Medium Level Trust and Reflection

microsoft.public.dotnet.security

25 Feb 2005 4:01 PM

Paul Hatcher

Is there any way of granting a specific assembly Reflection permission when
the web server is set to Medium level trust? The assembly is signed and may
be placed in the GAC if necessary

Paul

25 Feb 2005 9:36 PM

Nicole Calinoiu

Have you tried adding it to the GAC? Did it work? If so, would you stiff
prefer an alternate approach? For example, you might try to alter the
web_mediumtrust.config to grant additional permissions to your assembly
based on its
strong name.

Show quoteHide quote

"Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
> Is there any way of granting a specific assembly Reflection permission
> when
> the web server is set to Medium level trust? The assembly is signed and
> may
> be placed in the GAC if necessary
>
> Paul
>
>

25 Feb 2005 10:07 PM

Joe Kaplan (MVP - ADSI)

Won't he need to assert the permissions he's using to if he wants to prevent
a stack walk? That would apply in either situation (GAC or non-GAC) if his
assembly had permissions that the rest of the application did not by
default, right?

Joe K.

Show quoteHide quote

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
> Have you tried adding it to the GAC? Did it work? If so, would you stiff
> prefer an alternate approach? For example, you might try to alter the
> web_mediumtrust.config to grant additional permissions to your assembly
> based on its
> strong name.
>
>
> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
>> Is there any way of granting a specific assembly Reflection permission
>> when
>> the web server is set to Medium level trust? The assembly is signed and
>> may
>> be placed in the GAC if necessary
>>
>> Paul
>>
>>
>
>
>

25 Feb 2005 10:40 PM

Nicole Calinoiu

Depends on whether the code that's being called makes a link demand or full
demand. If it's a full demand, then an assertion will be required, but
assertion permission can be acquired by the same means as reflection
permission.

Show quoteHide quote

"Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote
in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
> Won't he need to assert the permissions he's using to if he wants to
> prevent a stack walk? That would apply in either situation (GAC or
> non-GAC) if his assembly had permissions that the rest of the application
> did not by default, right?
>
> Joe K.
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
>> Have you tried adding it to the GAC? Did it work? If so, would you
>> stiff
>> prefer an alternate approach? For example, you might try to alter the
>> web_mediumtrust.config to grant additional permissions to your assembly
>> based on its
>> strong name.
>>
>>
>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
>>> Is there any way of granting a specific assembly Reflection permission
>>> when
>>> the web server is set to Medium level trust? The assembly is signed and
>>> may
>>> be placed in the GAC if necessary
>>>
>>> Paul
>>>
>>>
>>
>>
>>
>
>

25 Feb 2005 11:40 PM

Joe Kaplan (MVP - ADSI)

That's pretty much what I thought. I wasn't sure if the code he was calling
that demanded the Reflection permission did a full demand or not, so I
thought he should probably know about Assert as well, just in case.

Thanks!

Joe K.

Show quoteHide quote

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
> Depends on whether the code that's being called makes a link demand or
> full demand. If it's a full demand, then an assertion will be required,
> but assertion permission can be acquired by the same means as reflection
> permission.
>
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote
> in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
>> Won't he need to assert the permissions he's using to if he wants to
>> prevent a stack walk? That would apply in either situation (GAC or
>> non-GAC) if his assembly had permissions that the rest of the application
>> did not by default, right?
>>
>> Joe K.
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
>>> Have you tried adding it to the GAC? Did it work? If so, would you
>>> stiff
>>> prefer an alternate approach? For example, you might try to alter the
>>> web_mediumtrust.config to grant additional permissions to your assembly
>>> based on its
>>> strong name.
>>>
>>>
>>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
>>>> Is there any way of granting a specific assembly Reflection permission
>>>> when
>>>> the web server is set to Medium level trust? The assembly is signed
>>>> and
>>>> may
>>>> be placed in the GAC if necessary
>>>>
>>>> Paul
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
>

26 Feb 2005 12:54 AM

Paul Hatcher

Is this correct...

1. Assert the Reflection permission declaratively in the code.
a.. Place the assembly in the GAC
or
b. Modify the web_mediumtrust.config to grant Assertion and Reflect
permission based on the strong name

Paul

Show quoteHide quote

"Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote
in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
> That's pretty much what I thought. I wasn't sure if the code he was
calling
> that demanded the Reflection permission did a full demand or not, so I
> thought he should probably know about Assert as well, just in case.
>
> Thanks!
>
> Joe K.
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
> > Depends on whether the code that's being called makes a link demand or
> > full demand. If it's a full demand, then an assertion will be required,
> > but assertion permission can be acquired by the same means as reflection
> > permission.
> >
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
wrote
> > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
> >> Won't he need to assert the permissions he's using to if he wants to
> >> prevent a stack walk? That would apply in either situation (GAC or
> >> non-GAC) if his assembly had permissions that the rest of the
application
> >> did not by default, right?
> >>
> >> Joe K.
> >>
> >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message
> >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
> >>> Have you tried adding it to the GAC? Did it work? If so, would you
> >>> stiff
> >>> prefer an alternate approach? For example, you might try to alter the
> >>> web_mediumtrust.config to grant additional permissions to your
assembly
> >>> based on its
> >>> strong name.
> >>>
> >>>
> >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
> >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
> >>>> Is there any way of granting a specific assembly Reflection
permission
> >>>> when
> >>>> the web server is set to Medium level trust? The assembly is signed
> >>>> and
> >>>> may
> >>>> be placed in the GAC if necessary
> >>>>
> >>>> Paul
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >>
> >
> >
>
>

26 Feb 2005 2:29 PM

Nicole Calinoiu

The default medium trust level grants full trust to code in the GAC so,
assuming the defaults are in effect, placing the assembly in the GAC should
be sufficient to gain permissions for both reflection and assertion.

If you don't want to risk having your assembly be granted full trust, you
could modify the web_mediumtrust.config file to grant only the extra
permissions you need based on the strong name. The default config file
contains groups for the the ECMA and Microsoft strong names that you could
use as a starting point model for your own group.

Either way, you will most likely need to modify the assembly to assert
reflection permission since ASP.NET will probably cause a weakly named
assembly to be present high on the call stack when your code is called.
However, assertions are potentially risky, so a declarative assertion is not
a great idea. Instead, you should follow a pattern like the following:

// Code that does not require the assertion goes here.

IStackWalk permission = new SomePermission(...);
permission.Assert();
try
{
// Minimum set of code requiring the assertion goes here.
}
finally
{
CodeAccessPermission.RevertAll();
}

In addition, if you can identify some other permission that maps well as a
substitute for the permission you are asserting, it's generally a good idea
to demand that permission (declaratively or imperatively) prior to
performing the assertion. This would make your code less susceptible to
luring by very low-privileged callers.

Show quoteHide quote

"Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
news:%23vGgt25GFHA.2860@TK2MSFTNGP12.phx.gbl...
> Is this correct...
>
> 1. Assert the Reflection permission declaratively in the code.
> a.. Place the assembly in the GAC
> or
> b. Modify the web_mediumtrust.config to grant Assertion and Reflect
> permission based on the strong name
>
> Paul
>
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote
> in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
>> That's pretty much what I thought. I wasn't sure if the code he was
> calling
>> that demanded the Reflection permission did a full demand or not, so I
>> thought he should probably know about Assert as well, just in case.
>>
>> Thanks!
>>
>> Joe K.
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
>> > Depends on whether the code that's being called makes a link demand or
>> > full demand. If it's a full demand, then an assertion will be
>> > required,
>> > but assertion permission can be acquired by the same means as
>> > reflection
>> > permission.
>> >
>> >
>> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
> wrote
>> > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
>> >> Won't he need to assert the permissions he's using to if he wants to
>> >> prevent a stack walk? That would apply in either situation (GAC or
>> >> non-GAC) if his assembly had permissions that the rest of the
> application
>> >> did not by default, right?
>> >>
>> >> Joe K.
>> >>
>> >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> message
>> >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
>> >>> Have you tried adding it to the GAC? Did it work? If so, would you
>> >>> stiff
>> >>> prefer an alternate approach? For example, you might try to alter
>> >>> the
>> >>> web_mediumtrust.config to grant additional permissions to your
> assembly
>> >>> based on its
>> >>> strong name.
>> >>>
>> >>>
>> >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>> >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
>> >>>> Is there any way of granting a specific assembly Reflection
> permission
>> >>>> when
>> >>>> the web server is set to Medium level trust? The assembly is signed
>> >>>> and
>> >>>> may
>> >>>> be placed in the GAC if necessary
>> >>>>
>> >>>> Paul
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>
>> >>
>> >
>> >
>>
>>
>
>

26 Feb 2005 1:49 AM

Shawn Farkas [MS]

Hi Paul,

Looks correct to me :-) Although you won't need Assertion permission if
you go route b, since, if I understand your scenario correctly, you no
longer will need to Assert any permissions.

-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.

Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------

> From: "Paul Hatcher" <phatcher@spamless.cix.co.uk>
> References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>

<u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
<#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
<#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
<#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>

> Subject: Re: Medium Level Trust and Reflection
> Date: Sat, 26 Feb 2005 00:54:08 -0000
> Lines: 77
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.3790.224
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224
> Message-ID: <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
> Newsgroups: microsoft.public.dotnet.security
> NNTP-Posting-Host: lan2.phatch.adsl.alcom.co.uk 212.47.82.102
> Path:

TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
2.phx.gbl
Show quoteHide quote

> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9248
> X-Tomcat-NG: microsoft.public.dotnet.security
>
> Is this correct...
>
> 1. Assert the Reflection permission declaratively in the code.
> a.. Place the assembly in the GAC
> or
> b. Modify the web_mediumtrust.config to grant Assertion and Reflect
> permission based on the strong name
>
> Paul
>
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote
> in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
> > That's pretty much what I thought. I wasn't sure if the code he was
> calling
> > that demanded the Reflection permission did a full demand or not, so I
> > thought he should probably know about Assert as well, just in case.
> >
> > Thanks!
> >
> > Joe K.
> >
> > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message
> > news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
> > > Depends on whether the code that's being called makes a link demand or
> > > full demand. If it's a full demand, then an assertion will be
required,
> > > but assertion permission can be acquired by the same means as
reflection
> > > permission.
> > >
> > >
> > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
> wrote
> > > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
> > >> Won't he need to assert the permissions he's using to if he wants to
> > >> prevent a stack walk? That would apply in either situation (GAC or
> > >> non-GAC) if his assembly had permissions that the rest of the
> application
> > >> did not by default, right?
> > >>
> > >> Joe K.
> > >>
> > >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> message
> > >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
> > >>> Have you tried adding it to the GAC? Did it work? If so, would you
> > >>> stiff
> > >>> prefer an alternate approach? For example, you might try to alter
the
> > >>> web_mediumtrust.config to grant additional permissions to your
> assembly
> > >>> based on its
> > >>> strong name.
> > >>>
> > >>>
> > >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
> > >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
> > >>>> Is there any way of granting a specific assembly Reflection
> permission
> > >>>> when
> > >>>> the web server is set to Medium level trust? The assembly is
signed
> > >>>> and
> > >>>> may
> > >>>> be placed in the GAC if necessary
> > >>>>
> > >>>> Paul
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>>
> > >>
> > >>
> > >
> > >
> >
> >
>
>
>

26 Feb 2005 2:29 PM

Nicole Calinoiu

Even with approach (b), assertion will most likely be required due to
ASP.NET's dynamic page compilation.

""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
Show quoteHide quote

news:F1BGzV6GFHA.2164@TK2MSFTNGXA02.phx.gbl...
> Hi Paul,
>
> Looks correct to me :-) Although you won't need Assertion permission if
> you go route b, since, if I understand your scenario correctly, you no
> longer will need to Assert any permissions.
>
> -Shawn
> http://blogs.msdn.com/shawnfa
> --
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> Note:
> For the benefit of the community-at-large, all responses to this message
> are best directed to the newsgroup/thread from which they originated.
> --------------------
>> From: "Paul Hatcher" <phatcher@spamless.cix.co.uk>
>> References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>
> <u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
> <#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
> <#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
> <#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
>> Subject: Re: Medium Level Trust and Reflection
>> Date: Sat, 26 Feb 2005 00:54:08 -0000
>> Lines: 77
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Newsreader: Microsoft Outlook Express 6.00.3790.224
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224
>> Message-ID: <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
>> Newsgroups: microsoft.public.dotnet.security
>> NNTP-Posting-Host: lan2.phatch.adsl.alcom.co.uk 212.47.82.102
>> Path:
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
> 2.phx.gbl
>> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9248
>> X-Tomcat-NG: microsoft.public.dotnet.security
>>
>> Is this correct...
>>
>> 1. Assert the Reflection permission declaratively in the code.
>> a.. Place the assembly in the GAC
>> or
>> b. Modify the web_mediumtrust.config to grant Assertion and Reflect
>> permission based on the strong name
>>
>> Paul
>>
>>
>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
>> wrote
>> in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
>> > That's pretty much what I thought. I wasn't sure if the code he was
>> calling
>> > that demanded the Reflection permission did a full demand or not, so I
>> > thought he should probably know about Assert as well, just in case.
>> >
>> > Thanks!
>> >
>> > Joe K.
>> >
>> > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> message
>> > news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
>> > > Depends on whether the code that's being called makes a link demand
>> > > or
>> > > full demand. If it's a full demand, then an assertion will be
> required,
>> > > but assertion permission can be acquired by the same means as
> reflection
>> > > permission.
>> > >
>> > >
>> > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
>> wrote
>> > > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
>> > >> Won't he need to assert the permissions he's using to if he wants to
>> > >> prevent a stack walk? That would apply in either situation (GAC or
>> > >> non-GAC) if his assembly had permissions that the rest of the
>> application
>> > >> did not by default, right?
>> > >>
>> > >> Joe K.
>> > >>
>> > >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>> message
>> > >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
>> > >>> Have you tried adding it to the GAC? Did it work? If so, would
>> > >>> you
>> > >>> stiff
>> > >>> prefer an alternate approach? For example, you might try to alter
> the
>> > >>> web_mediumtrust.config to grant additional permissions to your
>> assembly
>> > >>> based on its
>> > >>> strong name.
>> > >>>
>> > >>>
>> > >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>> > >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
>> > >>>> Is there any way of granting a specific assembly Reflection
>> permission
>> > >>>> when
>> > >>>> the web server is set to Medium level trust? The assembly is
> signed
>> > >>>> and
>> > >>>> may
>> > >>>> be placed in the GAC if necessary
>> > >>>>
>> > >>>> Paul
>> > >>>>
>> > >>>>
>> > >>>
>> > >>>
>> > >>>
>> > >>
>> > >>
>> > >
>> > >
>> >
>> >
>>
>>
>>
>

26 Feb 2005 8:47 AM

Paul Hatcher

Shawn

This is an open-source project (NHibernate) so I want to have reasonably
nice error messages, saying that it doesn't have Reflection permission early
on, rather than waiting until the functionality is invoked.

BTW Why does asserting that I can carry out an operation a higher level
security clearance?

Paul

""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
Show quoteHide quote

TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
Show quoteHide quote

> 2.phx.gbl
> > Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9248
> > X-Tomcat-NG: microsoft.public.dotnet.security
> >
> > Is this correct...
> >
> > 1. Assert the Reflection permission declaratively in the code.
> > a.. Place the assembly in the GAC
> > or
> > b. Modify the web_mediumtrust.config to grant Assertion and Reflect
> > permission based on the strong name
> >
> > Paul
> >
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
wrote
> > in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
> > > That's pretty much what I thought. I wasn't sure if the code he was
> > calling
> > > that demanded the Reflection permission did a full demand or not, so I
> > > thought he should probably know about Assert as well, just in case.
> > >
> > > Thanks!
> > >
> > > Joe K.
> > >
> > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> message
> > > news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
> > > > Depends on whether the code that's being called makes a link demand
or
> > > > full demand. If it's a full demand, then an assertion will be
> required,
> > > > but assertion permission can be acquired by the same means as
> reflection
> > > > permission.
> > > >
> > > >
> > > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
> > wrote
> > > > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
> > > >> Won't he need to assert the permissions he's using to if he wants
to
> > > >> prevent a stack walk? That would apply in either situation (GAC or
> > > >> non-GAC) if his assembly had permissions that the rest of the
> > application
> > > >> did not by default, right?
> > > >>
> > > >> Joe K.
> > > >>
> > > >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> > message
> > > >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
> > > >>> Have you tried adding it to the GAC? Did it work? If so, would
you
> > > >>> stiff
> > > >>> prefer an alternate approach? For example, you might try to alter
> the
> > > >>> web_mediumtrust.config to grant additional permissions to your
> > assembly
> > > >>> based on its
> > > >>> strong name.
> > > >>>
> > > >>>
> > > >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
> > > >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
> > > >>>> Is there any way of granting a specific assembly Reflection
> > permission
> > > >>>> when
> > > >>>> the web server is set to Medium level trust? The assembly is
> signed
> > > >>>> and
> > > >>>> may
> > > >>>> be placed in the GAC if necessary
> > > >>>>
> > > >>>> Paul
> > > >>>>
> > > >>>>
> > > >>>
> > > >>>
> > > >>>
> > > >>
> > > >>
> > > >
> > > >
> > >
> > >
> >
> >
> >
>

26 Feb 2005 2:29 PM

Nicole Calinoiu

"Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
news:u9tkK$9GFHA.2736@TK2MSFTNGP09.phx.gbl...
> Shawn
>
> This is an open-source project (NHibernate) so I want to have reasonably
> nice error messages, saying that it doesn't have Reflection permission
> early
> on, rather than waiting until the functionality is invoked.

Are you working on NHibernate, or just using it in your application? This
makes a pretty big difference with respect to choosing between the various
approaches...

> BTW Why does asserting that I can carry out an operation a higher level
> security clearance?

Assertion is risky operation, so it requires a permission of its own. In
order to assert any given permission, your code must meet the following
minimum criteria (besides, of course, being able to run in the first place
<g>):

1. It must be granted the permission it is attempting to assert.
2. It must be granted the SecurityPermission\Assertion permission.

You'll find a four-post series on assertion on Shawn's blog, starting at
http://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx. It would
probably be a good idea to read the entire series before risking using
assertion in your code.

Show quoteHide quote

>
> Paul
>
> ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
> news:F1BGzV6GFHA.2164@TK2MSFTNGXA02.phx.gbl...
>> Hi Paul,
>>
>> Looks correct to me :-) Although you won't need Assertion permission if
>> you go route b, since, if I understand your scenario correctly, you no
>> longer will need to Assert any permissions.
>>
>> -Shawn
>> http://blogs.msdn.com/shawnfa
>> --
>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>>
>>
>> Note:
>> For the benefit of the community-at-large, all responses to this message
>> are best directed to the newsgroup/thread from which they originated.
>> --------------------
>> > From: "Paul Hatcher" <phatcher@spamless.cix.co.uk>
>> > References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>
>> <u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
>> <#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
>> <#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
>> <#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
>> > Subject: Re: Medium Level Trust and Reflection
>> > Date: Sat, 26 Feb 2005 00:54:08 -0000
>> > Lines: 77
>> > X-Priority: 3
>> > X-MSMail-Priority: Normal
>> > X-Newsreader: Microsoft Outlook Express 6.00.3790.224
>> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224
>> > Message-ID: <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
>> > Newsgroups: microsoft.public.dotnet.security
>> > NNTP-Posting-Host: lan2.phatch.adsl.alcom.co.uk 212.47.82.102
>> > Path:
>>
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
>> 2.phx.gbl
>> > Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9248
>> > X-Tomcat-NG: microsoft.public.dotnet.security
>> >
>> > Is this correct...
>> >
>> > 1. Assert the Reflection permission declaratively in the code.
>> > a.. Place the assembly in the GAC
>> > or
>> > b. Modify the web_mediumtrust.config to grant Assertion and Reflect
>> > permission based on the strong name
>> >
>> > Paul
>> >
>> >
>> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
> wrote
>> > in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
>> > > That's pretty much what I thought. I wasn't sure if the code he was
>> > calling
>> > > that demanded the Reflection permission did a full demand or not, so
>> > > I
>> > > thought he should probably know about Assert as well, just in case.
>> > >
>> > > Thanks!
>> > >
>> > > Joe K.
>> > >
>> > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>> message
>> > > news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
>> > > > Depends on whether the code that's being called makes a link demand
> or
>> > > > full demand. If it's a full demand, then an assertion will be
>> required,
>> > > > but assertion permission can be acquired by the same means as
>> reflection
>> > > > permission.
>> > > >
>> > > >
>> > > > "Joe Kaplan (MVP - ADSI)"
>> > > > <joseph.e.kap***@removethis.accenture.com>
>> > wrote
>> > > > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
>> > > >> Won't he need to assert the permissions he's using to if he wants
> to
>> > > >> prevent a stack walk? That would apply in either situation (GAC
>> > > >> or
>> > > >> non-GAC) if his assembly had permissions that the rest of the
>> > application
>> > > >> did not by default, right?
>> > > >>
>> > > >> Joe K.
>> > > >>
>> > > >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>> > message
>> > > >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
>> > > >>> Have you tried adding it to the GAC? Did it work? If so, would
> you
>> > > >>> stiff
>> > > >>> prefer an alternate approach? For example, you might try to
>> > > >>> alter
>> the
>> > > >>> web_mediumtrust.config to grant additional permissions to your
>> > assembly
>> > > >>> based on its
>> > > >>> strong name.
>> > > >>>
>> > > >>>
>> > > >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>> > > >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
>> > > >>>> Is there any way of granting a specific assembly Reflection
>> > permission
>> > > >>>> when
>> > > >>>> the web server is set to Medium level trust? The assembly is
>> signed
>> > > >>>> and
>> > > >>>> may
>> > > >>>> be placed in the GAC if necessary
>> > > >>>>
>> > > >>>> Paul
>> > > >>>>
>> > > >>>>
>> > > >>>
>> > > >>>
>> > > >>>
>> > > >>
>> > > >>
>> > > >
>> > > >
>> > >
>> > >
>> >
>> >
>> >
>>
>
>

28 Feb 2005 9:51 AM

Paul Hatcher

I am actually working on NHibernate - user had a problem with a medium trust
ASP.NET server and I would like to solve this properly since it's likely to
come up again and again.

BTW Does any late-bound access require Reflection privileges, i.e. can I
programmitically assign a value to a public property of a type that's only
known at runtime without Reflection privelege?

Paul

Show quoteHide quote

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:ecQ21ABHFHA.472@TK2MSFTNGP12.phx.gbl...
> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
> news:u9tkK$9GFHA.2736@TK2MSFTNGP09.phx.gbl...
> > Shawn
> >
> > This is an open-source project (NHibernate) so I want to have reasonably
> > nice error messages, saying that it doesn't have Reflection permission
> > early
> > on, rather than waiting until the functionality is invoked.
>
> Are you working on NHibernate, or just using it in your application? This
> makes a pretty big difference with respect to choosing between the various
> approaches...
>
>
> > BTW Why does asserting that I can carry out an operation a higher level
> > security clearance?
>
> Assertion is risky operation, so it requires a permission of its own. In
> order to assert any given permission, your code must meet the following
> minimum criteria (besides, of course, being able to run in the first place
> <g>):
>
> 1. It must be granted the permission it is attempting to assert.
> 2. It must be granted the SecurityPermission\Assertion permission.
>
> You'll find a four-post series on assertion on Shawn's blog, starting at
> http://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx. It would
> probably be a good idea to read the entire series before risking using
> assertion in your code.
>
>
>
> >
> > Paul
> >
> > ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
> > news:F1BGzV6GFHA.2164@TK2MSFTNGXA02.phx.gbl...
> >> Hi Paul,
> >>
> >> Looks correct to me :-) Although you won't need Assertion permission
if
> >> you go route b, since, if I understand your scenario correctly, you no
> >> longer will need to Assert any permissions.
> >>
> >> -Shawn
> >> http://blogs.msdn.com/shawnfa
> >> --
> >> This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> >>
> >>
> >> Note:
> >> For the benefit of the community-at-large, all responses to this
message
> >> are best directed to the newsgroup/thread from which they originated.
> >> --------------------
> >> > From: "Paul Hatcher" <phatcher@spamless.cix.co.uk>
> >> > References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>
> >> <u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
> >> <#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
> >> <#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
> >> <#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
> >> > Subject: Re: Medium Level Trust and Reflection
> >> > Date: Sat, 26 Feb 2005 00:54:08 -0000
> >> > Lines: 77
> >> > X-Priority: 3
> >> > X-MSMail-Priority: Normal
> >> > X-Newsreader: Microsoft Outlook Express 6.00.3790.224
> >> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224
> >> > Message-ID: <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
> >> > Newsgroups: microsoft.public.dotnet.security
> >> > NNTP-Posting-Host: lan2.phatch.adsl.alcom.co.uk 212.47.82.102
> >> > Path:
> >>
> >

TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
Show quoteHide quote

> >> 2.phx.gbl
> >> > Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9248
> >> > X-Tomcat-NG: microsoft.public.dotnet.security
> >> >
> >> > Is this correct...
> >> >
> >> > 1. Assert the Reflection permission declaratively in the code.
> >> > a.. Place the assembly in the GAC
> >> > or
> >> > b. Modify the web_mediumtrust.config to grant Assertion and Reflect
> >> > permission based on the strong name
> >> >
> >> > Paul
> >> >
> >> >
> >> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
> > wrote
> >> > in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
> >> > > That's pretty much what I thought. I wasn't sure if the code he
was
> >> > calling
> >> > > that demanded the Reflection permission did a full demand or not,
so
> >> > > I
> >> > > thought he should probably know about Assert as well, just in case.
> >> > >
> >> > > Thanks!
> >> > >
> >> > > Joe K.
> >> > >
> >> > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> >> message
> >> > > news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
> >> > > > Depends on whether the code that's being called makes a link
demand
> > or
> >> > > > full demand. If it's a full demand, then an assertion will be
> >> required,
> >> > > > but assertion permission can be acquired by the same means as
> >> reflection
> >> > > > permission.
> >> > > >
> >> > > >
> >> > > > "Joe Kaplan (MVP - ADSI)"
> >> > > > <joseph.e.kap***@removethis.accenture.com>
> >> > wrote
> >> > > > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
> >> > > >> Won't he need to assert the permissions he's using to if he
wants
> > to
> >> > > >> prevent a stack walk? That would apply in either situation (GAC
> >> > > >> or
> >> > > >> non-GAC) if his assembly had permissions that the rest of the
> >> > application
> >> > > >> did not by default, right?
> >> > > >>
> >> > > >> Joe K.
> >> > > >>
> >> > > >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote
in
> >> > message
> >> > > >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
> >> > > >>> Have you tried adding it to the GAC? Did it work? If so,
would
> > you
> >> > > >>> stiff
> >> > > >>> prefer an alternate approach? For example, you might try to
> >> > > >>> alter
> >> the
> >> > > >>> web_mediumtrust.config to grant additional permissions to your
> >> > assembly
> >> > > >>> based on its
> >> > > >>> strong name.
> >> > > >>>
> >> > > >>>
> >> > > >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
> >> > > >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
> >> > > >>>> Is there any way of granting a specific assembly Reflection
> >> > permission
> >> > > >>>> when
> >> > > >>>> the web server is set to Medium level trust? The assembly is
> >> signed
> >> > > >>>> and
> >> > > >>>> may
> >> > > >>>> be placed in the GAC if necessary
> >> > > >>>>
> >> > > >>>> Paul
> >> > > >>>>
> >> > > >>>>
> >> > > >>>
> >> > > >>>
> >> > > >>>
> >> > > >>
> >> > > >>
> >> > > >
> >> > > >
> >> > >
> >> > >
> >> >
> >> >
> >> >
> >>
> >
> >
>
>

28 Feb 2005 2:58 PM

Joe Kaplan (MVP - ADSI)

According to the documentation in System.Reflection, you need to Reflection
permission to Invoke any member of a type or to reflect over private members
of a type. If you just want to discover the public members at runtime, you
should not need any additional permissions.

So, it sounds like you will need reflection permission to do what you want
to do. It also appears that the demand is a full demand (it doesn't say it
is a LinkDemand, so that's what I'm assuming), so you'll probably need to
assert the Reflection permission before you do the reflection. That also
means you'll need permission to Assert.

The trick will then be how to get these additional permissions. Deploying
to GAC would be one way to go, but it does complicate your installation a
bit.

BTW, I'm really excited about NHibernate and wish you guys great success in
what you are doing. Let us know if you need any more help.

Joe K.

Show quoteHide quote

"Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
news:e%23EMOsXHFHA.3352@TK2MSFTNGP10.phx.gbl...
>I am actually working on NHibernate - user had a problem with a medium
>trust
> ASP.NET server and I would like to solve this properly since it's likely
> to
> come up again and again.
>
> BTW Does any late-bound access require Reflection privileges, i.e. can I
> programmitically assign a value to a public property of a type that's only
> known at runtime without Reflection privelege?
>
> Paul
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:ecQ21ABHFHA.472@TK2MSFTNGP12.phx.gbl...
>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>> news:u9tkK$9GFHA.2736@TK2MSFTNGP09.phx.gbl...
>> > Shawn
>> >
>> > This is an open-source project (NHibernate) so I want to have
>> > reasonably
>> > nice error messages, saying that it doesn't have Reflection permission
>> > early
>> > on, rather than waiting until the functionality is invoked.
>>
>> Are you working on NHibernate, or just using it in your application?
>> This
>> makes a pretty big difference with respect to choosing between the
>> various
>> approaches...
>>
>>
>> > BTW Why does asserting that I can carry out an operation a higher level
>> > security clearance?
>>
>> Assertion is risky operation, so it requires a permission of its own. In
>> order to assert any given permission, your code must meet the following
>> minimum criteria (besides, of course, being able to run in the first
>> place
>> <g>):
>>
>> 1. It must be granted the permission it is attempting to assert.
>> 2. It must be granted the SecurityPermission\Assertion permission.
>>
>> You'll find a four-post series on assertion on Shawn's blog, starting at
>> http://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx. It would
>> probably be a good idea to read the entire series before risking using
>> assertion in your code.
>>
>>
>>
>> >
>> > Paul
>> >
>> > ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
>> > news:F1BGzV6GFHA.2164@TK2MSFTNGXA02.phx.gbl...
>> >> Hi Paul,
>> >>
>> >> Looks correct to me :-) Although you won't need Assertion permission
> if
>> >> you go route b, since, if I understand your scenario correctly, you
>> >> no
>> >> longer will need to Assert any permissions.
>> >>
>> >> -Shawn
>> >> http://blogs.msdn.com/shawnfa
>> >> --
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> > rights.
>> >>
>> >>
>> >> Note:
>> >> For the benefit of the community-at-large, all responses to this
> message
>> >> are best directed to the newsgroup/thread from which they originated.
>> >> --------------------
>> >> > From: "Paul Hatcher" <phatcher@spamless.cix.co.uk>
>> >> > References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>
>> >> <u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
>> >> <#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
>> >> <#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
>> >> <#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
>> >> > Subject: Re: Medium Level Trust and Reflection
>> >> > Date: Sat, 26 Feb 2005 00:54:08 -0000
>> >> > Lines: 77
>> >> > X-Priority: 3
>> >> > X-MSMail-Priority: Normal
>> >> > X-Newsreader: Microsoft Outlook Express 6.00.3790.224
>> >> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224
>> >> > Message-ID: <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
>> >> > Newsgroups: microsoft.public.dotnet.security
>> >> > NNTP-Posting-Host: lan2.phatch.adsl.alcom.co.uk 212.47.82.102
>> >> > Path:
>> >>
>> >
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
>> >> 2.phx.gbl
>> >> > Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9248
>> >> > X-Tomcat-NG: microsoft.public.dotnet.security
>> >> >
>> >> > Is this correct...
>> >> >
>> >> > 1. Assert the Reflection permission declaratively in the code.
>> >> > a.. Place the assembly in the GAC
>> >> > or
>> >> > b. Modify the web_mediumtrust.config to grant Assertion and Reflect
>> >> > permission based on the strong name
>> >> >
>> >> > Paul
>> >> >
>> >> >
>> >> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
>> > wrote
>> >> > in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
>> >> > > That's pretty much what I thought. I wasn't sure if the code he
> was
>> >> > calling
>> >> > > that demanded the Reflection permission did a full demand or not,
> so
>> >> > > I
>> >> > > thought he should probably know about Assert as well, just in
>> >> > > case.
>> >> > >
>> >> > > Thanks!
>> >> > >
>> >> > > Joe K.
>> >> > >
>> >> > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>> >> message
>> >> > > news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
>> >> > > > Depends on whether the code that's being called makes a link
> demand
>> > or
>> >> > > > full demand. If it's a full demand, then an assertion will be
>> >> required,
>> >> > > > but assertion permission can be acquired by the same means as
>> >> reflection
>> >> > > > permission.
>> >> > > >
>> >> > > >
>> >> > > > "Joe Kaplan (MVP - ADSI)"
>> >> > > > <joseph.e.kap***@removethis.accenture.com>
>> >> > wrote
>> >> > > > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
>> >> > > >> Won't he need to assert the permissions he's using to if he
> wants
>> > to
>> >> > > >> prevent a stack walk? That would apply in either situation
>> >> > > >> (GAC
>> >> > > >> or
>> >> > > >> non-GAC) if his assembly had permissions that the rest of the
>> >> > application
>> >> > > >> did not by default, right?
>> >> > > >>
>> >> > > >> Joe K.
>> >> > > >>
>> >> > > >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote
> in
>> >> > message
>> >> > > >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
>> >> > > >>> Have you tried adding it to the GAC? Did it work? If so,
> would
>> > you
>> >> > > >>> stiff
>> >> > > >>> prefer an alternate approach? For example, you might try to
>> >> > > >>> alter
>> >> the
>> >> > > >>> web_mediumtrust.config to grant additional permissions to your
>> >> > assembly
>> >> > > >>> based on its
>> >> > > >>> strong name.
>> >> > > >>>
>> >> > > >>>
>> >> > > >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>> >> > > >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
>> >> > > >>>> Is there any way of granting a specific assembly Reflection
>> >> > permission
>> >> > > >>>> when
>> >> > > >>>> the web server is set to Medium level trust? The assembly is
>> >> signed
>> >> > > >>>> and
>> >> > > >>>> may
>> >> > > >>>> be placed in the GAC if necessary
>> >> > > >>>>
>> >> > > >>>> Paul
>> >> > > >>>>
>> >> > > >>>>
>> >> > > >>>
>> >> > > >>>
>> >> > > >>>
>> >> > > >>
>> >> > > >>
>> >> > > >
>> >> > > >
>> >> > >
>> >> > >
>> >> >
>> >> >
>> >> >
>> >>
>> >
>> >
>>
>>
>
>

1 Mar 2005 1:12 PM

Nicole Calinoiu

The simplest technical solution would probably be to put your assembly in
the GAC. Unfortunately, making an assembly that accepts calls from
partially trusted code accessible via the GAC has some pretty big potential
security consequences. Unless the entire team is willing to deal with those
consequences in both the near and long term, it's not necessarily a great
choice since it'll expose your users to greater risk than necessary.

Whatever approach you choose will probably also need to pass acceptance by
the administrators of servers run at medium (and likely low) trust levels.
These are very likely folks who are going to quite suspicious of any
requests for elevated permissions. Given this, your best bet is probably to
request the absolute minimum permission set your assembly will need, then
provide instructions that the admin could use to grant those permissions
himself by modifying the relevant config file (e.g.: copy XML defining new
code group to appropriate section of config file). Creation of a tool to
perform the actual permission grant may actually be a bad idea in this case
since administrators of shared hosting web servers are likely to be as
suspicious of the tool as they are of the code that the tool is meant to
enable.

> BTW Does any late-bound access require Reflection privileges, i.e. can I
> programmitically assign a value to a public property of a type that's only
> known at runtime without Reflection privelege?

Reflection permissions are only required to perform actions that would not
be possible when working within the normal bounds of the strongly typed
system. To work with public members (incl. properties) of public types, no
additional reflection permissions should be required. If you are
encountering security exceptions when attempting to do so, the problem might
be that your binding flags aren't specific enough to eliminate members of
more limited visibility.

Show quoteHide quote

>
> Paul
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:ecQ21ABHFHA.472@TK2MSFTNGP12.phx.gbl...
>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>> news:u9tkK$9GFHA.2736@TK2MSFTNGP09.phx.gbl...
>> > Shawn
>> >
>> > This is an open-source project (NHibernate) so I want to have
>> > reasonably
>> > nice error messages, saying that it doesn't have Reflection permission
>> > early
>> > on, rather than waiting until the functionality is invoked.
>>
>> Are you working on NHibernate, or just using it in your application?
>> This
>> makes a pretty big difference with respect to choosing between the
>> various
>> approaches...
>>
>>
>> > BTW Why does asserting that I can carry out an operation a higher level
>> > security clearance?
>>
>> Assertion is risky operation, so it requires a permission of its own. In
>> order to assert any given permission, your code must meet the following
>> minimum criteria (besides, of course, being able to run in the first
>> place
>> <g>):
>>
>> 1. It must be granted the permission it is attempting to assert.
>> 2. It must be granted the SecurityPermission\Assertion permission.
>>
>> You'll find a four-post series on assertion on Shawn's blog, starting at
>> http://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx. It would
>> probably be a good idea to read the entire series before risking using
>> assertion in your code.
>>
>>
>>
>> >
>> > Paul
>> >
>> > ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
>> > news:F1BGzV6GFHA.2164@TK2MSFTNGXA02.phx.gbl...
>> >> Hi Paul,
>> >>
>> >> Looks correct to me :-) Although you won't need Assertion permission
> if
>> >> you go route b, since, if I understand your scenario correctly, you
>> >> no
>> >> longer will need to Assert any permissions.
>> >>
>> >> -Shawn
>> >> http://blogs.msdn.com/shawnfa
>> >> --
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> > rights.
>> >>
>> >>
>> >> Note:
>> >> For the benefit of the community-at-large, all responses to this
> message
>> >> are best directed to the newsgroup/thread from which they originated.
>> >> --------------------
>> >> > From: "Paul Hatcher" <phatcher@spamless.cix.co.uk>
>> >> > References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>
>> >> <u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
>> >> <#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
>> >> <#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
>> >> <#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
>> >> > Subject: Re: Medium Level Trust and Reflection
>> >> > Date: Sat, 26 Feb 2005 00:54:08 -0000
>> >> > Lines: 77
>> >> > X-Priority: 3
>> >> > X-MSMail-Priority: Normal
>> >> > X-Newsreader: Microsoft Outlook Express 6.00.3790.224
>> >> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224
>> >> > Message-ID: <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
>> >> > Newsgroups: microsoft.public.dotnet.security
>> >> > NNTP-Posting-Host: lan2.phatch.adsl.alcom.co.uk 212.47.82.102
>> >> > Path:
>> >>
>> >
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
>> >> 2.phx.gbl
>> >> > Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9248
>> >> > X-Tomcat-NG: microsoft.public.dotnet.security
>> >> >
>> >> > Is this correct...
>> >> >
>> >> > 1. Assert the Reflection permission declaratively in the code.
>> >> > a.. Place the assembly in the GAC
>> >> > or
>> >> > b. Modify the web_mediumtrust.config to grant Assertion and Reflect
>> >> > permission based on the strong name
>> >> >
>> >> > Paul
>> >> >
>> >> >
>> >> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com>
>> > wrote
>> >> > in message news:#VfQqN5GFHA.3272@TK2MSFTNGP10.phx.gbl...
>> >> > > That's pretty much what I thought. I wasn't sure if the code he
> was
>> >> > calling
>> >> > > that demanded the Reflection permission did a full demand or not,
> so
>> >> > > I
>> >> > > thought he should probably know about Assert as well, just in
>> >> > > case.
>> >> > >
>> >> > > Thanks!
>> >> > >
>> >> > > Joe K.
>> >> > >
>> >> > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>> >> message
>> >> > > news:%23zmyks4GFHA.576@TK2MSFTNGP15.phx.gbl...
>> >> > > > Depends on whether the code that's being called makes a link
> demand
>> > or
>> >> > > > full demand. If it's a full demand, then an assertion will be
>> >> required,
>> >> > > > but assertion permission can be acquired by the same means as
>> >> reflection
>> >> > > > permission.
>> >> > > >
>> >> > > >
>> >> > > > "Joe Kaplan (MVP - ADSI)"
>> >> > > > <joseph.e.kap***@removethis.accenture.com>
>> >> > wrote
>> >> > > > in message news:%231XfeZ4GFHA.3088@tk2msftngp13.phx.gbl...
>> >> > > >> Won't he need to assert the permissions he's using to if he
> wants
>> > to
>> >> > > >> prevent a stack walk? That would apply in either situation
>> >> > > >> (GAC
>> >> > > >> or
>> >> > > >> non-GAC) if his assembly had permissions that the rest of the
>> >> > application
>> >> > > >> did not by default, right?
>> >> > > >>
>> >> > > >> Joe K.
>> >> > > >>
>> >> > > >> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote
> in
>> >> > message
>> >> > > >> news:u3y8$I4GFHA.3352@TK2MSFTNGP10.phx.gbl...
>> >> > > >>> Have you tried adding it to the GAC? Did it work? If so,
> would
>> > you
>> >> > > >>> stiff
>> >> > > >>> prefer an alternate approach? For example, you might try to
>> >> > > >>> alter
>> >> the
>> >> > > >>> web_mediumtrust.config to grant additional permissions to your
>> >> > assembly
>> >> > > >>> based on its
>> >> > > >>> strong name.
>> >> > > >>>
>> >> > > >>>
>> >> > > >>> "Paul Hatcher" <phatcher@spamless.cix.co.uk> wrote in message
>> >> > > >>> news:Oy8Y4M1GFHA.2744@tk2msftngp13.phx.gbl...
>> >> > > >>>> Is there any way of granting a specific assembly Reflection
>> >> > permission
>> >> > > >>>> when
>> >> > > >>>> the web server is set to Medium level trust? The assembly is
>> >> signed
>> >> > > >>>> and
>> >> > > >>>> may
>> >> > > >>>> be placed in the GAC if necessary
>> >> > > >>>>
>> >> > > >>>> Paul
>> >> > > >>>>
>> >> > > >>>>
>> >> > > >>>
>> >> > > >>>
>> >> > > >>>
>> >> > > >>
>> >> > > >>
>> >> > > >
>> >> > > >
>> >> > >
>> >> > >
>> >> >
>> >> >
>> >> >
>> >>
>> >
>> >
>>
>>
>
>

1 Mar 2005 3:44 PM

Joe Kaplan (MVP - ADSI)

Hi Nicole,

Are you sure about this last part? My SDK documentation says that you do
need reflection permission to do late-bound invocation, even on public
members. I am too lazy to test this myself though. That's where I got my
last statement from.

From MSDN:
..NET Framework Security:

a.. ReflectionPermission when invoked late-bound through mechanisms such
as Type.InvokeMember. Associated enumeration:
ReflectionPermissionFlag.MemberAccess.
b.. ReflectionPermission for reflecting non-public objects. Associated
enumeration: ReflectionPermissionFlag.MemberAccess
Just a little confused....

Thanks!

Joe K.

Show quoteHide quote

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message >
> Reflection permissions are only required to perform actions that would not
> be possible when working within the normal bounds of the strongly typed
> system. To work with public members (incl. properties) of public types,
> no additional reflection permissions should be required. If you are
> encountering security exceptions when attempting to do so, the problem
> might be that your binding flags aren't specific enough to eliminate
> members of more limited visibility.
>
>
>

1 Mar 2005 5:02 PM

Nicole Calinoiu

I did test it, so I'm reasonably sure that it works that way on the exact
version of the .NET Framework that I happened to test it on. <g>

Testing aside, it looks like you may have found a bit of a documentation
error. The best source for information on the flavours of
ReflectionPermission is probably the documentation on the
ReflectionPermissionFlag enum. According to that source,
ReflectionPermission\TypeInformation and ReflectionPermission\MemberAccess
are meant to allow use of non-public types and members, respectively. Of
course, any code that demands reflection permission may have its own set of
bugs with respect to the permission set that is actually demanded, so these
may not end up getting used as intended...

Show quoteHide quote

"Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote
in message news:ucdiXWnHFHA.2852@TK2MSFTNGP12.phx.gbl...
> Hi Nicole,
>
> Are you sure about this last part? My SDK documentation says that you do
> need reflection permission to do late-bound invocation, even on public
> members. I am too lazy to test this myself though. That's where I got my
> last statement from.
>
> From MSDN:
> .NET Framework Security:
>
> a.. ReflectionPermission when invoked late-bound through mechanisms such
> as Type.InvokeMember. Associated enumeration:
> ReflectionPermissionFlag.MemberAccess.
> b.. ReflectionPermission for reflecting non-public objects. Associated
> enumeration: ReflectionPermissionFlag.MemberAccess
> Just a little confused....
>
> Thanks!
>
> Joe K.
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> >
>> Reflection permissions are only required to perform actions that would
>> not be possible when working within the normal bounds of the strongly
>> typed system. To work with public members (incl. properties) of public
>> types, no additional reflection permissions should be required. If you
>> are encountering security exceptions when attempting to do so, the
>> problem might be that your binding flags aren't specific enough to
>> eliminate members of more limited visibility.
>>
>>
>>
>
>

1 Mar 2005 6:59 PM

Joe Kaplan (MVP - ADSI)

I trust your analysis is correct since you actually bothered to test this.
<g>

Perhaps Shawn can fill us in on the apparent "incongruity" of the
documentation.

Shawn?

Joe K.

Show quoteHide quote

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uuxVHCoHFHA.3484@TK2MSFTNGP12.phx.gbl...
>I did test it, so I'm reasonably sure that it works that way on the exact
>version of the .NET Framework that I happened to test it on. <g>
>
> Testing aside, it looks like you may have found a bit of a documentation
> error. The best source for information on the flavours of
> ReflectionPermission is probably the documentation on the
> ReflectionPermissionFlag enum. According to that source,
> ReflectionPermission\TypeInformation and ReflectionPermission\MemberAccess
> are meant to allow use of non-public types and members, respectively. Of
> course, any code that demands reflection permission may have its own set
> of bugs with respect to the permission set that is actually demanded, so
> these may not end up getting used as intended...
>
>
>

2 Mar 2005 12:43 AM

Shawn Farkas [MS]

You should need ReflectionPermission in order to Invoke a MethodInfo that
you have, regardless of the visibility of the method. A quick test I
slapped together shows this to be true on both v1.1 and the latest v2.0
builds. I'm curious as to Nicole's test ... Nicole can you let us know in
more detail what you were doing?

-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.

Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------

> Reply-To: "Joe Kaplan $MVP - ADSI$"

<joseph.e.kap***@removethis.accenture.com>

> From: "Joe Kaplan $MVP - ADSI$"

<joseph.e.kap***@removethis.accenture.com>

> References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>

> Subject: Re: Medium Level Trust and Reflection
> Date: Tue, 1 Mar 2005 12:59:58 -0600
> Lines: 29
> Organization: Accenture
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> X-RFC2646: Format=Flowed; Response
> Message-ID: <uro1ZDpHFHA.1***@TK2MSFTNGP14.phx.gbl>
> Newsgroups: microsoft.public.dotnet.security
> NNTP-Posting-Host: nbrds1495.accenture.com 170.252.248.205
> Path:

TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
4.phx.gbl
Show quoteHide quote

> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9290
> X-Tomcat-NG: microsoft.public.dotnet.security
>
> I trust your analysis is correct since you actually bothered to test
this.
> <g>
>
> Perhaps Shawn can fill us in on the apparent "incongruity" of the
> documentation.
>
> Shawn?
>
> Joe K.
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:uuxVHCoHFHA.3484@TK2MSFTNGP12.phx.gbl...
> >I did test it, so I'm reasonably sure that it works that way on the
exact
> >version of the .NET Framework that I happened to test it on. <g>
> >
> > Testing aside, it looks like you may have found a bit of a
documentation
> > error. The best source for information on the flavours of
> > ReflectionPermission is probably the documentation on the
> > ReflectionPermissionFlag enum. According to that source,
> > ReflectionPermission\TypeInformation and
ReflectionPermission\MemberAccess
> > are meant to allow use of non-public types and members, respectively.
Of
> > course, any code that demands reflection permission may have its own
set
> > of bugs with respect to the permission set that is actually demanded,
so
> > these may not end up getting used as intended...
> >
> >
> >
>
>
>

2 Mar 2005 1:37 PM

Nicole Calinoiu

""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message

news:bwQWoDsHFHA.400@TK2MSFTNGXA02.phx.gbl...
> You should need ReflectionPermission in order to Invoke a MethodInfo that
> you have, regardless of the visibility of the method.

Why? Maybe I'm just not in a sufficiently evil frame of mind, but I can't
see why invoking a public member of a public type via reflection should
cause any additional security risk beyond that already incurred in a direct
call. There could be some additional risk incurred due to the reflection
code on the call stack, but I suspect that's been addressed by some
behind-the-scenes mechanism.

Also, if there's a reflection permission being demanded for invocation of a
public member of a public type, how is it being formulated?
ReflectionPermission\NoFlags corresponds to no reflection permission at all,
and any other flavour would appear to be specific to emittance or use of
non-public types and members.

Maybe I'm reading the docs wrong, but they do seem pretty unambigous to me.
The documentation for the ReflectionPermission class contains the following
statement: "Without ReflectionPermission, code can only access the public
members of loaded assemblies." The remarks section of the documentation for
the ReflectionPermissionFlag enum has a similar statement: "If no
ReflectionPermission is granted, reflection is allowed only on visible
members." Both of these would seem to indicate that publicly visible
members should be callable without any reflection permissions.

> A quick test I
> slapped together shows this to be true on both v1.1 and the latest v2.0
> builds. I'm curious as to Nicole's test ... Nicole can you let us know in
> more detail what you were doing?

I'm equally curious about your tests since I'm having no trouble at all
calling public members without reflection permission...

My initial test used Type.InvokeMember. I've now tried using
MethodInfo.Invoke, and the result is the same. In both cases, if both the
type and the method have public visibility, reflection permission is not
required to successfully invoke the method. I see the same result in both
fully patched 1.1 and the December CTP of 2.0. If you want to repro the
tests, sample code is included below. (BTW, I also tried limiting the
console app's permissions via policy just in case there was some odd bug wrt
the optional request, but the result was the same.)

//--------------- Code for Library.dll ----------------
using System;

namespace Library
{
      public class Foo
      {
            public Foo()
            {
            }

            public string Bar()
            {
                  return "This is the result of Foo.Bar().";
            }
      }
}

//--------------- Code for ConsoleApp.exe ----------------
// N.B.: You'll need to adjust the value of the LibraryPath constant to
point to the actual path for Library.dll.
//            For .NET Framework 2.0, you'll probably also need to add
UIPermission to run the console.
using System;
using System.Reflection;
using System.Security;
using System.Security.Permissions;

[assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted =
false)]
[assembly: FileIOPermission(SecurityAction.RequestMinimum,
      PathDiscovery = ConsoleApp.Start.LibraryPath,
      Read = ConsoleApp.Start.LibraryPath)]

namespace ConsoleApp
{
      internal class Start
      {
            internal const string LibraryPath = @"<full path to
Library.dll>";

            private static void Main(string[] args)
            {
                  Assembly library = Assembly.LoadFrom(LibraryPath);
                  object instance = library.CreateInstance("Library.Foo",
false);
                  Type instanceType = instance.GetType();

                  object label = InvokeOnType(instanceType, instance);
                  Console.WriteLine((string)label);

                  label = InvokeMethodInfo(instanceType, instance);
                  Console.WriteLine((string)label);

                  Console.ReadLine();
            }

            private static object InvokeOnType(Type type, object instance)
            {
                  return type.InvokeMember("Bar",
                        BindingFlags.Public | BindingFlags.InvokeMethod |
BindingFlags.Instance,
                        null, instance, null);
            }

            private static object InvokeMethodInfo(Type type, object
instance)
            {
                  MethodInfo method = type.GetMethod("Bar",
BindingFlags.Public | BindingFlags.Instance);
                  return method.Invoke(instance, null);
            }
      }
}

2 Mar 2005 10:10 PM

Shawn Farkas [MS]

Well, after digging around in the reflection internals I've turned up
fodder for a blog entry :-)

Turns out that in general, you don't need reflection permission to invoke a
public method, which makes sense, since as Nicole pointed out, you're not
really mitigating any risk by demanding something. However, reflection
does treat some classes as special, and will demand permission even for
access to their public member functions. My simple test happened to hit
one of those classes, so I was seeing the demand enforced.

-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.

Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------

> From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
> References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>

<u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
<#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
<#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
<#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
<#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
<F1BGzV6GFHA.2***@TK2MSFTNGXA02.phx.gbl>
<u9tkK$9GFHA.2***@TK2MSFTNGP09.phx.gbl>
<ecQ21ABHFHA.***@TK2MSFTNGP12.phx.gbl>
<e#EMOsXHFHA.3***@TK2MSFTNGP10.phx.gbl>
<O6HowBmHFHA.4***@TK2MSFTNGP14.phx.gbl>
<ucdiXWnHFHA.2***@TK2MSFTNGP12.phx.gbl>
<uuxVHCoHFHA.3***@TK2MSFTNGP12.phx.gbl>
<uro1ZDpHFHA.1***@TK2MSFTNGP14.phx.gbl>
<bwQWoDsHFHA.***@TK2MSFTNGXA02.phx.gbl>

> Subject: Re: Medium Level Trust and Reflection
> Date: Wed, 2 Mar 2005 08:37:02 -0500
> Lines: 124
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> X-RFC2646: Format=Flowed; Original
> Message-ID: <#bRQJ0yHFHA.***@TK2MSFTNGP14.phx.gbl>
> Newsgroups: microsoft.public.dotnet.security
> NNTP-Posting-Host: modemcable209.143-202-24.mc.videotron.ca 24.202.143.209
> Path:

TK2MSFTNGXA02.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP0
8.phx.gbl!TK2MSFTNGP14.phx.gbl
Show quoteHide quote

> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9298
> X-Tomcat-NG: microsoft.public.dotnet.security
>
> ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
> news:bwQWoDsHFHA.400@TK2MSFTNGXA02.phx.gbl...
> > You should need ReflectionPermission in order to Invoke a MethodInfo
that
> > you have, regardless of the visibility of the method.
>
> Why? Maybe I'm just not in a sufficiently evil frame of mind, but I can't
> see why invoking a public member of a public type via reflection should
> cause any additional security risk beyond that already incurred in a
direct
> call. There could be some additional risk incurred due to the reflection
> code on the call stack, but I suspect that's been addressed by some
> behind-the-scenes mechanism.
>
> Also, if there's a reflection permission being demanded for invocation of
a
> public member of a public type, how is it being formulated?
> ReflectionPermission\NoFlags corresponds to no reflection permission at
all,
> and any other flavour would appear to be specific to emittance or use of
> non-public types and members.
>
> Maybe I'm reading the docs wrong, but they do seem pretty unambigous to
me.
> The documentation for the ReflectionPermission class contains the
following
> statement: "Without ReflectionPermission, code can only access the public
> members of loaded assemblies." The remarks section of the documentation
for
> the ReflectionPermissionFlag enum has a similar statement: "If no
> ReflectionPermission is granted, reflection is allowed only on visible
> members." Both of these would seem to indicate that publicly visible
> members should be callable without any reflection permissions.
>
>
> > A quick test I
> > slapped together shows this to be true on both v1.1 and the latest v2.0
> > builds. I'm curious as to Nicole's test ... Nicole can you let us know
in
> > more detail what you were doing?
>
> I'm equally curious about your tests since I'm having no trouble at all
> calling public members without reflection permission...
>
> My initial test used Type.InvokeMember. I've now tried using
> MethodInfo.Invoke, and the result is the same. In both cases, if both the
> type and the method have public visibility, reflection permission is not
> required to successfully invoke the method. I see the same result in both
> fully patched 1.1 and the December CTP of 2.0. If you want to repro the
> tests, sample code is included below. (BTW, I also tried limiting the
> console app's permissions via policy just in case there was some odd bug
wrt
> the optional request, but the result was the same.)
>
>
> //--------------- Code for Library.dll ----------------
> using System;
>
> namespace Library
> {
>       public class Foo
>       {
>             public Foo()
>             {
>             }
>
>             public string Bar()
>             {
>                   return "This is the result of Foo.Bar().";
>             }
>       }
> }
>
>
> //--------------- Code for ConsoleApp.exe ----------------
> // N.B.: You'll need to adjust the value of the LibraryPath constant to
> point to the actual path for Library.dll.
> //            For .NET Framework 2.0, you'll probably also need to add
> UIPermission to run the console.
> using System;
> using System.Reflection;
> using System.Security;
> using System.Security.Permissions;
>
> [assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted =
> false)]
> [assembly: FileIOPermission(SecurityAction.RequestMinimum,
>       PathDiscovery = ConsoleApp.Start.LibraryPath,
>       Read = ConsoleApp.Start.LibraryPath)]
>
> namespace ConsoleApp
> {
>       internal class Start
>       {
>             internal const string LibraryPath = @"<full path to
> Library.dll>";
>
>             private static void Main(string[] args)
>             {
>                   Assembly library = Assembly.LoadFrom(LibraryPath);
>                   object instance = library.CreateInstance("Library.Foo",
> false);
>                   Type instanceType = instance.GetType();
>
>                   object label = InvokeOnType(instanceType, instance);
>                   Console.WriteLine((string)label);
>
>                   label = InvokeMethodInfo(instanceType, instance);
>                   Console.WriteLine((string)label);
>
>                   Console.ReadLine();
>             }
>
>             private static object InvokeOnType(Type type, object instance)
>             {
>                   return type.InvokeMember("Bar",
>                         BindingFlags.Public | BindingFlags.InvokeMethod |
> BindingFlags.Instance,
>                         null, instance, null);
>             }
>
>             private static object InvokeMethodInfo(Type type, object
> instance)
>             {
>                   MethodInfo method = type.GetMethod("Bar",
> BindingFlags.Public | BindingFlags.Instance);
>                   return method.Invoke(instance, null);
>             }
>       }
> }
>
>
>
>

2 Mar 2005 10:36 PM

Joe Kaplan (MVP - ADSI)

Yikes! So how do we tell the special classes from the "not special" ones?
It isn't clear that the documentation is doing the right thing for us here.
I can wait patiently for the blog posting though...

Joe K.

""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
Show quoteHide quote

news:8PHStS3HFHA.1428@TK2MSFTNGXA02.phx.gbl...
> Well, after digging around in the reflection internals I've turned up
> fodder for a blog entry :-)
>
> Turns out that in general, you don't need reflection permission to invoke
> a
> public method, which makes sense, since as Nicole pointed out, you're not
> really mitigating any risk by demanding something. However, reflection
> does treat some classes as special, and will demand permission even for
> access to their public member functions. My simple test happened to hit
> one of those classes, so I was seeing the demand enforced.
>
> -Shawn
> http://blogs.msdn.com/shawnfa
> --
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> Note:
> For the benefit of the community-at-large, all responses to this message
> are best directed to the newsgroup/thread from which they originated.
> --------------------
>> From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
>> References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>
> <u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
> <#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
> <#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
> <#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
> <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
> <F1BGzV6GFHA.2***@TK2MSFTNGXA02.phx.gbl>
> <u9tkK$9GFHA.2***@TK2MSFTNGP09.phx.gbl>
> <ecQ21ABHFHA.***@TK2MSFTNGP12.phx.gbl>
> <e#EMOsXHFHA.3***@TK2MSFTNGP10.phx.gbl>
> <O6HowBmHFHA.4***@TK2MSFTNGP14.phx.gbl>
> <ucdiXWnHFHA.2***@TK2MSFTNGP12.phx.gbl>
> <uuxVHCoHFHA.3***@TK2MSFTNGP12.phx.gbl>
> <uro1ZDpHFHA.1***@TK2MSFTNGP14.phx.gbl>
> <bwQWoDsHFHA.***@TK2MSFTNGXA02.phx.gbl>
>> Subject: Re: Medium Level Trust and Reflection
>> Date: Wed, 2 Mar 2005 08:37:02 -0500
>> Lines: 124
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>> X-RFC2646: Format=Flowed; Original
>> Message-ID: <#bRQJ0yHFHA.***@TK2MSFTNGP14.phx.gbl>
>> Newsgroups: microsoft.public.dotnet.security
>> NNTP-Posting-Host: modemcable209.143-202-24.mc.videotron.ca
>> 24.202.143.209
>> Path:
> TK2MSFTNGXA02.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP0
> 8.phx.gbl!TK2MSFTNGP14.phx.gbl
>> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9298
>> X-Tomcat-NG: microsoft.public.dotnet.security
>>
>> ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
>> news:bwQWoDsHFHA.400@TK2MSFTNGXA02.phx.gbl...
>> > You should need ReflectionPermission in order to Invoke a MethodInfo
> that
>> > you have, regardless of the visibility of the method.
>>
>> Why? Maybe I'm just not in a sufficiently evil frame of mind, but I
>> can't
>> see why invoking a public member of a public type via reflection should
>> cause any additional security risk beyond that already incurred in a
> direct
>> call. There could be some additional risk incurred due to the reflection
>> code on the call stack, but I suspect that's been addressed by some
>> behind-the-scenes mechanism.
>>
>> Also, if there's a reflection permission being demanded for invocation of
> a
>> public member of a public type, how is it being formulated?
>> ReflectionPermission\NoFlags corresponds to no reflection permission at
> all,
>> and any other flavour would appear to be specific to emittance or use of
>> non-public types and members.
>>
>> Maybe I'm reading the docs wrong, but they do seem pretty unambigous to
> me.
>> The documentation for the ReflectionPermission class contains the
> following
>> statement: "Without ReflectionPermission, code can only access the public
>> members of loaded assemblies." The remarks section of the documentation
> for
>> the ReflectionPermissionFlag enum has a similar statement: "If no
>> ReflectionPermission is granted, reflection is allowed only on visible
>> members." Both of these would seem to indicate that publicly visible
>> members should be callable without any reflection permissions.
>>
>>
>> > A quick test I
>> > slapped together shows this to be true on both v1.1 and the latest v2.0
>> > builds. I'm curious as to Nicole's test ... Nicole can you let us know
> in
>> > more detail what you were doing?
>>
>> I'm equally curious about your tests since I'm having no trouble at all
>> calling public members without reflection permission...
>>
>> My initial test used Type.InvokeMember. I've now tried using
>> MethodInfo.Invoke, and the result is the same. In both cases, if both
>> the
>> type and the method have public visibility, reflection permission is not
>> required to successfully invoke the method. I see the same result in
>> both
>> fully patched 1.1 and the December CTP of 2.0. If you want to repro the
>> tests, sample code is included below. (BTW, I also tried limiting the
>> console app's permissions via policy just in case there was some odd bug
> wrt
>> the optional request, but the result was the same.)
>>
>>
>> //--------------- Code for Library.dll ----------------
>> using System;
>>
>> namespace Library
>> {
>>       public class Foo
>>       {
>>             public Foo()
>>             {
>>             }
>>
>>             public string Bar()
>>             {
>>                   return "This is the result of Foo.Bar().";
>>             }
>>       }
>> }
>>
>>
>> //--------------- Code for ConsoleApp.exe ----------------
>> // N.B.: You'll need to adjust the value of the LibraryPath constant to
>> point to the actual path for Library.dll.
>> //            For .NET Framework 2.0, you'll probably also need to add
>> UIPermission to run the console.
>> using System;
>> using System.Reflection;
>> using System.Security;
>> using System.Security.Permissions;
>>
>> [assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted =
>> false)]
>> [assembly: FileIOPermission(SecurityAction.RequestMinimum,
>>       PathDiscovery = ConsoleApp.Start.LibraryPath,
>>       Read = ConsoleApp.Start.LibraryPath)]
>>
>> namespace ConsoleApp
>> {
>>       internal class Start
>>       {
>>             internal const string LibraryPath = @"<full path to
>> Library.dll>";
>>
>>             private static void Main(string[] args)
>>             {
>>                   Assembly library = Assembly.LoadFrom(LibraryPath);
>>                   object instance = library.CreateInstance("Library.Foo",
>> false);
>>                   Type instanceType = instance.GetType();
>>
>>                   object label = InvokeOnType(instanceType, instance);
>>                   Console.WriteLine((string)label);
>>
>>                   label = InvokeMethodInfo(instanceType, instance);
>>                   Console.WriteLine((string)label);
>>
>>                   Console.ReadLine();
>>             }
>>
>>             private static object InvokeOnType(Type type, object
>> instance)
>>             {
>>                   return type.InvokeMember("Bar",
>>                         BindingFlags.Public | BindingFlags.InvokeMethod |
>> BindingFlags.Instance,
>>                         null, instance, null);
>>             }
>>
>>             private static object InvokeMethodInfo(Type type, object
>> instance)
>>             {
>>                   MethodInfo method = type.GetMethod("Bar",
>> BindingFlags.Public | BindingFlags.Instance);
>>                   return method.Invoke(instance, null);
>>             }
>>       }
>> }
>>
>>
>>
>>
>

3 Mar 2005 2:28 AM

Shawn Farkas [MS]

Hopefully it won't have to be too patiently .... I'll try to get it up in
the next day or so.

-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.

Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------

> Reply-To: "Joe Kaplan $MVP - ADSI$"

<joseph.e.kap***@removethis.accenture.com>

> From: "Joe Kaplan $MVP - ADSI$"

<joseph.e.kap***@removethis.accenture.com>

> References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>

> Subject: Re: Medium Level Trust and Reflection
> Date: Wed, 2 Mar 2005 16:36:40 -0600
> Lines: 205
> Organization: Accenture
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> X-RFC2646: Format=Flowed; Original
> Message-ID: <Ov6cOh3HFHA.3***@tk2msftngp13.phx.gbl>
> Newsgroups: microsoft.public.dotnet.security
> NNTP-Posting-Host: launchcenters.accenture.com 170.252.248.207
> Path:

TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp1
3.phx.gbl
Show quoteHide quote

> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9312
> X-Tomcat-NG: microsoft.public.dotnet.security
>
> Yikes! So how do we tell the special classes from the "not special"
ones?
> It isn't clear that the documentation is doing the right thing for us
here.
> I can wait patiently for the blog posting though...
>
> Joe K.
>
> ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
> news:8PHStS3HFHA.1428@TK2MSFTNGXA02.phx.gbl...
> > Well, after digging around in the reflection internals I've turned up
> > fodder for a blog entry :-)
> >
> > Turns out that in general, you don't need reflection permission to
invoke
> > a
> > public method, which makes sense, since as Nicole pointed out, you're
not
> > really mitigating any risk by demanding something. However, reflection
> > does treat some classes as special, and will demand permission even for
> > access to their public member functions. My simple test happened to hit
> > one of those classes, so I was seeing the demand enforced.
> >
> > -Shawn
> > http://blogs.msdn.com/shawnfa
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> >
> >
> > Note:
> > For the benefit of the community-at-large, all responses to this message
> > are best directed to the newsgroup/thread from which they originated.
> > --------------------
> >> From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
> >> References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>
> > <u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
> > <#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
> > <#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
> > <#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
> > <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
> > <F1BGzV6GFHA.2***@TK2MSFTNGXA02.phx.gbl>
> > <u9tkK$9GFHA.2***@TK2MSFTNGP09.phx.gbl>
> > <ecQ21ABHFHA.***@TK2MSFTNGP12.phx.gbl>
> > <e#EMOsXHFHA.3***@TK2MSFTNGP10.phx.gbl>
> > <O6HowBmHFHA.4***@TK2MSFTNGP14.phx.gbl>
> > <ucdiXWnHFHA.2***@TK2MSFTNGP12.phx.gbl>
> > <uuxVHCoHFHA.3***@TK2MSFTNGP12.phx.gbl>
> > <uro1ZDpHFHA.1***@TK2MSFTNGP14.phx.gbl>
> > <bwQWoDsHFHA.***@TK2MSFTNGXA02.phx.gbl>
> >> Subject: Re: Medium Level Trust and Reflection
> >> Date: Wed, 2 Mar 2005 08:37:02 -0500
> >> Lines: 124
> >> X-Priority: 3
> >> X-MSMail-Priority: Normal
> >> X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> >> X-RFC2646: Format=Flowed; Original
> >> Message-ID: <#bRQJ0yHFHA.***@TK2MSFTNGP14.phx.gbl>
> >> Newsgroups: microsoft.public.dotnet.security
> >> NNTP-Posting-Host: modemcable209.143-202-24.mc.videotron.ca
> >> 24.202.143.209
> >> Path:
> >

TK2MSFTNGXA02.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP0
Show quoteHide quote

> > 8.phx.gbl!TK2MSFTNGP14.phx.gbl
> >> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9298
> >> X-Tomcat-NG: microsoft.public.dotnet.security
> >>
> >> ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
> >> news:bwQWoDsHFHA.400@TK2MSFTNGXA02.phx.gbl...
> >> > You should need ReflectionPermission in order to Invoke a MethodInfo
> > that
> >> > you have, regardless of the visibility of the method.
> >>
> >> Why? Maybe I'm just not in a sufficiently evil frame of mind, but I
> >> can't
> >> see why invoking a public member of a public type via reflection should
> >> cause any additional security risk beyond that already incurred in a
> > direct
> >> call. There could be some additional risk incurred due to the
reflection
> >> code on the call stack, but I suspect that's been addressed by some
> >> behind-the-scenes mechanism.
> >>
> >> Also, if there's a reflection permission being demanded for invocation
of
> > a
> >> public member of a public type, how is it being formulated?
> >> ReflectionPermission\NoFlags corresponds to no reflection permission at
> > all,
> >> and any other flavour would appear to be specific to emittance or use
of
> >> non-public types and members.
> >>
> >> Maybe I'm reading the docs wrong, but they do seem pretty unambigous to
> > me.
> >> The documentation for the ReflectionPermission class contains the
> > following
> >> statement: "Without ReflectionPermission, code can only access the
public
> >> members of loaded assemblies." The remarks section of the
documentation
> > for
> >> the ReflectionPermissionFlag enum has a similar statement: "If no
> >> ReflectionPermission is granted, reflection is allowed only on visible
> >> members." Both of these would seem to indicate that publicly visible
> >> members should be callable without any reflection permissions.
> >>
> >>
> >> > A quick test I
> >> > slapped together shows this to be true on both v1.1 and the latest
v2.0
> >> > builds. I'm curious as to Nicole's test ... Nicole can you let us
know
> > in
> >> > more detail what you were doing?
> >>
> >> I'm equally curious about your tests since I'm having no trouble at all
> >> calling public members without reflection permission...
> >>
> >> My initial test used Type.InvokeMember. I've now tried using
> >> MethodInfo.Invoke, and the result is the same. In both cases, if both
> >> the
> >> type and the method have public visibility, reflection permission is
not
> >> required to successfully invoke the method. I see the same result in
> >> both
> >> fully patched 1.1 and the December CTP of 2.0. If you want to repro
the
> >> tests, sample code is included below. (BTW, I also tried limiting the
> >> console app's permissions via policy just in case there was some odd
bug
> > wrt
> >> the optional request, but the result was the same.)
> >>
> >>
> >> //--------------- Code for Library.dll ----------------
> >> using System;
> >>
> >> namespace Library
> >> {
> >>       public class Foo
> >>       {
> >>             public Foo()
> >>             {
> >>             }
> >>
> >>             public string Bar()
> >>             {
> >>                   return "This is the result of Foo.Bar().";
> >>             }
> >>       }
> >> }
> >>
> >>
> >> //--------------- Code for ConsoleApp.exe ----------------
> >> // N.B.: You'll need to adjust the value of the LibraryPath constant
to
> >> point to the actual path for Library.dll.
> >> //            For .NET Framework 2.0, you'll probably also need to add
> >> UIPermission to run the console.
> >> using System;
> >> using System.Reflection;
> >> using System.Security;
> >> using System.Security.Permissions;
> >>
> >> [assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted =
> >> false)]
> >> [assembly: FileIOPermission(SecurityAction.RequestMinimum,
> >>       PathDiscovery = ConsoleApp.Start.LibraryPath,
> >>       Read = ConsoleApp.Start.LibraryPath)]
> >>
> >> namespace ConsoleApp
> >> {
> >>       internal class Start
> >>       {
> >>             internal const string LibraryPath = @"<full path to
> >> Library.dll>";
> >>
> >>             private static void Main(string[] args)
> >>             {
> >>                   Assembly library = Assembly.LoadFrom(LibraryPath);
> >>                   object instance =

library.CreateInstance("Library.Foo",
Show quoteHide quote

> >> false);
> >>                   Type instanceType = instance.GetType();
> >>
> >>                   object label = InvokeOnType(instanceType, instance);
> >>                   Console.WriteLine((string)label);
> >>
> >>                   label = InvokeMethodInfo(instanceType, instance);
> >>                   Console.WriteLine((string)label);
> >>
> >>                   Console.ReadLine();
> >>             }
> >>
> >>             private static object InvokeOnType(Type type, object
> >> instance)
> >>             {
> >>                   return type.InvokeMember("Bar",
> >>                         BindingFlags.Public |
BindingFlags.InvokeMethod |
> >> BindingFlags.Instance,
> >>                         null, instance, null);
> >>             }
> >>
> >>             private static object InvokeMethodInfo(Type type, object
> >> instance)
> >>             {
> >>                   MethodInfo method = type.GetMethod("Bar",
> >> BindingFlags.Public | BindingFlags.Instance);
> >>                   return method.Invoke(instance, null);
> >>             }
> >>       }
> >> }
> >>
> >>
> >>
> >>
> >
>
>
>

8 Mar 2005 8:33 PM

Shawn Farkas [MS]

Took a bit longer than I thought, sorry about that. Anyway, here it is:

http://blogs.msdn.com/shawnfa/archive/2005/03/08/389768.aspx

-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.

Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------

> X-Tomcat-ID: 51434916
> References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>

> MIME-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> From: shaw***@online.microsoft.com ("Shawn Farkas [MS]")
> Organization: Microsoft
> Date: Thu, 03 Mar 2005 02:28:33 GMT
> Subject: Re: Medium Level Trust and Reflection
> X-Tomcat-NG: microsoft.public.dotnet.security
> Message-ID: <#Zuj0i5HFHA.3***@TK2MSFTNGXA02.phx.gbl>
> Newsgroups: microsoft.public.dotnet.security
> Lines: 259
> Path: TK2MSFTNGXA02.phx.gbl
> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9313
> NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
>
> Hopefully it won't have to be too patiently .... I'll try to get it up in
> the next day or so.
>
> -Shawn
> http://blogs.msdn.com/shawnfa
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> Note:
> For the benefit of the community-at-large, all responses to this message
> are best directed to the newsgroup/thread from which they originated.
> --------------------
> > Reply-To: "Joe Kaplan $MVP - ADSI$"
> <joseph.e.kap***@removethis.accenture.com>
> > From: "Joe Kaplan $MVP - ADSI$"
> <joseph.e.kap***@removethis.accenture.com>
> > References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>
> <u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
> <#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
> <#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
> <#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
> <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
> <F1BGzV6GFHA.2***@TK2MSFTNGXA02.phx.gbl>
> <u9tkK$9GFHA.2***@TK2MSFTNGP09.phx.gbl>
> <ecQ21ABHFHA.***@TK2MSFTNGP12.phx.gbl>
> <e#EMOsXHFHA.3***@TK2MSFTNGP10.phx.gbl>
> <O6HowBmHFHA.4***@TK2MSFTNGP14.phx.gbl>
> <ucdiXWnHFHA.2***@TK2MSFTNGP12.phx.gbl>
> <uuxVHCoHFHA.3***@TK2MSFTNGP12.phx.gbl>
> <uro1ZDpHFHA.1***@TK2MSFTNGP14.phx.gbl>
> <bwQWoDsHFHA.***@TK2MSFTNGXA02.phx.gbl>
> <#bRQJ0yHFHA.***@TK2MSFTNGP14.phx.gbl>
> <8PHStS3HFHA.1***@TK2MSFTNGXA02.phx.gbl>
> > Subject: Re: Medium Level Trust and Reflection
> > Date: Wed, 2 Mar 2005 16:36:40 -0600
> > Lines: 205
> > Organization: Accenture
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> > X-RFC2646: Format=Flowed; Original
> > Message-ID: <Ov6cOh3HFHA.3***@tk2msftngp13.phx.gbl>
> > Newsgroups: microsoft.public.dotnet.security
> > NNTP-Posting-Host: launchcenters.accenture.com 170.252.248.207
> > Path:
>

TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp1
Show quoteHide quote

> 3.phx.gbl
> > Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9312
> > X-Tomcat-NG: microsoft.public.dotnet.security
> >
> > Yikes! So how do we tell the special classes from the "not special"
> ones?
> > It isn't clear that the documentation is doing the right thing for us
> here.
> > I can wait patiently for the blog posting though...
> >
> > Joe K.
> >
> > ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
> > news:8PHStS3HFHA.1428@TK2MSFTNGXA02.phx.gbl...
> > > Well, after digging around in the reflection internals I've turned up
> > > fodder for a blog entry :-)
> > >
> > > Turns out that in general, you don't need reflection permission to
> invoke
> > > a
> > > public method, which makes sense, since as Nicole pointed out, you're
> not
> > > really mitigating any risk by demanding something. However,
reflection
> > > does treat some classes as special, and will demand permission even
for
> > > access to their public member functions. My simple test happened to
hit
> > > one of those classes, so I was seeing the demand enforced.
> > >
> > > -Shawn
> > > http://blogs.msdn.com/shawnfa
> > > --
> > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > >
> > >
> > > Note:
> > > For the benefit of the community-at-large, all responses to this
message
> > > are best directed to the newsgroup/thread from which they originated.
> > > --------------------
> > >> From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
> > >> References: <Oy8Y4M1GFHA.2***@tk2msftngp13.phx.gbl>
> > > <u3y8$I4GFHA.3***@TK2MSFTNGP10.phx.gbl>
> > > <#1XfeZ4GFHA.3***@tk2msftngp13.phx.gbl>
> > > <#zmyks4GFHA.***@TK2MSFTNGP15.phx.gbl>
> > > <#VfQqN5GFHA.3***@TK2MSFTNGP10.phx.gbl>
> > > <#vGgt25GFHA.2***@TK2MSFTNGP12.phx.gbl>
> > > <F1BGzV6GFHA.2***@TK2MSFTNGXA02.phx.gbl>
> > > <u9tkK$9GFHA.2***@TK2MSFTNGP09.phx.gbl>
> > > <ecQ21ABHFHA.***@TK2MSFTNGP12.phx.gbl>
> > > <e#EMOsXHFHA.3***@TK2MSFTNGP10.phx.gbl>
> > > <O6HowBmHFHA.4***@TK2MSFTNGP14.phx.gbl>
> > > <ucdiXWnHFHA.2***@TK2MSFTNGP12.phx.gbl>
> > > <uuxVHCoHFHA.3***@TK2MSFTNGP12.phx.gbl>
> > > <uro1ZDpHFHA.1***@TK2MSFTNGP14.phx.gbl>
> > > <bwQWoDsHFHA.***@TK2MSFTNGXA02.phx.gbl>
> > >> Subject: Re: Medium Level Trust and Reflection
> > >> Date: Wed, 2 Mar 2005 08:37:02 -0500
> > >> Lines: 124
> > >> X-Priority: 3
> > >> X-MSMail-Priority: Normal
> > >> X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> > >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> > >> X-RFC2646: Format=Flowed; Original
> > >> Message-ID: <#bRQJ0yHFHA.***@TK2MSFTNGP14.phx.gbl>
> > >> Newsgroups: microsoft.public.dotnet.security
> > >> NNTP-Posting-Host: modemcable209.143-202-24.mc.videotron.ca
> > >> 24.202.143.209
> > >> Path:
> > >
>

TK2MSFTNGXA02.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP0
Show quoteHide quote

> > > 8.phx.gbl!TK2MSFTNGP14.phx.gbl
> > >> Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.security:9298
> > >> X-Tomcat-NG: microsoft.public.dotnet.security
> > >>
> > >> ""Shawn Farkas [MS]"" <shaw***@online.microsoft.com> wrote in message
> > >> news:bwQWoDsHFHA.400@TK2MSFTNGXA02.phx.gbl...
> > >> > You should need ReflectionPermission in order to Invoke a
MethodInfo
> > > that
> > >> > you have, regardless of the visibility of the method.
> > >>
> > >> Why? Maybe I'm just not in a sufficiently evil frame of mind, but I
> > >> can't
> > >> see why invoking a public member of a public type via reflection
should
> > >> cause any additional security risk beyond that already incurred in a
> > > direct
> > >> call. There could be some additional risk incurred due to the
> reflection
> > >> code on the call stack, but I suspect that's been addressed by some
> > >> behind-the-scenes mechanism.
> > >>
> > >> Also, if there's a reflection permission being demanded for
invocation
> of
> > > a
> > >> public member of a public type, how is it being formulated?
> > >> ReflectionPermission\NoFlags corresponds to no reflection permission
at
> > > all,
> > >> and any other flavour would appear to be specific to emittance or
use
> of
> > >> non-public types and members.
> > >>
> > >> Maybe I'm reading the docs wrong, but they do seem pretty unambigous
to
> > > me.
> > >> The documentation for the ReflectionPermission class contains the
> > > following
> > >> statement: "Without ReflectionPermission, code can only access the
> public
> > >> members of loaded assemblies." The remarks section of the
> documentation
> > > for
> > >> the ReflectionPermissionFlag enum has a similar statement: "If no
> > >> ReflectionPermission is granted, reflection is allowed only on
visible
> > >> members." Both of these would seem to indicate that publicly visible
> > >> members should be callable without any reflection permissions.
> > >>
> > >>
> > >> > A quick test I
> > >> > slapped together shows this to be true on both v1.1 and the latest
> v2.0
> > >> > builds. I'm curious as to Nicole's test ... Nicole can you let us
> know
> > > in
> > >> > more detail what you were doing?
> > >>
> > >> I'm equally curious about your tests since I'm having no trouble at
all
> > >> calling public members without reflection permission...
> > >>
> > >> My initial test used Type.InvokeMember. I've now tried using
> > >> MethodInfo.Invoke, and the result is the same. In both cases, if
both
> > >> the
> > >> type and the method have public visibility, reflection permission is
> not
> > >> required to successfully invoke the method. I see the same result
in
> > >> both
> > >> fully patched 1.1 and the December CTP of 2.0. If you want to repro
> the
> > >> tests, sample code is included below. (BTW, I also tried limiting
the
> > >> console app's permissions via policy just in case there was some odd
> bug
> > > wrt
> > >> the optional request, but the result was the same.)
> > >>
> > >>
> > >> //--------------- Code for Library.dll ----------------
> > >> using System;
> > >>
> > >> namespace Library
> > >> {
> > >>       public class Foo
> > >>       {
> > >>             public Foo()
> > >>             {
> > >>             }
> > >>
> > >>             public string Bar()
> > >>             {
> > >>                   return "This is the result of Foo.Bar().";
> > >>             }
> > >>       }
> > >> }
> > >>
> > >>
> > >> //--------------- Code for ConsoleApp.exe ----------------
> > >> // N.B.: You'll need to adjust the value of the LibraryPath
constant
> to
> > >> point to the actual path for Library.dll.
> > >> //            For .NET Framework 2.0, you'll probably also need to
add
> > >> UIPermission to run the console.
> > >> using System;
> > >> using System.Reflection;
> > >> using System.Security;
> > >> using System.Security.Permissions;
> > >>
> > >> [assembly: PermissionSet(SecurityAction.RequestOptional,
Unrestricted =
> > >> false)]
> > >> [assembly: FileIOPermission(SecurityAction.RequestMinimum,
> > >>       PathDiscovery = ConsoleApp.Start.LibraryPath,
> > >>       Read = ConsoleApp.Start.LibraryPath)]
> > >>
> > >> namespace ConsoleApp
> > >> {
> > >>       internal class Start
> > >>       {
> > >>             internal const string LibraryPath = @"<full path to
> > >> Library.dll>";
> > >>
> > >>             private static void Main(string[] args)
> > >>             {
> > >>                   Assembly library = Assembly.LoadFrom(LibraryPath);
> > >>                   object instance =
> library.CreateInstance("Library.Foo",
> > >> false);
> > >>                   Type instanceType = instance.GetType();
> > >>
> > >>                   object label = InvokeOnType(instanceType,
instance);
> > >>                   Console.WriteLine((string)label);
> > >>
> > >>                   label = InvokeMethodInfo(instanceType, instance);
> > >>                   Console.WriteLine((string)label);
> > >>
> > >>                   Console.ReadLine();
> > >>             }
> > >>
> > >>             private static object InvokeOnType(Type type, object
> > >> instance)
> > >>             {
> > >>                   return type.InvokeMember("Bar",
> > >>                         BindingFlags.Public |
> BindingFlags.InvokeMethod |
> > >> BindingFlags.Instance,
> > >>                         null, instance, null);
> > >>             }
> > >>
> > >>             private static object InvokeMethodInfo(Type type, object
> > >> instance)
> > >>             {
> > >>                   MethodInfo method = type.GetMethod("Bar",
> > >> BindingFlags.Public | BindingFlags.Instance);
> > >>                   return method.Invoke(instance, null);
> > >>             }
> > >>       }
> > >> }
> > >>
> > >>
> > >>
> > >>
> > >
> >
> >
> >
>
>