknown default AppDomain
//hr = spRuntimeHost->GetDefaultDomain(&pUnk);
//if (FAILED(hr))
// return hr;
WCHAR domainId[50];
swprintf(domainId,L"%s_%i",L"wwDotNetBridge",GetTickCount());
hr = spRuntimeHost->CreateDomain(domainId,NULL,&pUnk);
hr = pUnk->QueryInterface(&spDefAppDomain.p);
if (FAILED(hr))
return hr;
// // Create a new AppDomain PolicyLevel.
//PolicyLevel polLevel = PolicyLevel:: CreateAppDomainLevel();
//// Create a new, empty permission set.
// PermissionSet permSet = gcnew PermissionSet( PermissionState::Unrestricted);
//// Add permission to execute code to the permission set.
//permSet->AddPermission( gcnew SecurityPermission( SecurityPermissionFlag::Execution ) );
////// Give the policy level's root code group a new policy statement based
////// on the new permission set.
////polLevel->RootCodeGroup->PolicyStatement = gcnew PolicyStatement( permSet );
//// Give the new policy level to the application domain.
//spDefAppdomain->SetAppDomainPolicy( polLevel );
return 1;
}
I picked up some sample code (commented) that appears to do what I need it to, but I can't figure out what lib/include references I need to make the type references for PermissionSet and PolicyLevel work.
Any ideas much appreciated...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我认为您需要使用创建
AppDomain的“非平凡”方法才能获得任何好处:CreateDomainSetup(IUnknown** pAppDomainSetup),将为您返回一个IAppDomainSetup实例。参考文献:
I think you need to use the "non-trivial" method of creating an
AppDomainin order to get to any of that goodness:CreateDomainSetup(IUnknown** pAppDomainSetup), that'll get you back anIAppDomainSetupinstance.CreateDomainEx, passing in your initialized setup instance as the second parameterReferences: