Status: New
Owner: ----
New issue 268 by
paulbole...@hotmail.com: Add the
AllowPartiallyTrustedCallers attribute to the assembly
http://code.google.com/p/noda-time/issues/detail?id=268
What situation does this request make simpler?
ASP.Net code running at less than full trust (eg medium trust) cannot call
into a strong named assembly unless it has the AllowPartiallyTrustedCallers
attribute. Partially trusted code (anything less than full trust) that
calls a signed, strongly named assembly that doesn't have the attribute
will receive the error "That assembly does not allow partially trusted
callers."
Can you provide a straw-man example of what you'd want the API to look
like?
No changes to the API, but the implication is that any code in NodaTime
that might pose a security risk would have to make it's own, explicit
security demands. I'm not real proficient in the Code Access Security stuff
but this is what I gather from reading. From what I gather, if for example,
NodaTime had a utility class that accessed the registry to update timezone
data, you would not want partially trusted code to do that, so you would
want to explicitly demand a higher security level for that portion of code
to execute, either by placing a security attribute on specific methods or
by calling Assert on a permission object in code. The first method is
covered a lot. The only thing I've found on the later method is this
article:
http://support.microsoft.com/kb/839300.
The remarks in the docs for AllowPartiallyTrustedCallersAttribute is a good
place to start:
http://msdn.microsoft.com/en-us/library/system.security.allowpartiallytrustedcallersattribute%28v=vs.110%29.aspx
One of it's links is to "Using Libraries from Partially Trusted Code"
(
http://msdn.microsoft.com/en-us/library/8skskf63%28v=vs.110%29.aspx) which
has a subtopic "Requiring Full Trust for Types Within an APTCA Assembly"
which discusses using attributes on methods to raise the security level.
There's also a change in .Net 4 that is mentioned in many articles and
there is a question/response on stackoverflow that laid some of that out
(
http://stackoverflow.com/questions/5055632/net-4-allowpartiallytrustedcallers-attribute-and-security-markings-like-secur)
This issue also came up with the Recaptcha .net library I was using
(
http://code.google.com/p/recaptcha/issues/detail?id=100). They've
implemented the attribute in the code but I don't think they've made
another release containing it. You might try contacting the programmers on
that project.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings