1

I have an assembly on the intranet calling to another library on the intranet (in a different folder) which then calls Microsoft HPC API which is installed in the local machine GAC.

The assembly finds the library using the method in MS KB 837908 and in the process a SecurityException is raised "That assembly does not allow partially trusted callers" (That assembly is the HPC API)

However if I move the library in the same folder on the intranet as the executing assembly (ie. there is no need to call the custom resolver) it all works fine.

How can I improve the custom resolver to avoid this security exception?

TownCube
  • 1,280
  • 1
  • 13
  • 32
  • Use the LoadFrom(string, Evidence) overload. – Hans Passant Feb 07 '12 at 14:13
  • You might try this: http://stackoverflow.com/questions/8308312/assembly-loaded-using-assembly-loadfrom-on-remote-machine-causes-securityexcep/8308355#8308355 – Felix K. Feb 07 '12 at 14:45
  • You've nailed it Hans, I've added the response an answer here, however if you'd like to supply an answer of your own for me to accept I'd be happy to swap the accept to your answer. Thank you. – TownCube Feb 07 '12 at 20:40

2 Answers2

3

a SecurityException is raised "That assembly does not allow partially trusted callers"

That's a good thing. If the assembly was not marked with the Allow Partially Trusted Callers attribute, that means that either (1) the authors of that assembly never performed a security review to see if it was safe to be called by hostile partially trusted code, or (2) did perform a security review, and did determine that the assembly was not safe to be called by hostile partially trusted code.

This exception is protecting your users from harm, and so you should be glad that it is thrown.

However if I move the library in the same folder on the intranet as the executing assembly it all works fine.

Well then, it sounds like you've solved your problem.

How can I improve the custom resolver to avoid this security exception?

You're asking how to work around a correctly-working security system that is protecting your users from attacks by hostile partially trusted code? Why on earth would you want to do that? If you could do that successfully I hope you would tell Microsoft about it so that we could fix the bug and prevent you from doing that.

Do not work around security systems; work with security systems. If the problem is that you are calling a component that requires a fully trusted caller then either (1) don't call that component, or (2) instruct your users to set policies that fully trust the caller.

Eric Lippert
  • 647,829
  • 179
  • 1,238
  • 2,067
  • I'm not trying to break the security model, if I was I'd set fulltrust to everything and be done with it, I'm trying to learn how to do this properly. In terms of the security model what's the difference between loading an assembly in a different folder on the same network sharing vs loading an assembly from the same folder? To me the "trust" or permissions would be the same? Especially since the calling assembly is the one picking the location (again on the same share). It's not as if I'm crossing security zones or even network shares. – TownCube Feb 07 '12 at 20:13
  • 2
    I think you missed the point of the question a bit. The issue isn't that partial trust callers can't do certain things, but that the assembly was considered a partial trust caller in the first place. I for want think that the interaction of network drives and .net trust is a bit strange. – CodesInChaos Feb 07 '12 at 21:30
3

Hans Passant provided this solution in the comments, I've extended an offer to him to provide a formal answer and I'll be happy to accept it.

Using the Microsoft KB sample linked in question change

MyAssembly = Assembly.LoadFrom(strTempAssmbPath);

to

Assembly.LoadFrom(strTempAssmbPath, Assembly.GetExecutingAssembly().Evidence)
Community
  • 1
  • 1
TownCube
  • 1,280
  • 1
  • 13
  • 32