Clever Geek Handbook

Microsoft AddIn Framework (MAF) Callback Security Exception Using Two AppDomains

I am having a problem with my application:

I have a host application that is running on a fully trusted application domain. This host loads the AddIn framework via MAF and activates this add-on in another application domain that only has internet access.

The host creates a helper object in the main application domain and passes its references through the MAF pipeline to the add-in (using the host and add-in view adapters). The add-in then calls a method on this helper object to load the text file from the file system. In doing this, I am taking on a SecurityException:

An unhandled exception of type 'System.Security.SecurityException' occurred    in mscorlib.dll
Additional information: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

I've already debugged the code a bit and found that there is the following Check in the Class FileStream.cs:

new FileIOPermission(secAccess, control, new String[] { filePath }, false, false).Demand();

The Demand method is implemented in CodeAccessPermissions.cs and seems to check the full call stack if all items have permissions to execute this method:

StackCrawlMark stackMark = StackCrawlMark.LookForMyCallersCaller;

When I execute this method in the helper class directly from the main method everything works fine.

When I set add-on permissions to FullTrust then it works fine.

I also checked the AppDomain and AppDomain.CurrentDomain.IsFullyTrusted attribute, which is correct in all cases.

So the problem is that the AddIn is in the Call-Stack which is causing the permission issue.

I also tried doing this on a new thread so that I no longer have AddIn on the call stack, but it had no effect.

This issue is very important to me as I don't want to provide full-text add-ins to the add-in, but let the add-in execute the methods on the node.

Does anyone know a solution to this problem?

+3


source to share


1 answer


I found a solution at that time:

The so called Stack Walk can be stopped using the Assert method on the permissions object:

PermissionSet permSet = new PermissionSet(PermissionState.Unrestricted);

permSet.Assert();

//Do the problematic Stuff

PermissionSet.RevertAssert();


Using RevertAssert, StackWalk no longer stops here.

respectfully

Tobi

0


source






More articles:


All Articles