The AllowPartiallyTrustedCallers Attribute


The AllowPartiallyTrustedCallers Attribute

As described, one of the primary goals of CAS is to enable scenarios in which code can be partially trusted. Even so, by default, a given assembly must be fully trusted to call a method in another assembly. Although this might seem counter to the spirit of CAS, the goal of this default is to force the author of an assembly to think explicitly about what is required to expose APIs to partially trusted callers. Specifically, an assembly author should perform a full security audit, including an analysis to determine that permission demands are used appropriately, before exposing APIs to callers with partial trust. In other words, the full trust default requires the author of a class library to take explicit action to enable partially trusted callers. The explicit action that is required is the annotation of the assembly with the System.Security.AllowPartiallyTrustedCallersAttribute custom attribute.

It's useful for you to have an understanding of the AllowPartiallyTrustedCallers attribute for extensible applications that grant partial trust to the code they host. For example, the assemblies I load out of the cocoon files are partially trusted because I grant only SecurityPermission (to execute), UIPermission, and IsolatedStorageFilePermission so assemblies in cocoon files can call only methods in other assemblies that are annotated with AllowPartiallyTrustedCallers. Any attempt to call a method in an assembly without this attribute results in a SecurityException with the following text:

System.Security.SecurityException: That assembly does not allow partially trusted callers.

Many of the .NET Framework class libraries are accessible by add-ins with partial trust because they are already annotated with AllowPartiallyTrustedCallers. In addition, you might need to use the AllowPartiallyTrustedCallers attribute yourself if, as part of your extensible application, you provide class libraries that are meant to be used by the add-ins you host. Be sure you consider the security ramifications of exposing your assembly to partially trusted callers before annotating your assembly with AllowPartiallyTrustedCallers. The best place to find up-to-date information about the prerequisites for using AllowPartiallyTrustedCallers can be found on the Microsoft Developer Network Web site (http://www.msdn.microsoft.com).



    Customizing the Microsoft  .NET Framework Common Language Runtime
    Customizing the Microsoft .NET Framework Common Language Runtime
    ISBN: 735619883
    EAN: N/A
    Year: 2005
    Pages: 119

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net