How do i.. Load an assembly with "FullTrust" security?
I have an application installed on my local disk.
This application runs with FullTrust privileges.
I'm trying to load an assembly giving it FullTrust (same privileges of the loader).
My assembly is located on a network share.
I'm actually using this code but I get a security exception:
An exception of type 'System.IO.FileLoadException' occurred in mscorlib.dll and wasn't handled in the appdomain it was thrown from
Additional information: Could not load file or assembly 'Main, Version=2.2.2029.19859, Culture=neutral, PublicKeyToken=2244f6f9e95cedae' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)
(If I configure manually the assembly with "Microsoft .NET Framework Configuration" it works.)
What's wrong in the code?
| |
Dim DLLUrlAsString ="file://fileserver/ShareName/Main.dll"
Dim adAs AppDomain = AppDomain.CurrentDomainDim domainPolicyAs PolicyLevel = PolicyLevel.CreateAppDomainLevel()
domainPolicy.RootCodeGroup =New UnionCodeGroup(New UrlMembershipCondition(DLLUrl),New PolicyStatement(domainPolicy.GetNamedPermissionSet("FullTrust"))) ad.SetAppDomainPolicy(domainPolicy)
ad.SetShadowCopyFiles() Dim anAsNew AssemblyName()
an.CodeBase = DLLUrl Dim AssemblyToLoadAsAssembly = ad.Load(an)
|
Thank you all!
[2161 byte] By [
Lino] at [2007-12-16]
There's nothing wrong with the code. That's how code access security is supposed to work. Code is granted permissions based on evidence, like the location from where it came. You have to manually set the trust for this assembly, because it wouldn't make sense if managed code could bypass this security measure.
..Hi Daniel, thank you for your quick response but there must be something wrong...
..Or at least something I can't understand.
Let me explain...
If I have enough privileges I should be able to declare that "assembly X must be run with elevated privileges"...
I'm not trying to give the loaded assembly more privileges than the loader actually has..
My assembly is actually run with FullTrust.. It could change the framework security settings through "System.Security.SecurityManager"... (adding a permanent rule for the assembly I'm trying to load) but I don't want to change definitively the local machine configuration.
I want only a temporary thing: "run it with my privileges without changing the machine state"
Moreover...
If the application is running as "FullTrust" it could execute CASPOL.EXE to add the dll as fulltrust...
Or copy the application from network share to
everywhere in my local disk and then load it from there.
If you were right (security reason) I couldn't do this...But I can (I'd like to avoid those quick and dirty workarounds) ..
So there must be a clean and simple managed method..
I think I found it but the code doesn't work so I'm sure there's something wrong in my code or in the way I'm trying to achieve this..
