I have a problem figuring out the permission set to get Directory.GetFiles() to work in an assembly used by SQL Server reporting services.
Basically, I use this assembly to perform two things:
Reading images works using a custom permission set:
<PermissionSet class="NamedPermissionSet"
version="1"
Name="MyCustomImagePermissionSet"
<IPermission class="FileIOPermission"
version="1"
Read="\\MyServer\MyFolder"/>
<IPermission class="SecurityPermission"
version="1"
Flags="Assertion, Execution"/>
</PermissionSet>
and referencing this permission set in a custom code group:
<CodeGroup class="UnionCodeGroup"
version="1"
PermissionSetName="MyCustomImagePermissionSet"
Name="MyImageCodeGroup"
<IMembershipCondition class="UrlMembershipCondition"
version="1"
Url="C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\MyProject\MyProject.Reports.Code.dll"
/>
</CodeGroup>
(Snippets taken from RSPreviewPolicy.config)
In my code, I use an assertion before opening a FileStream:
private Image LoadOriginalImageByPath(string path)
{
new FileIOPermission(FileIOPermissionAccess.Read, path).Assert();
Image originalImage;
using (var imageStream = new FileStream(path, FileMode.Open, FileAccess.Read))
{
originalImage = Image.FromStream(imageStream);
}
return originalImage;
}
Enumerating all the files in a subdirectory on the file server always results in a SecurityException:
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) at System.Security.CodeAccessPermission.Demand() at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption) at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption) at System.IO.Directory.GetFiles(String path, String searchPattern) at MyProject.Reports.Code.ImageTools.GetImagesFullPaths(String searchDirectory, Int32 registerNr) The action that failed was: Demand The type of the first permission that failed was: System.Security.Permissions.FileIOPermission The Zone of the assembly that failed was: MyComputer
Here's the code:
public static IEnumerable<string> GetImagesFullPaths(string searchDirectory, int registerNr)
{
var pattern = string.Format("M{0:00000}?.jpg", registerNr);
new FileIOPermission(FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read, searchDirectory).Assert();
return Directory.GetFiles(searchDirectory, pattern);
}
The only way I found to get around the problem is to use FullTrust for the custom assembly. But obviously, that makes the admin uneasy.
What am I missing to get the Directory.GetFiles() work without using the FullTrust permission set?
Thanks to the accepted answer, the solution is adding the PathDiscovery attribute to the permission element resulting in
<PermissionSet class="NamedPermissionSet"
version="1"
Name="MyCustomImagePermissionSet"
<IPermission class="FileIOPermission"
version="1"
Read="\\MyServer\MyFolder"/>
PathDiscovery="\\MyServer\MyFolder"/>
<IPermission class="SecurityPermission"
version="1"
Flags="Assertion, Execution"/>
</PermissionSet>
Thx!
Enumerating files requires FileIOPermissionAccess.PathDiscovery on the target path. You need to add this to your custom permission set.
BTW, asserting the permission is essentially useless since the assert will not work unless your code already has the permission. (Assertions are only useful if you want your code to execute something that its calling code does not have permissions to do.)