C# “沙盒例外”;派生类型必须与基类型的安全可访问性相匹配,或者不易访问。”;
当我尝试在沙盒应用程序域中启用代码访问安全性时,出现以下错误 类型“XXX”违反了继承安全规则。派生类型必须与基类型的安全可访问性相匹配,或者不易访问 以下是我所拥有的: 插件程序集有一个实现sdk程序集中定义的接口的类。插件程序集未签名。此外,插件程序集在AssemblyInfo.cs中有[assembly:SecurityTransparent] 例如:C# “沙盒例外”;派生类型必须与基类型的安全可访问性相匹配,或者不易访问。”;,c#,.net,sandbox,appdomain,code-access-security,C#,.net,Sandbox,Appdomain,Code Access Security,当我尝试在沙盒应用程序域中启用代码访问安全性时,出现以下错误 类型“XXX”违反了继承安全规则。派生类型必须与基类型的安全可访问性相匹配,或者不易访问 以下是我所拥有的: 插件程序集有一个实现sdk程序集中定义的接口的类。插件程序集未签名。此外,插件程序集在AssemblyInfo.cs中有[assembly:SecurityTransparent] 例如: public Class Bar : AbstractBase { // This class implements an abstrac
public Class Bar : AbstractBase
{
// This class implements an abstract method defined in the base class
}
AbstractBase在SDK二进制文件中定义并签名。此外,当我在执行程序集中创建域时,它被标记为受信任
[安全性安全关键]
公共抽象类AbstractBase:MarshallByRefObject,IDisposable
{
公共抽象方法()
下面是我在SDK二进制文件的AssemblyInfo.cs中尝试的内容
[assembly: AllowPartiallyTrustedCallers]
[assembly: SecurityRules(SecurityRuleSet.Level2, SkipVerificationInFullTrust = true)]
//[assembly: SecurityRules(SecurityRuleSet.Level1)]
最后,还有一个正在执行的程序集,它创建了一个域并应用了安全限制
private void CreateAppDomain()
{
AppDomainSetup domainSetup = new AppDomainSetup();
domainSetup.ApplicationName = "Plugins";
domainSetup.ApplicationBase = Section.Instance.BaseDirectory;
domainSetup.ConfigurationFile = domainSetup.ApplicationName + ".config";
PermissionSet domainPermissions = new PermissionSet(PermissionState.None);
domainPermissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
domainPermissions.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Net.WebPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Net.Mail.SmtpPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Configuration.ConfigurationPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Data.SqlClient.SqlClientPermission(PermissionState.Unrestricted));
StrongName plugins = typeof(AbstractBase).Assembly.Evidence.GetHostEvidence<StrongName>();
this.appDomain = AppDomain.CreateDomain(domainSetup.ApplicationName, null,
domainSetup, domainPermissions,
plugins);
}
我不确定我遗漏了什么,或者我的架构在某种程度上对代码访问安全性有错吗?非常感谢您的帮助
编辑:
这是堆栈跟踪。我的UT执行与上面描述的完全相同的操作
在System.Reflection.RuntimeAssembly.GetType(RuntimeAssembly程序集、字符串名称、布尔throwOnError、布尔ignoreCase、ObjectHandleOnStack类型)
在System.Reflection.RuntimeAssembly.GetType(字符串名称、布尔throwOnError、布尔ignoreCase)
位于System.Activator.CreateInstanceFromInternal(字符串汇编文件、字符串类型名、布尔型ignoreCase、BindingFlags bindingAttr、Binder Binder、对象[]args、CultureInfo区域性、对象[]ActivationAttribute、证据安全信息)
位于System.AppDomain.CreateInstanceFrom(字符串汇编文件,字符串类型名)
位于System.AppDomain.CreateInstanceFromAndUnwrap(字符串assemblyName,字符串typeName)
位于System.AppDomain.CreateInstanceFromAndUnwrap(字符串assemblyName,字符串typeName)
在Microsoft.Windows.Infrastructure.MissionControl.Eventing.Agent.Tests.ActionProcessorTests.TestActionExecuted()中在ActionProcessorTests.cs中:第196行好吧,这是一篇老文章,但我在试图解决同样的问题时偶然发现了它。问题是您已经用
SecuritySafeCritical
标记了整个AbstractBase类,但是Bar类,因为它没有签名,所以必须是SecurityTrans父级
。不允许从SecuritySafeCritical
类派生SecurityTransparent
类
解决方案是删除
[SecuritySafeCritical]AbstractBase类的属性。由于您已将antire程序集标记为AllowPartiallyTrustedCallers
,因此AbstractBase类将默认为SecurityTransparent
,并且AbstractBase和Bar都是透明的
然后,当您需要访问SecuritySafeCritical
或SecurityCritical
函数时,您可以将AbstractBase中的单个函数标记为SecuritySafeCritical
。这将允许这些方法访问更受限制的类。SecurityTransparent
类不能包含在内它来自SecuritySafeCritical
类。
private void CreateAppDomain()
{
AppDomainSetup domainSetup = new AppDomainSetup();
domainSetup.ApplicationName = "Plugins";
domainSetup.ApplicationBase = Section.Instance.BaseDirectory;
domainSetup.ConfigurationFile = domainSetup.ApplicationName + ".config";
PermissionSet domainPermissions = new PermissionSet(PermissionState.None);
domainPermissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
domainPermissions.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Net.WebPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Net.Mail.SmtpPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Configuration.ConfigurationPermission(PermissionState.Unrestricted));
domainPermissions.AddPermission(new System.Data.SqlClient.SqlClientPermission(PermissionState.Unrestricted));
StrongName plugins = typeof(AbstractBase).Assembly.Evidence.GetHostEvidence<StrongName>();
this.appDomain = AppDomain.CreateDomain(domainSetup.ApplicationName, null,
domainSetup, domainPermissions,
plugins);
}
action =
this.appDomain.CreateInstanceFromAndUnwrap(
Path.Combine(pluginProperties.AssemblyBaseDirectory, pluginProperties.AssemblyName),
className) as
AbstractBase;