Comments on: How to Host a Partial Trust Sandbox – #7

By: David DeWinter

David DeWinter — Sun, 21 Nov 2010 19:37:29 +0000

The MAF assemblies are fully trusted, but remember that when demanding permissions the CLR checks the entire call stack for those permissions even across AppDomain boundaries, until it either reaches the end or hits an assert for the permission being demanded. I don’t have much experience with MAF but if you could provide a stack trace and message that could help further diagnose the problem.

By: Tim Coulter

Tim Coulter — Fri, 19 Nov 2010 09:57:43 +0000

Thanks for this insight. It has helped me to create a 90% solution to my problem, but I am struggling with the last 10% …

I am using MAF to interface my WPF app to its 3rd party add-ins. MAF provides me with out-of-the-box functionality to run these add-ins in their own AppDomain and to specify the permissions assigned to that domain, but I also need to be able to run some of my own code in full-trust in the add-in domain, so I don’t think I can use this basic functionality?

Instead, I am trying to use the MAF activation overload that accepts an AppDomain. Using the technique described in your post, I created an AppDomain that has restricted permissions, but is also given a list of my strong-named trusted assemblies. Unfortunately, when MAF executes AddInToken.Activate() it throws a SecurityException whilst performing the reflection necesary to discover the add-ins.

Since the MAF assemblies are in the GAC, shouldn’t they automatically be fully trusted? Can you suggest anything else I could try to get past this obstacle.

Thanks,
Tim

By: Tip #20 – Opting Out of Security Changes in .NET 4 in ASP.NET and Custom AppDomains | David DeWinter

Tue, 02 Mar 2010 16:04:18 +0000

[...] it relies on CAS Policy to apply specific permissions to assemblies. In .NET 4 ASP.NET sets up a sandbox AppDomain by default, which means that even if only fully trusted code is on the call stack, as soon as a [...]