Question

I want to construct a WPF system that can incorporate addin developed by an external developer community. Since I can t vouch for those developers, I want their code to run in a safe environment. It seems that MAF is a good solution, so I decided to investigate the security of MAF. One can define a precise permission set for each addon, which is very nice.

然而,我希望Addons能够退回世界森林论坛的控制。为此,他们需要能够管理人民论坛的议会。此外,我并不希望添加物能够操作不受管理的代码,以便它们能够在装上添加物时推翻我所设定的安全许可。

因此,这里的问题是——如果我未经许可就装上添加物,以操作不受管理的代码,那么该添加物就能够建立世界森林论坛的控制。我如何解决这一问题?

为了测试这一问题,我撰写了一份小型的WPF app,并试图装上它,从第二个手表操作。下面是装上和操作《世界森林框架》的代码。如果像现在一样,如果我删除了最后的“增加排放”声明(即有“UnmanageCode”旗帜的声明),那么它就停止了工作,说它可能制造“世界森林论坛”申请的窗口。

PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, PATH));
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set.AddPermission(new UIPermission(PermissionState.Unrestricted));
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));

Evidence ev = new Evidence();
AppDomain domain = AppDomain.CreateDomain("Test", ev, new AppDomainSetup() { ApplicationBase = PATH }, set);
domain.ExecuteAssembly(PATH);

Answer 1

http://msdn.microsoft.com/en-us/library/ms130766.aspx” rel=“nofollow”>this 你们可以把一些视为完全信任的eb。

如果你们看着这个系统的话。添加源代码(http://vissource.microsoft.com/netframework.aspx”rel=“nofollow” here) ,请在文件AddInActivator.cs中,使用, 摘自 http://msdn.microsoft.com/en-us/library/System.Reflection.AssemblyName.aspx” rel=“nofollow”>AssemblyName。加入。

因此,也许你可以与列报方式和系统相同。视窗。你希望给予充分信任的介绍或任何其他集会。

例如,你可以尝试这样做(几乎从AddInActivator.cs中删除):

//assembly is the Assembly object you want to grant full trust permissions.
AssemblyName assemblyName = assembly.GetName();

// get the public key blob
byte[] publicKey = assemblyName.GetPublicKey(); 
if (publicKey == null || publicKey.Length == 0)
    throw new InvalidOperationException(Res.NoStrongName);

StrongNamePublicKeyBlob keyBlob = new StrongNamePublicKeyBlob(publicKey); 

// and create the StrongName 
StrongName strongName = new StrongName(keyBlob, assemblyName.Name, assemblyName.Version); 
// then call the overload of CreatDomain that takes a StrongName object parametes.

Answer 2

我为我工作,我认为问题在于你如何启动这一gin。要求不通过议会设立上诉法院。你们的法典应当着眼于:

PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, PATH));
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set.AddPermission(new UIPermission(PermissionState.Unrestricted));

// .. retreive the addin token
var plugin = token.Activate<IMyPluginInterface>(set);

It worked for me when I used to create the plugin this way. It was also a wpf UI.

友情链接