APTCA


An assembly that has a strong name cannot be called by a partial trust assembly (an assembly that is not granted full trust), unless the strong named assembly contains AllowPartiallyTrustedCallersAttribute (APTCA) as follows :

 [assembly: AllowPartiallyTrustedCallersAttribute()] 

This is a risk mitigation strategy designed to ensure your code cannot inadvertently be exposed to partial trust ( potentially malicious) code. The common language runtime silently adds a link demand for the FullTrust permission set to all publicly accessible members on types in a strong named assembly. If you include APTCA, you suppress this link demand.

Avoid Using APTCA

If you use APTCA, your code is immediately more vulnerable to attack and, as a result, it is particularly important to review your code for security vulnerabilities. Use APTCA only where it is strictly necessary.

In the context of server-side Web applications, use APTCA whenever your assembly needs to support partial trust callers . This situation can occur in the following circumstances:

  • Your assembly is to be called by a partial trust Web application. These are applications for which the <trust> level is set to something other than Full . For more information about partial trust Web applications and using APTCA in this situation, see Chapter 9, "Using Code Access Security in ASP.NET."

  • Your assembly is to be called by another assembly that has been granted limited permissions by the code access security administrator.

  • Your assembly is to be called by another assembly that refuses specific permissions by using SecurityAction.RequestRefuse or SecurityAction.RequestOptional . These make the calling assembly a partial trust assembly.

  • Your assembly is to be called by another assembly that uses a stack walk modifier (such as Deny or PermitOnly ) to constrain downstream code.

Diagnosing APTCA Issues

If you attempt to call a strong named assembly that is not marked with APTCA from partial trust code such as a partial trust Web application, you see an exception similar to the one shown in Figure 8.4. Notice that the exception details provide no permission details and simply indicate that the required permissions (in this case, FullTrust ) cannot be acquired from the calling assembly. In this case, the somewhat confusing description text means that the error occurred because the application's <trust> level was set to something other than Full .

click to expand
Figure 8.4: The result of partial trust code calling a strong named assembly

To overcome this exception, either the calling code must be granted FullTrust or the assembly being called must be annotated with APTCA. Note that individual types within an assembly marked with APTCA might still require full trust callers, because they include an explicit link demand or regular demand for full trust, as shown in the following examples.

 [PermissionSet(SecurityAction.LinkDemand, Name="FullTrust")] [PermissionSet(SecurityAction.Demand, Unrestricted=true)] 



Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net