Welcome to MSDN Blogs Sign in | Join | Help

Common Issue: Security Exceptions

If you are hosting a control in the browser and have given it elevated permissions (we will use FullTrust for this example) you might notice that you are still getting security exceptions when you try to call protected APIs. 

Here's what is going on.

When Internet Explorer creates an AppDomain to host your control it does so without any consideration to the strong name permissions on your assembly.  This is perfectly sensible because the strong name evidence doesn't apply to the AppDomain, only to those assemblies which are signed.  The AppDomain will be created based on Zone and Url evidence which is available.

Usually this means that the AppDomain will be granted either the Internet or LocalIntranet PermissionSet.

Later when your assembly is loaded into the domain, it will be granted the permissions that were assigned to the strong name.

At this point your AppDomain looks something like this:

+------------------------------------------------------------+
| AppDomain: PermissionSet=Internet                          |
|                                                            |
|  +-------------------+     +----------------+ +----------+ |
|  | YourAssembly      |     | System.dll     | | ...      | |
|  |   FullTrust       |     |   FullTrust    | +----------+ |
|  |   Strong Name     |     |   Strong Name  |              |
|  +-------------------+     +----------------+              |
|                                                            |
+------------------------------------------------------------+

(excuse the ASCII diagram)

When you call an API which has a security demand on it, you can imagine your call stack looks something like this:

System.Diagnostics.Process.Start() FullTrust <-- Demand 
MyControl.button1_Click(...)       FullTrust        Demand succeeds
System.Windows.Forms.Stuff         FullTrust        Demand succeeds
AppDomain                          Internet zone    Demand FAILS

How do you fix this?  You have two choices.  The better option is to explicitly Assert each permission before using it (this is what I did in the event sample before calling the JavaScript code on the hosting page http://blogs.msdn.com/andrewdownum/archive/2006/01/26/ControlInBrowserEvents.aspx).

The call stack would look like this instead

System.Diagnostics.Process.Start() FullTrust <-- Demand 
MyControl.button1_Click(...)       FullTrust <-- ASSERT   Demand SUCCEEDS
System.Windows.Forms.Stuff         FullTrust              Not evaluated
AppDomain                          Internet zone          Not evaluated

The other option would be to change security policy for the zone or URL instead of strong name.  I don't recommend this because you are weakening the security policy on the machine for your convenience.

Published Thursday, February 16, 2006 7:56 AM by AndrewDownum
Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: Common Issue: Security Exceptions

Sunday, February 19, 2006 11:59 PM by EricLaw [MSFT]
Great stuff, Andrew.  thanks!

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker