Search code examples
c#securityadd-inmaf

Security Exception with Microsoft AddIn Framework (MAF) Callback using two AppDomains

I am having a permission problem with my application:

I have a host application which runs in an full trusted app-domain. This host loads an AddIn via MAF framework and activates this Add-In in another App-Domain which has only Internet-Access.

The Host creates an Helper-Object in main App-Domain and passes its references via the MAF-Pipeline to the Add-In (Using HostView and Add-In View Adapters). The Add-In then invokes a method on this Helper-Object which should load a Textfile from file System. When executing this, I am geeting an SecurityException:

An unhandled exception of type 'System.Security.SecurityException' occurred    in mscorlib.dll
Additional information: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

I already debugged the Code a bit and found that in Class FileStream.cs, there is the following Check:

new FileIOPermission(secAccess, control, new String[] { filePath }, false, false).Demand();

The Demand-Method is implemented in CodeAccessPermissions.cs and seems to check the complete call stack if all elements have the permissions to execute this method:

StackCrawlMark stackMark = StackCrawlMark.LookForMyCallersCaller;

When i execute this Method on the Helper Class directly out of the Main Method, then everything works fine.

When I set the permissions of the Add-In to FullTrust then it works fine too.

I have also checked the AppDomain and the AppDomain.CurrentDomain.IsFullyTrusted attribute, which is in all cases true.

So it seems to be the problem that the AddIn is in the Call-Stack, which causes the Permission Problem.

I also tried to execute this in a new Thread to not anymore have the AddIn in the call stack, but that had no effect.

This Problem is for me very important as I do not want to grant the Add-In Full-Permissions, but let the Add-In execute Methods on Host.

Does anyone know a Solution to this Problem?

Solution

  • i found in the meanwhile a solution:

    The so called Stack Walk can be stoped by using the Assert Method on an permission object:

    PermissionSet permSet = new PermissionSet(PermissionState.Unrestricted);

permSet.Assert();

//Do the problematic Stuff

PermissionSet.RevertAssert();

    Using RevertAssert, the StackWalk will not stop anymore here.

    Kind Regards

    Tobi