Click here to Skip to main content
11,720,374 members (78,821 online)
   

C#

 
GeneralRe: Help for code Pin
musefan3-Mar-11 0:06
membermusefan3-Mar-11 0:06 
GeneralRe: Help for code Pin
Girish4813-Mar-11 0:47
memberGirish4813-Mar-11 0:47 
GeneralRe: Help for code Pin
Eddy Vluggen3-Mar-11 1:06
memberEddy Vluggen3-Mar-11 1:06 
GeneralRe: Help for code Pin
Girish4813-Mar-11 3:38
memberGirish4813-Mar-11 3:38 
GeneralRe: Help for code Pin
Eddy Vluggen3-Mar-11 6:45
memberEddy Vluggen3-Mar-11 6:45 
GeneralRe: Help for code Pin
Girish4813-Mar-11 23:48
memberGirish4813-Mar-11 23:48 
GeneralRe: Help for code Pin
Eddy Vluggen4-Mar-11 12:16
memberEddy Vluggen4-Mar-11 12:16 
GeneralRe: Help for code Pin
Girish4815-Mar-11 16:56
memberGirish4815-Mar-11 16:56 
GeneralRe: Help for code Pin
Eddy Vluggen6-Mar-11 0:42
memberEddy Vluggen6-Mar-11 0:42 
QuestionHow do you protect your app hosting third party dll ...? [modified] Pin
devvvy2-Mar-11 21:32
memberdevvvy2-Mar-11 21:32 
AnswerRe: How do you protect your app hosting third party dll ...? Pin
Eddy Vluggen3-Mar-11 6:58
memberEddy Vluggen3-Mar-11 6:58 
GeneralRe: How do you protect your app hosting third party dll ...? Pin
devvvy3-Mar-11 15:21
memberdevvvy3-Mar-11 15:21 
GeneralRe: How do you protect your app hosting third party dll ...? Pin
Eddy Vluggen4-Mar-11 11:04
memberEddy Vluggen4-Mar-11 11:04 
GeneralRe: How do you protect your app hosting third party dll ...? [modified] Pin
devvvy4-Mar-11 22:28
memberdevvvy4-Mar-11 22:28 
Hello I tried out your advice - MSDN article on sand boxing third party dll [^]

The following code created new AppDomain for third party dll, invoke it and found out that AppDomain.Current.GetData[KEY1] refers to that of the "New Domain" (not old AppDomain of hosting app)

But again, two problems still remains:
a. third party can still access all AppDomain - see this.[^]
(But if MSDN is correct, GetCallingAssembly requires ReflectionPermission as well - so DENY ReflectionPermission is very key)[^]

b. third party library can simply retrieves hosting types by GetCallingAssembly
public void DoWork(string Message)
{
// For some reason keeps getting "Exception of type 'System.ExecutionEngineException' was thrown." when there're more than one class other than "Program.cs" but this worked otherwise (i.e. I think my DENY ReflectionPermission didn't work!) ...
Type[] Types = Assembly.GetCallingAssembly().GetTypes();
if (Types != null)
{
foreach (Type t in Types)
{
Console.WriteLine("Detected type: " + t.FullName);
}
}


c. Am I doing it right below on how to DENY ReflectionPermission? (By setting PermissionState.None)

Anyway here's my full test code.
***** Program.cs *****
using System;
using System.IO;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using System.Threading;

using System.Reflection;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;

using UserUtil;
using SimpleUtil;

namespace TestAppDomain
{
class Program
{
public const string KEY1 = "KEY1";
public static AppDomain UserDomain = null;

static void Main(string[] args)
{
string UntrustedThirdPartyDir = @"..\..\UserUtil\UserUtil\bin\Debug";
string ThirdPartyDll = "UserUtil.dll";
string ThirdPartyServiceFullyQualifiedName = "UserUtil.ServiceProvider";

Assembly UserAssembly = null;

Object oProvider = null;
SimpleUtil.IServiceProvider UserProvider = null;

try
{
#region Sandbox preparation
// http://msdn.microsoft.com/en-us/library/bb763046.aspx
// http://www1.cs.columbia.edu/~lok/csharp/refdocs/System.Security.Permissions/types/ReflectionPermission.html
// http://www1.cs.columbia.edu/~lok/csharp/refdocs/System.Security.Permissions/types/ReflectionPermissionFlag.html
AppDomainSetup AdSetup = new AppDomainSetup();
AdSetup.ApplicationBase = Path.GetFullPath(UntrustedThirdPartyDir);

PermissionSet PermSet = new PermissionSet(PermissionState.None);
PermSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

// QUESTION: How to DENY reflection permission...? Am I doing it right? (I don't think it is)
ReflectionPermission RefPerm = new ReflectionPermission(PermissionState.None);
PermSet.AddPermission(RefPerm);

StrongName FullTrustAssembly = typeof(Program).Assembly.Evidence.GetHostEvidence<StrongName>();
#endregion


UserDomain = AppDomain.CreateDomain(
"UserDomain", null, AdSetup, PermSet, FullTrustAssembly
);

AppDomain.CurrentDomain.SetData(KEY1, "PrivateKey");
UserDomain.SetData(KEY1, "NoProblem!");

oProvider = Activator.CreateInstanceFrom(
UserDomain, ThirdPartyDll, ThirdPartyServiceFullyQualifiedName
).Unwrap();

#region No need for this...
// oProvider = UserDomain.CreateInstanceFrom("UserUtil.dll", "UserUtil.ServiceProvider").Unwrap();
#endregion

#region No need for this either ..
// UserAssembly = Assembly.LoadFrom("UserUtil.dll");
// oProvider = UserAssembly.CreateInstance("UserUtil.ServiceProvider");
#endregion

if (oProvider != null)
{
if (oProvider is SimpleUtil.IServiceProvider)
{
UserProvider = (SimpleUtil.IServiceProvider)oProvider;

Object[] parameters = { "Calling UserProvider.DoWork" };

while (true)
{
#region OPTION 1: prints out "UserUtil.DoWork - secret=NoProblem!"
// UserProvider.DoWork("Calling UserProvider.DoWork");
#endregion

#region OPTION 2: prints out "UserUtil.DoWork - secret=NoProblem!"
UserProvider.GetType().GetMethod("DoWork").Invoke(UserProvider, parameters);
#endregion
}
}
}
}
catch (Exception Ex)
{
Console.WriteLine(Ex.Message);
}

return;
}
}
}

*** SimpleUtil.ServiceProvider ***
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using System.Runtime.Serialization;

namespace SimpleUtil
{
[Serializable()]
class ServiceProvider : SimpleUtil.IServiceProvider
{
public void DoWork(string Message)
{
Console.WriteLine("SimpleUtil.DoWork");
return;
}

public ServiceProvider()
{
return;
}

public ServiceProvider(SerializationInfo info, StreamingContext context)
{
return;
}

public void GetObjectData(
SerializationInfo info,
StreamingContext context
)
{
return;
}

}
}

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using System.Runtime.Serialization;

namespace SimpleUtil
{
public interface IServiceProvider : ISerializable
{
void DoWork(string Message);
}
}


***** UserUtil.ServiceProvider *****
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

#region "Inheritance security rules violated while overriding member" runtime error
/*
ATTN:
In implementing ISerializable of class below, you'd need to override "GetObjectData" and in .NET 4, this'd give runtime error
"Inheritance security rules violated while overriding member: 'UserUtil.ServiceProvider.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden."
This runtime error happens when:
oProvider = Activator.CreateInstanceFrom(
UserDomain, ThirdPartyDll, ThirdPartyServiceFullyQualifiedName
);
Two options:
a. [assembly: SecurityRules(SecurityRuleSet.Level1)]
But this relaxes defaults, and thus undesirable
b. Apply attrib below - unfortunately it doesn't work
[SecurityCriticalAttribute()] --> This requires "using System.Security"
public void GetObjectData(
SerializationInfo info,
StreamingContext context
)
{
return;
}
REF:
http://stackoverflow.com/questions/3055792/inheritance-security-rules-violated-while-overriding-member-securityruleset-lev
http://msdn.microsoft.com/en-us/library/system.security.securitycriticalattribute.aspx
*/
#endregion

using System.Security;
using System.Security.Policy;
using System.Security.Permissions;

using System.Runtime.Serialization;

using SimpleUtil;

namespace UserUtil
{
[Serializable()]
public class ServiceProvider : MarshalByRefObject, SimpleUtil.IServiceProvider

{
public void DoWork(string Message)
{
// throw new Exception("Testing - Exception blowing up in third party library (still kills the hosting app what the hell)");

object oSecret = null;
string secret = null;

oSecret = AppDomain.CurrentDomain.GetData("KEY1");
if (oSecret != null)
{
secret = (string)oSecret;
Console.WriteLine("UserUtil.DoWork - secret=" + secret); // This is accessing new/UserUtil AppDomain!! Good!
}
else
{
Console.WriteLine("UserUtil.DoWork - secret=NULL!");
}
return;
}

public ServiceProvider()
{
return;
}

public ServiceProvider(SerializationInfo info, StreamingContext context)
{
return;
}

[SecurityCriticalAttribute()]
public void GetObjectData(
SerializationInfo info,
StreamingContext context
)
{
return;
}
}
}

dev
modified on Saturday, March 5, 2011 6:47 AM

GeneralRe: How do you protect your app hosting third party dll ...? Pin
Eddy Vluggen5-Mar-11 3:02
memberEddy Vluggen5-Mar-11 3:02 
GeneralRe: How do you protect your app hosting third party dll ...? Pin
devvvy5-Mar-11 14:24
memberdevvvy5-Mar-11 14:24 
GeneralRe: How do you protect your app hosting third party dll ...? Pin
Eddy Vluggen7-Mar-11 0:41
memberEddy Vluggen7-Mar-11 0:41 
GeneralRe: How do you protect your app hosting third party dll ...? Pin
devvvy7-Mar-11 14:27
memberdevvvy7-Mar-11 14:27 
QuestionUpdate progress bar on another form Pin
Etienne_1232-Mar-11 21:28
memberEtienne_1232-Mar-11 21:28 
AnswerRe: Update progress bar on another form Pin
musefan2-Mar-11 22:29
membermusefan2-Mar-11 22:29 
GeneralRe: Update progress bar on another form Pin
Etienne_1233-Mar-11 21:17
memberEtienne_1233-Mar-11 21:17 
AnswerRe: Update progress bar on another form Pin
DaveyM693-Mar-11 1:13
mentorDaveyM693-Mar-11 1:13 
GeneralRe: Update progress bar on another form Pin
Luc Pattyn3-Mar-11 1:36
mvpLuc Pattyn3-Mar-11 1:36 
GeneralRe: Update progress bar on another form Pin
DaveyM693-Mar-11 3:58
mentorDaveyM693-Mar-11 3:58 
GeneralRe: Update progress bar on another form Pin
Etienne_1233-Mar-11 20:00
memberEtienne_1233-Mar-11 20:00 
QuestionPausing execution for certain amount of time without freezing the form. Pin
john1234512-Mar-11 14:48
memberjohn1234512-Mar-11 14:48 
AnswerRe: Pausing execution for certain amount of time without freezing the form. Pin
Luc Pattyn2-Mar-11 15:31
mvpLuc Pattyn2-Mar-11 15:31 
AnswerRe: Pausing execution for certain amount of time without freezing the form. Pin
OriginalGriff2-Mar-11 21:19
mvpOriginalGriff2-Mar-11 21:19 
GeneralRe: Pausing execution for certain amount of time without freezing the form. Pin
Luc Pattyn3-Mar-11 0:53
mvpLuc Pattyn3-Mar-11 0:53 
AnswerRe: Pausing execution for certain amount of time without freezing the form. Pin
musefan2-Mar-11 22:20
membermusefan2-Mar-11 22:20 
QuestionConsole in c# 2008 Express Pin
Bob Pawley2-Mar-11 12:47
memberBob Pawley2-Mar-11 12:47 
AnswerRe: Console in c# 2008 Express Pin
Dave Kreskowiak2-Mar-11 12:59
mvpDave Kreskowiak2-Mar-11 12:59 
AnswerRe: Console in c# 2008 Express Pin
DaveyM692-Mar-11 13:32
mentorDaveyM692-Mar-11 13:32 
AnswerRe: Console in c# 2008 Express Pin
Stark DaFixzer2-Mar-11 21:16
memberStark DaFixzer2-Mar-11 21:16 
QuestionHow to select a radio button in internet explorer. Pin
sososm2-Mar-11 11:46
membersososm2-Mar-11 11:46 
QuestionLastinputinfo() not working on my machine ... Pin
turbosupramk32-Mar-11 10:51
memberturbosupramk32-Mar-11 10:51 
AnswerRe: Lastinputinfo() not working on my machine ... Pin
Eddy Vluggen2-Mar-11 11:08
memberEddy Vluggen2-Mar-11 11:08 
AnswerRe: Lastinputinfo() not working on my machine ... [modified] Pin
DaveyM692-Mar-11 12:11
mentorDaveyM692-Mar-11 12:11 
GeneralRe: Lastinputinfo() not working on my machine ... Pin
turbosupramk33-Mar-11 6:08
memberturbosupramk33-Mar-11 6:08 
GeneralRe: Lastinputinfo() not working on my machine ... Pin
DaveyM693-Mar-11 6:58
mentorDaveyM693-Mar-11 6:58 
QuestionGetting the relevent letter for unicode. Pin
prasadbuddhika2-Mar-11 6:46
memberprasadbuddhika2-Mar-11 6:46 
AnswerRe: Getting the relevent letter for unicode. Pin
Richard MacCutchan2-Mar-11 6:55
mvpRichard MacCutchan2-Mar-11 6:55 
AnswerRe: Getting the relevent letter for unicode. Pin
Eddy Vluggen2-Mar-11 7:24
memberEddy Vluggen2-Mar-11 7:24 
GeneralC# / WPF Job Offer in Tampa, FL Pin
Azad Giordano Ratzki2-Mar-11 4:13
memberAzad Giordano Ratzki2-Mar-11 4:13 
GeneralRe: C# / WPF Job Offer in Tampa, FL Pin
Pete O'Hanlon2-Mar-11 4:23
mvpPete O'Hanlon2-Mar-11 4:23 
GeneralRe: C# / WPF Job Offer in Tampa, FL Pin
Azad Giordano Ratzki2-Mar-11 4:30
memberAzad Giordano Ratzki2-Mar-11 4:30 
GeneralRe: C# / WPF Job Offer in Tampa, FL Pin
Pete O'Hanlon2-Mar-11 4:46
mvpPete O'Hanlon2-Mar-11 4:46 
GeneralRe: C# / WPF Job Offer in Tampa, FL Pin
Pete O'Hanlon2-Mar-11 5:39
mvpPete O'Hanlon2-Mar-11 5:39 
GeneralRe: C# / WPF Job Offer in Tampa, FL Pin
MDL=>Moshu2-Mar-11 5:47
memberMDL=>Moshu2-Mar-11 5:47 
GeneralRe: C# / WPF Job Offer in Tampa, FL Pin
Stark DaFixzer2-Mar-11 5:54
memberStark DaFixzer2-Mar-11 5:54 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.


Advertise | Privacy | Mobile
Web03 | 2.8.150901.1 | Last Updated 4 Sep 2015
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid