I have a .Net 2.0 activex control that is embedded within an HTML page (in IE7). I use javascript to modify its properties and call methods. All this is fine until I call a method that instantiates a class using Activator.CreateInstance(type). I receive the following message:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: Request failed.
..
..
The action that failed was: InheritanceDemand
The type of the first permission that failed was: System.Security.PermissionSet
The Zone of the assembly that failed was: Intranet
The class I'm trying to instantiate has a parm-less public constructor, and from what I've read, there should be no problem using reflection on types that are public anyway?
I've done a temporary fix by using the Microsoft .NET Framework Configuration utility, to modify the intranet trust to full. See here.
How can I modify the method, class, or the assembly to avoid having to configure the framework?
A few extra points:
Thanks
Update
It turns out it wasn't reflection that was causing the problem, it was a call to TypeDescriptor.GetAttributes which threw a FileIOPermission security exception. I've fixed this with the following code:
Dim temp As New Security.Permissions.FileIOPermission(Security.Permissions.PermissionState.Unrestricted)
temp.Assert()
// Get attributes
System.Security.CodeAccessPermission.RevertAssert()
Now, If I set up a code group assigned to the strong name of my assembly and set the permission set to FullTrust, everything is fine.
However, I can't seem to fine-tune it, it's either FullTrust or an exception is thrown (see below). Even the Everything permission set doesn't work.
Exception:
System.Security.SecurityException: Request failed.
at System.Reflection.CustomAttribute._CreateCaObject(Void* pModule, Void* pCtor, Byte** ppBlob, Byte* pEndBlob, Int32* pcNamedArgs)
at System.Reflection.CustomAttribute.CreateCaObject(Module module, RuntimeMethodHandle ctor, IntPtr& blob, IntPtr blobEnd, Int32& namedArgs)
at System.Reflection.CustomAttribute.GetCustomAttributes(Module decoratedModule, Int32 decoratedMetadataToken, Int32 pcaCount, RuntimeType attributeFilterType, Boolean mustBeInheritable, IList derivedAttributes)
at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeType type, RuntimeType caType, Boolean inherit)
at System.RuntimeType.GetCustomAttributes(Type attributeType, Boolean inherit)
at System.ComponentModel.ReflectTypeDescriptionProvider.ReflectGetAttributes(Type type)
at System.ComponentModel.ReflectTypeDescriptionProvider.ReflectedTypeData.GetAttributes()
at System.ComponentModel.TypeDescriptor.TypeDescriptionNode.DefaultTypeDescriptor.System.ComponentModel.ICustomTypeDescriptor.GetAttributes()
at System.ComponentModel.TypeDescriptor.GetAttributes(Object component, Boolean noCustomTypeDesc)
at System.ComponentModel.TypeDescriptor.GetAttributes(Object component)
... GetAttributes
...
The action that failed was: InheritanceDemand
The type of the first permission that failed was: System.Security.PermissionSet
The Zone of the assembly that failed was: Intranet
The class I'm trying to instantiate has a parm-less public constructor, and from what I've read, there should be no problem using reflection on types that are public anyway?
You shouldn't have a problem with invoking the constructor via reflection if both the class and the constructor are public. However, a public constructor on a non-public class would still pose a problem.
That said, given that it is an inheritance demand that failed, it sounds like the actual problem might lie elsewhere. What happens if you attempt to create a new instance of the class from your control code without using reflection?