We’ve talked about APTCA. We’ve talked about security transparency. Do they relate? Yes, at least in .NET 4.
Marking your assembly with APTCA means that your entire assembly becomes security transparent. However, you can still explicitly annotate portions of the code as SecuritySafeCritical or SecurityCritical.
You may wonder what happens if you don’t mark your assembly APTCA. Partial trust code obviously cannot call it, but for a different reason. If you remember back to my APTCA article, you’ll remember that partial trust code can’t call strong-named assemblies that aren’t marked APTCA. However, in .NET 4, by default, partial trust code can’t call any assembly. This is because partial trust code is always security transparent, and the default transparency level for .NET 4 code is security critical. Security transparent code can’t ever call security critical code unless it goes through security safe critical code first.
Hi David
I’m enjoying your blog posts about security – you write very well!
I’ve tried testing what you’ve just described in this blog in Studio 2010. I’ve created a sandboxed appdomain in which I execute assembly A. Assembly A then calls a method in Assembly B.
Assembly B does not have APTCA.
It works if and only if assembly B is unsigned – just like in CLR 2.0. Am I doing something wrong – or is this feature not yet implemented in the beta?
Hi Joseph, thanks for the compliment! I am glad you find these posts on the new security model resourceful.
This is what I would expect given your situation.
If Assembly B is fully trusted (i.e. in the GAC or setup as fully trusted by your sandbox AppDomain), then I would expect the call from Assembly A to Assembly B to fail. Since Assembly A is running in partial trust, it is security transparent. Assembly B, on the other hand, will be security critical since it’s not marked with APTCA.
If Assembly B is not fully trusted, I would expect the call from Assembly A to Assembly B to succeed, regardless of whether Assembly B is signed. Since this isn’t working for you, can you share the Exception type and message you received while running this?