本文介绍了沙盒应用程序域内的后期绑定实例化的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

嗨!

在我的场景中,应该在沙盒应用程序域内(通过Activator.CreateInstance)实例化一些第三方类.但是这是不可能的,因为CreateInstanceMethod抛出SecruityException.实例化新实例需要完全信任 第三方类的实例(SecurityException的Required属性中的PermissionState为Unrestricted = true).

In my scenario some 3-rd party class should be instantiated inside of sandboxed application domain(via Activator.CreateInstance). But it is not possible because CreateInstanceMethod throws SecruityException. It requires a full trust to instantiate a new instance of the 3-rd party class(PermissionState with Unrestricted=true in Demanded property of SecurityException).

我的应用程序具有以下架构:

My application has the following architecture:

  1. 应用程序在完全信任的上下文中执行;
  2. 应用程序创建一个新的沙盒应用程序域;
  3. 具有第3方类的程序集将加载到沙盒应用程序域;
  4. 默认应用程序域通过远程处理边界来调用实例化逻辑.
  5. 用于实例化第3方类的挂钩代码是完全可信的(因为其程序集是在AppDomain.CreateDomain方法的完全信任列表中定义的).
  6. 挂钩代码尝试实例化第三方类,并因SecurityException失败:
  1. Application executes in full trust context;
  2. Application creates a new sandboxed application domain;
  3. An assembly with 3-rd party class loads to sandboxed application domain;
  4. Default application domain invokes instantiation logic through remoting boundaries;
  5. A hook code that is used to instantiate 3-rd party class are fully trusted (because its assembly is defined in full trust list of AppDomain.CreateDomain method).
  6. The hook code attempts to instantiate 3-rd party class and fails with SecurityException: "Request failed";

调用堆栈:

在System.RuntimeTypeHandle.CreateInstance(运行时类型类型,布尔publicOnly,布尔noCheck,布尔& canBeCached,RuntimeMethodHandleInternal& ctor,布尔&bNeedSecurityCheck)
  在System.RuntimeType.CreateInstanceSlow处(布尔publicOnly,布尔skipCheckThis,布尔fillCache)
  在System.RuntimeType.CreateInstanceDefaultCtor处(布尔publicOnly,布尔skipVisibilityChecks,布尔skipCheckThis,布尔fillCache)
  在System.Activator.CreateInstance(类型类型,布尔型非公共)上
  在System.Activator.CreateInstance(Type type)

at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache)
   at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.Activator.CreateInstance(Type type)

如果我使用[PermissionSet(SecurityAction.Assert,Unrestricted = true)]装饰实例化方法,则可以解决此问题.但是在这种情况下,第三方构造函数内部的所有代码都是不受限制的.

This issue can be fixed if I decorate my instantiation method with [PermissionSet(SecurityAction.Assert, Unrestricted = true)]. But in this case, all code inside of 3-rd party constructor is unrestricted.

P.S .:第三方类不是从MarshalByRefObject派生的.

P.S.: Third party class doesn't derive from MarshalByRefObject.

谢谢!

推荐答案

 

Activator.CreateInstance方法是SecurityCritical,只能由完全信任代码调用,可以使用Reflection获取第三个方法的构造方法方类,并直接调用其构造函数.

The Activator.CreateInstance method is SecurityCritical and can be called only by full-trust code, you can use Reflection to get constructor of the 3rd party class, and invoke its constructor directly.


这篇关于沙盒应用程序域内的后期绑定实例化的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-05 23:06