evidence of a new domain

evidence of a new domain

Post by SmFz » Fri, 28 Oct 2005 17:21:06


I need help figuring out what I'm doing wrong in this application I'm
writing. In this application I create a new appdomain and load another
managed .dll (implements a HelloWorld class) and calling a function in this
new class that prints out all the evidence of its application domain. When
creating this new domain I specify my own evidence, but for some reason the
function keeps printing the same evidence as that of the root application
domain and thats the part I don't understand.

This is the code snippt that I used to create a new app domain and load my
HelloWorld assembly:
Evidence myNewEvidence = new Evidence();
myNewEvidence.AddHost(new Url(@"file://c:/temp"));
myNewEvidence.AddHost(new Zone(SecurityZone.Trusted));

AppDomain myNewAppDomain = AppDomain.CreateDomain("new domain",myNewEvidence);

Assembly myNewAssembly3 =
myNewAppDomain.Load(AssemblyName.GetAssemblyName(@"\\10.0.0.2\HelloWorld.dll").ToString());

The following is how I print out the evidence from a function within
HelloWorld:
Evidence myEvidence = AppDomain.CurrentDomain.Evidence;
IEnumerator myHostIEnum = myEvidence.GetHostEnumerator();

Console.WriteLine("Current Host Evidence:");
while(myHostIEnum.MoveNext())
Console.WriteLine(myHostIEnum.Current.ToString());

I always thought permission sets were maintained at the application domain
level and that fully trusted app domain can create new app domains with
arbitrary evidence, so I wanted to create an app domain with evidence that
would intentionally force the CLR to give the new app domain less than full
permission. I am using .NET 1.1. Any help would be very much appreciated.

-jas
 
 
 

evidence of a new domain

Post by Nicole Cal » Fri, 28 Oct 2005 21:46:15

Are you sure that you're invoking the method that displays the evidence
within the new appdomain rather than in the original appdomain? If you
unwrap the HelloWorld instance into the original appdomain before calling
the method, the method will end up executing in that appdomain.

 
 
 

evidence of a new domain

Post by SmFz » Sat, 29 Oct 2005 10:46:02

icole,

Thanks for replying Nicole.

This is how I create a new app domain, load HelloWorld.dll, create an
instance of HelloWorld and call the DisplayEvidence2() method:
Evidence myNewEvidence = new Evidence();
myNewEvidence.AddHost(new Url(@"file://c:/temp"));
myNewEvidence.AddHost(new Zone(SecurityZone.Trusted));

AppDomain myNewAppDomain = AppDomain.CreateDomain("new domain",myNewEvidence);

Assembly myNewAssembly3 =
myNewAppDomain.Load(AssemblyName.GetAssemblyName(@"c:\temp2\HelloWorld.dll").ToString());

Type typeHelloWorld = myNewAssembly3.GetType("Hello.HelloWorld");

BindingFlags flags = (BindingFlags.NonPublic | BindingFlags.Public |
BindingFlags.Static | BindingFlags.Instance | BindingFlags.DeclaredOnly);

MethodInfo [] miMethods = typeHelloWorld.GetMethods();
Object objHelloWorld = Activator.CreateInstance(typeHelloWorld);

for (int i =0 ; i < miMethods.Length ; i++)
{
if(miMethods[i].Name == "DisplayEvidence2")
{
miMethods[i].Invoke(objHelloWorld, new Object[0] );
}

}

Is the DisplayEvidence2 method in the original application domain? I mean
for it to get called in the new application domain.

-jas

"Nicole Calinoiu" wrote:

 
 
 

evidence of a new domain

Post by Nicole Cal » Sat, 29 Oct 2005 21:33:03

nline...

"Jas" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...

Unless you have elevated the CAS permissions grant for the trusted zone,
your evidence-reading code won't work in that zone. You'll need to use the
MyComputer zone or add some other evidence that would allow the necessary
permissions to be granted.



First big problem is right here. The instance is getting created in the
original appdomain because that's where the type is defined.



Second big problem is here. The method is being invoked in the original
appdomain because that's where the methodinfo is defined.


Yup.



You'll need to do two big things differently to get this to work. First,
you'll need to ensure that the HelloWorld object gets created in the new
appdomain. You'll then need to call the method against that remote
instance of the object, not against a local wrapper instance in the original
appdomain. Here's a version that should work:

Evidence myNewEvidence = new Evidence();
myNewEvidence.AddHost(new Url(@"file://c:/temp"));
myNewEvidence.AddHost(new Zone(SecurityZone.MyComputer));

AppDomain myNewAppDomain = AppDomain.CreateDomain("new domain",
myNewEvidence);
try
{
// The HelloWorld instance will be created in the new appdomain even
though the reference is
// held in the original appdomain:
Hello.HelloWorld helloWorldInstance =
(Hello.HelloWorld)myNewAppDomain.CreateInstanceFromAndUnwrap(@"C:\temp2\HelloWorld.dll",
"Hello.HelloWorld");

// This will execute in the original appdomain:
helloWorldInstance.DisplayEvidence2();

// This will execute in the new appdomain:
myNewAppDomain.DoCallBack(new
CrossAppDomainDelegate(helloWorldInstance.DisplayEvidence2));
}
finally
{
AppDomain.Unload(myNewAppDomain);
}