Allowing Partially Trusted Callers

re: Allowing Partially Trusted Callers

Wraith — Sun, 06 Feb 2005 19:56:00 GMT

One particular class in the exclusion list has caused me some headaches, FileVersionInfo. The documentation doesn't tell you that it has a LinkDemand for full unrestricted permissions and because of the vaugeries of security exceptions in 1.x it was very hard to work out why my method kept failing.

Is there any reason (or anyone/anywhere more appropriate to ask) why exactly FileVersionInfo requires totally unrestricted permissions? I ask because the thing preventing my using it was my using RequestRefuse on ReflectionEmit in my assembly, which really isn't something that realistically prevents use of the class. In order to get around the restriction I implemented my own version of the class which only requires FileIO and UnmanagedCode permissions, it seems to work so I don't see the need for the restriction on the CLR version which I would have preferred to use.

At the very least it would be helpful if the classes that require extra security permissions were clearly marked in the documentation instead of only being listed under an article on a somewhat obscure Attribute that i wouldn't even know to read about if it wasn't for your very helpful blog.

re: Allowing Partially Trusted Callers

Shawn — Mon, 07 Feb 2005 18:38:00 GMT

Hi Wraith,

I'm not sure what that decision was made for the particular class. Decisions like these can be made based on a variety of criteria, ranging from a threat found during security testing or threat modling, to schedule pressures not allowing a thourough security test of the class to ensure it is safe to expose to partial trust.

One place to check for the answer might be the BCL team's blog. (http://blogs.msdn.com/bclteam)

-Shawn

AllowPartiallyTrustedCallersAttribute

Security Briefs — Tue, 08 Feb 2005 21:33:00 GMT

re: Allowing Partially Trusted Callers

Judah Himango — Wed, 09 Feb 2005 03:13:00 GMT

Can we get Managed DirectX, or at least the simple rendering of primitives to APTC? It's frustrarting not being able to use MDX9 via ClickOnce with all the possibilities there...

re: Allowing Partially Trusted Callers

Shawn — Wed, 09 Feb 2005 17:43:00 GMT

Hi Judah,

Well, that's up to the DX team. It may very well be their design decision to not allow DirectX (which allows pretty close control of the hardware) from partial trust. However, that absolutely does not remove the chance to use DX9 in a ClickOnce scenario. In fact, due to the permission elevation feature of ClickOnce, you can simply say "my app needs full trust". Then if the user grants FullTrust, you'll be able to use DX since you'll meet the APTCA link demands.

-Shawn

re: Allowing Partially Trusted Callers

Sergey Koshcheyev — Thu, 17 Nov 2005 13:14:59 GMT

What if I don't have any permission assertions in my library? Is it then safe to allow partially trusted callers to use it? Or can you think of a scenario where this would be insecure?

Wackylabs.Net » Flickr.Net API and Medium Trust

Wackylabs.Net » Flickr.Net API and Medium Trust — Fri, 03 Feb 2006 18:36:04 GMT

PingBack from http://www.wackylabs.net/2006/02/flickrnet-api-and-medium-trust/

re: Allowing Partially Trusted Callers

Steve Flaum — Wed, 08 Feb 2006 18:22:37 GMT

I'm getting the error message "That assembly does not allow partially trusted callers" when calling a method in the same assembly. That is, a VB.Net Sub running in the Visual Studio 2005 debugger raises that error when it tries to call a Sub in another module in the same project and assembly. How can that be?

re: Allowing Partially Trusted Callers

Steve Flaum — Wed, 08 Feb 2006 18:43:11 GMT

It turns out that the problem was that I had moved my project to a network drive. When I moved it back to a local drive, the error message went away.

' strange message for that problem.

we don't allow partially-trusted checkin policies in V1

James Manning's blog — Sat, 11 Feb 2006 02:13:23 GMT

One of the V1 decisions we made was to not allow partially trusted callers in our policy framework.&nbsp;...

My Attribute Disappears

Haibo Luo's weblog — Wed, 22 Feb 2006 04:44:55 GMT

The GetCustomAttributes scenario (ICustomAttributeProvider.GetCustomAttributes
...

APTCA and Custom Attributes

.Net Security Blog — Wed, 22 Feb 2006 20:38:00 GMT

Haibo just posted an excellent article about what happens when you use reflection to get a custom attribute...

SecurityException: That assembly does not allow partially trusted callers.

Gump's blog — Fri, 07 Apr 2006 22:26:29 GMT

The exception mentioned in the title of this post was the one&nbsp;I encountered when using an ASP.Net...

re: Allowing Partially Trusted Callers

John — Sun, 09 Apr 2006 21:44:19 GMT

What if the calling assembly is not on a network share...!? It is only accessing SQL Server. Does that make it partially untrusted? Why?

re: Allowing Partially Trusted Callers

shawnfa — Mon, 17 Apr 2006 18:15:16 GMT

Any code that is not granted FullTrust is partially trusted. If your code is hosted within SQL Server, then it likely is partially trusted.

-Shawn

APTCA and SQL Server 2005

.Net Security Blog — Fri, 23 Jun 2006 21:41:45 GMT

Last year, I explored the ins and outs of the AllowPartiallyTrustedCallersAttribute.&nbsp; Today, the...

re: Allowing Partially Trusted Callers

David Walker — Sat, 24 Jun 2006 02:14:54 GMT

Just HOW do you "apply APTCA to the assembly"??? The "more information" link you posted is broken.

re: Allowing Partially Trusted Callers

Shawn — Sat, 24 Jun 2006 02:25:35 GMT

The link seems to work for me. To apply APTCA, just add the AllowPartiallTrustedCallersAttribute to your assembly:

[assembly: AllowPartiallyTrustedCallers]

-Shawn

re: Allowing Partially Trusted Callers

Shawn — Sat, 24 Jun 2006 02:25:40 GMT

The link seems to work for me. To apply APTCA, just add the AllowPartiallTrustedCallersAttribute to your assembly:

[assembly: AllowPartiallyTrustedCallers]

-Shawn

re: Allowing Partially Trusted Callers

shreeman — Wed, 26 Jul 2006 22:17:51 GMT

Shawn,
Wouldnot it be Better to Provide a better Description of the Security Error so that one can understand that he is facing a LinkDemand issue or it is not possible to determine that this indeed was due to LinkDemand BeforeHand OR this is by design to not provide any further description here.Although the exception is a security exception one don't ve any mean to diagnost these.

re: Allowing Partially Trusted Callers

shawnfa — Wed, 26 Jul 2006 22:33:39 GMT

Absolutely a better error message would help things out. That's why in v2.0 you now get the message about "That assembly does not allow partially trusted callers." in order to help diagonose the problem with APTCA.

-Shawn

re: Allowing Partially Trusted Callers

Sid DeLuca — Tue, 10 Oct 2006 16:47:43 GMT

If you're having problems with the attribute on the assembly, you may need to qualify the value with the Security namespace: (vb)

re: Allowing Partially Trusted Callers

John — Tue, 28 Nov 2006 23:59:53 GMT

So what do I do if I'm using a third party assembly? For example, I tried deploying the MySql Connector assembly to my web server but I get the "System.Security.SecurityException: That assembly does not allow partially trusted callers." exception. What do I do now?

re: Allowing Partially Trusted Callers

Doods — Thu, 30 Nov 2006 21:40:20 GMT

Shawn - I must be missing something here because i've spent the entire day trying to follow one guideline after another on how to make my website work but still end up unsuccessfull.

My website is written in VB 2.0, using MySQL database and the MySQL Provider (mysql.data.dll) to connect to the db tables. My business logic and data access are together in a class that resides in the App_Code folder.

Just above this class I added the "AllowPartiallTrustedCallersAttribute" signature (<Assembly: AllowPartiallyTrustedCallers()> ).

I still end up with a security exception as follows:

[SecurityException: That assembly does not allow partially trusted callers.]

oradude.Poetry.GetPoemTitles() +0

I am getting hopeless here and would really appreciate your help.

Thanks.

Doods

re: Allowing Partially Trusted Callers

shawnfa — Mon, 18 Dec 2006 04:03:03 GMT

It would appear that either the assembly containing the oradude object, the return value of hte Poetry property or the return value of GetPopemTitles() is not marked APTCA. I would start by checking those out.

-Shawn

re: Allowing Partially Trusted Callers

shawnfa — Mon, 18 Dec 2006 04:03:57 GMT

In the case of third party assemblies, you'll need to contact the developer. In many cases (such as non-APTCA assemblies from Microsoft), the assemblies have not been tested under partial trust and may not be safe for arbitrary untrusted code to call.

-Shawn

re: Allowing Partially Trusted Callers

Il'ya — Tue, 27 Mar 2007 13:41:26 GMT

I have the same problem as Doods does: I've added [assembly: AllowPartiallyTrustedCallers()] to AssemblyInfo.cs file (I use C#), but still have that Security Exception. May be the problem is in MySql.Data.dll?

re: Allowing Partially Trusted Callers

shawnfa — Thu, 29 Mar 2007 20:24:53 GMT

APTCA needs to be applied to the assembly which is being called. So if your code is calling into MySql.Data, then MySql.Data will need APTCA.

-Shawn

re: Allowing Partially Trusted Callers

okman — Thu, 05 Feb 2009 09:45:44 GMT

is there any cahnge in senario after version

.net version 2.0 and 3.5 have been releaced?

re: Allowing Partially Trusted Callers

shawnfa — Fri, 06 Feb 2009 00:39:02 GMT

No, this behaves the same in all released versions of the .NET framework (at this point that's through v3.5 SP1).

re: Allowing Partially Trusted Callers

chessfan — Tue, 24 Feb 2009 04:19:17 GMT

I am adding the .dll for a library that does not allow partially trusted callers into my C# project. When I go to modify the assembly directives, I'm unable to modify anything that's in the screen. How do I get permissions to modify the assembly directives?

Another reference even includes the attribute I want:

System.Security.AllowPartiallyTrustedCallersAttribute

But if I try to type or paste this into the window for my .dll, I'm not allowed to.