I want to get the declarative security attributes from an assembly. For now i just go through all the types in assembly and all of their members to look for custom attributes that derive from CodeAccessSecurityAttribute. This works kinda fine, but i think the better way is to read the DeclSecurity metadata table and get the attributes from there. But the problem is that all the cool reflection metadata things are on different net platforms, i need something for .NET Framework 4.8. I know there is dnlib but it uses its own classes for everything so using it together with reflection will be hard to say the least
Asked
Active
Viewed 32 times
0
-
Why are you using `CodeAccessSecurityAttribute` in the first place? CAS was made defunct ages ago. – Dai Nov 13 '22 at 19:51
-
@Dai well, CAS is the only way of sandboxing .NET code i know...and it works in the latest version of net framework so why not) – Сергей Гущин Nov 13 '22 at 20:04
-
_"CAS is the only way of sandboxing .NET code"_ - it's insecure and basically _it doesn't work_: it's giving you a false sense of security. – Dai Nov 13 '22 at 20:06
-
_"and it works in the latest version of net framework"_ - only if by "'latest" you mean platforms from over 10 years ago: it was officially obsoleted when .NET Framework 4 was released in 2010 ... try to keep-up: https://learn.microsoft.com/en-us/previous-versions/dotnet/framework/code-access-security/code-access-security-policy-compatibility-and-migration#migration-replacement-for-obsolete-calls – Dai Nov 13 '22 at 20:08