DisableSecurity

Jul 2, 2010 at 7:29 AM
Edited Jul 2, 2010 at 12:01 PM

I have a class :

public class ClassTest
{

int _Val;

public ClassTest()
{
}

public object Val
{

get
{
return _Val;
}

set
{
_Val = Convert.ToInt32(value);
}

}

public void SetVal(object Val)
{
_Val = Convert.ToInt32(Val);
}

}


I add an instance of this class to Jint :
ClassTest _classTest = new ClassTest();
jintEngine.SetParameter("_classTest", _classTest);

And I can change the property Val when I run this script :
jintEngine.Run(@"_classTest.Val=7;");

But, if I want this script to work :
jintEngine.Run(@"_classTest.SetVal(7);");
I have to call DisableSecurity on the JintEngine before running this script
otherwise the SetVal method is not called and a "Request Failed" exception is thrown.

As I understand, the call to DisableSecutity is an opening door to security issues so...
... is there a way to make this code work by setting a specific permission with AddPermission ?
And, if it is possible, can you tell me which permission should I add ?

Coordinator
Jul 2, 2010 at 7:51 AM

Hi,

 

If you do not have a SecurityException, then this is not the DisableSecurity method that will help you. Can you give me the whole exception message ?

Jul 2, 2010 at 8:03 AM
Edited Jul 2, 2010 at 11:43 AM

Hi,

I have a SecurityException and the message of the exception is "Request Failed"

I had a look where it is thrown : it is in the method " void Visit(MethodCall methodCall)" in ExecutionVisitor.cs

If I comment the line "PermissionSet.PermitOnly();", just before the call to "methodInfo.Invoke(callTarget.Value, clrParameters);", I don't have an exception.

Or when I call DisableSecurity just before calling the script, I don't have an exception.

( I work in Visual Studio 2010, .Net 4, Windows7 64 bits )

May 20, 2011 at 2:09 PM

Hi,

I resume this topic hoping to be usefull to those who get into this problem.

I got into the same problem, and after some time surfing around documentations and blogs i found out the real problem.

Security in .Net 4 is a little different than in previous ones, and prevent any transparent code to be called into critical one.

I solved the problem by putting AllowPartiallyTrustedCallers attribute to the assembly of my custom class.

If your object do something particular (as mine do.. such as searching through directories) you still need to add permissions to jint.

Coordinator
Jun 24, 2011 at 4:36 AM

Thanks for the heads up.