CAS prevents call to ConvertTo used by custom TypeConverter
Jim
it's own editor and typeconverter.
The problem is that the type converter has to ConvertTo an
InstanceDescriptor at runtime, but calls InstanceDescriptor (seem to) require
Unrestricted permission;
(permview /decl System.dll yields
Class System.ComponentModel.Design.Serialization.InstanceDescriptor
LinktimeDemand permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1"
Unrestricted="true"/>
)
Also this page
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/aptcatypes.asp says;
The following is a list of types within these APTCA decorated assemblies
that are not callable by partially trusted code because they are decorated
with one of the following declarative security attributes:
[PermissionSet(SecurityAction.LinkDemand, Name="FullTrust")]
...for...
System.ComponentModel.Design.Serialization.InstanceDescriptor
I'm perplexed - CAS sounds like a nice idea but are you seriously telling me
that no-one but FullTrust users can use my code because I have a custom type
converter!
Is there anyway around this?
Thanks in advance
Jim
Here's my type converter
class MyControlsCollectionConverter : TypeConverter
{
public override bool CanConvertFrom(ITypeDescriptorContext context, Type
sourceType){
if (sourceType == typeof(string)) return true;
return false;
}
public override object ConvertFrom(ITypeDescriptorContext context,
CultureInfo culture, object value) {
if (value == null)
return String.Empty;
try{
if (value.GetType() == typeof(string)){
string[] IDs = ((string)value).Split(new char[]{','});
MyControlsCollection r = new MyControlsCollection();
for(int i=0; i<IDs.Length; i++)
r.Add(IDs[i]);
return r;
}
return null;
} catch (Exception f){
throw GetConvertFromException(value+f.Message);
}
}
public override bool CanConvertTo(ITypeDescriptorContext context, Type
targetType){
if (targetType == typeof(string) || targetType ==
typeof(InstanceDescriptor)) return true;
else return base.CanConvertTo(context, targetType);
}
///<summary>Convert collection to string</summary>
public override object ConvertTo(ITypeDescriptorContext context,
CultureInfo culture, object value, Type targetType) {
if(targetType == typeof(string)){
string result = "";
MyControlsCollection list = null;
MyMainControl myMainControl = null;
try{
if(value!=null){
list = (MyControlsCollection) value;
if (context != null && context.Instance != null)
myMainControl = ((MyMainControl)context.Instance);
for(int i=0; i<list.Count; i++){
result += list[i];
if(i<list.Count-1) result+=",";
}
}
} catch (Exception e){
result="Internal error occured "+e.Message;
throw new Exception("Error occured;"+e.Message);
}
return result;
} else if (targetType == typeof(InstanceDescriptor)) {
//sometimes it wants to convert collection to instance descriptor, so
create an instance descriptor
//using string constructor
InstanceDescriptor desc = null;
ConstructorInfo ci = typeof(MyControlsCollection).GetConstructor(new
Type[]{typeof(string)});
MyControlsCollection t = (MyControlsCollection) value;
--------------->>>//fails because of this call
if (ci!=null) desc = CreateInstanceDescriptor(ci, t);
return desc;
} else return base.ConvertTo(context,culture,value,targetType);
}
InstanceDescriptor CreateInstanceDescriptor(ConstructorInfo ci,
MyControlsCollection t)
{
return new InstanceDescriptor(ci,new object[]{t.ToString()});
}
public override bool GetStandardValuesExclusive(ITypeDescriptorContext
context)
{return false;}
public override bool GetStandardValuesSupported(ITypeDescriptorContext
context)
{return false;}
}
Kevin Yu [MSFT]
We have reviewed this issue and are currently researching on it. We will
update you ASAP. Thanks for your patience!
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
Steven Cheng[MSFT]
Welcome to ASPNET newsgroup.
As for the problem on calling
System.ComponentModel.Design.Serialization.InstanceDescriptor in custom
webcontrol code, it's caused by the .NET CAS model. Since the
System.ComponentModel.Design.Serialization.InstanceDescriptor class is
defined as requiring the direct caller to be grant "FullTrust" permission,
we must make sure that any assembly use this class has been configured as
FullTrust. So for our custom asp.net web control, the custom control's
assembly is the direct caller of the
System.ComponentModel.Design.Serialization.InstanceDescriptor class, and
since the webcontrol assembly will be loaded into ASP.NET application's
appdomain, so the security trust level of our custom assembly will be
determined by two things:
1. If we can explicitly configure our custom control's assembly as
"FullTrust" in CAS(by strong-name...), that'll be ok. Or alternatively we
can also separate the code into another assembly which will be configured
as "FullTrust" and [assembly:AllowPartiallyTrustedCallers]
e.g.
//non fulltrust
MyControl.dll
//using the InstanceDescriptor class and must have
[assembly:AllowPartiallyTrustedCallers] and be configured as "FullTrust"
in CAS
MyControl.Design.dll
attribute, then our main control assembly reference this assembly. Thus,
the webcontrol can call the converter event being loaded in a non-fulltrust
asp.net appdomain.
2. If we don't grant our custom control assembly "FullTrust", we need to
make sure the web application which load our custom control assembly be
running under "Full" trust level, this is configured in machine.config or
web.config's system.web/trust/@Level attribute, e.g:
<trust level="Full" originUrl=""/>
by default, asp.net application's trustLevel is configured as "Full",
however, some public web host may have certain constrains on this.
If you have anything unclear, please feel free to post here.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| Thread-Topic: CAS prevents call to ConvertTo used by custom TypeConverter
| thread-index: AcXWjJpZEaRQkx7oTzmBQ22uluJxdg==
| X-WBNR-Posting-Host: 70.68.236.247
| From: =?Utf-8?B?Smlt?= <jim...@nospam.nospam>
| Subject: CAS prevents call to ConvertTo used by custom TypeConverter
| Date: Fri, 21 Oct 2005 15:13:02 -0700
| Lines: 144
| Message-ID: <1BD3F470-46B6-4C0B...@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework.aspnet.buildingcontrols
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet.buildingcontrols:4369
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.buildingcontrols
Jim
the issue;
1. Good idea, and this is something I was trying, however, I've found that
the InstanceDescriptor code path is called even at runtime. In other words
In the .ConvertTo method, this block:
} else if (targetType == typeof(InstanceDescriptor)) {
InstanceDescriptor desc = null;
ConstructorInfo ci = typeof(MyControlsCollection).GetConstructor(new
Type[]{typeof(string)});
MyControlsCollection t = (MyControlsCollection) value;
--------------->>>//fails because of this call
if (ci!=null) desc = CreateInstanceDescriptor(ci, t);
return desc;
}
is being called, so separating the designer code from the runtime assembly
won't help. I'm not sure why the instance descriptor is being required (if
this isnt normal) at runtime? For the record I also changed the CanConvertTo
method to return false for InstanceDescriptor at runtime, I got an exception
saying that the convertor couldnt convert to InstanceDescriptor...
2. This is a commercial control, so we cannot always demand full trust.
Any ideas;
Is InstanceDescriptor usually a convert to target at runtime? - if not
perhaps I've err'ed elsewhere?
Thanks for your help.
Jim
Steven Cheng[MSFT]
If the runtime code also reference the InstanceDescriptor, I'm afraid we're
limited to granting our assembly FullTrust permission(if can not avoid
involving calling such classes). In fact, such component really need this
trust level since it can do powerful operations (creating object instance
dynamically) and it is mostly used in many fundamental classes such as the
serizalier.... I think you may consider strong-named your webcontrol
library and inform the user/admin to grant the sufficient permission (we
can apply such attribute so as to let the end user use permview tool to
check the required permissions) , just as the .NET's buildin assemblies
do(grant fulltrust through strong-name...)
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| Thread-Topic: CAS prevents call to ConvertTo used by custom TypeConverter
| thread-index: AcXYw4F//2cjrzoKRjelpc0yTJLnQQ==
| X-WBNR-Posting-Host: 70.68.236.247
| From: =?Utf-8?B?Smlt?= <jim...@nospam.nospam>
| References: <1BD3F470-46B6-4C0B...@microsoft.com>
<HJJmdRG2...@TK2MSFTNGXA01.phx.gbl>
| Subject: RE: CAS prevents call to ConvertTo used by custom TypeConverter
| Date: Mon, 24 Oct 2005 10:51:05 -0700
| Lines: 280
| Message-ID: <EE4BF239-2A4A-4AAF...@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework.aspnet.buildingcontrols
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet.buildingcontrols:4372
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.buildingcontrols