Caspol：从网络共享中的程序集调用方法

Question

I have compiled an assembly using the Microsoft Strong Name key convention and marked it to be "AllowPartiallyTrusted".

I am testing the application against this assembly from two different machines. One is running windows 2003 server and the other machine is on windows XP Professional.

I am able to invoke the methods on the assembly from the Win 2003 server, but when it comes to the XP machine, it fails.

I have tried to set the INTRANET ZONES TO FULL TRUST, but that hasn't worked for the XP. One difference between the XP and the 2003 server is that the XP is 32 bit and has frameworks 1 -4.0 installed on it. The 2003 has just the 3.5 SP1 installed on it.

I am an administrator on the XP machine, but not on the 2003 machine where it works. This is driving me nuts.

Answer 1

The Windows permissions shouldn't matter - it's a Code Access Security issue. It's difficult to diagnose the problem without knowing more about the errors you're encountering. The AllowPartiallyTrustedCallersAttribute (APTCA) is meant to allow partially trusted code to call fully trusted code, but the .NET 4.0 security model has changed the way APTCA works. See this blog post for details , but in .NET 4.0 APTCA assemblies are marked SecurityTransparent , and cannot call SecurityCritical assemblies, which is the default protection level for .NET assemblies.

So, if your APTCA assembly in .NET 4.0 is doing anything privileged, like calling SecurityCritical code or asserting permissions, then it will fail. You should consider making it SecuritySafeCritical so that it can be called by SecurityTransparent code and call SecurityCritical code. Of course, you'll want to make sure that it can't be exploited by untrusted libraries, just like APTCA code.