APTCA and Sandboxing
In .NET Framework any code which does not have the FullTrust cannot make calls to a strong named assembly.The strong naming of assemblies is again a requirement to register the same in GAC to be shared by multiple applications.Most of the third party libraries we use are strong named.Is there a way out by which an assembly can reside in the GAC and at the same time can be used by partially trusted code?
The answer is YES.For this we have got the AllowPartiallyTrustedCallers (APTCA)attribute.The strong named assemblies that apply this attribute can be invoked by partially trusted code.This however, increases the overall vulnerability of the application.Library publishers as well the client application developers needs to consider the possible threats related to APTCA before using it.When an assembly is marked with the APTCA attribute then the LinkDemand requiring all the callers to be full trusted is disabled.But there can be scenario where I would like some types/methods in the assembly to be accessed by partially trusted callers and some to be accessed only by callers with FullTrust.This can be achieved by
- Applying APTCA to the assembly
- [assembly:AllowPartiallyTrustedCallersAttribute()]
- Apply LinkDemand for FullTrust on particular types/methods
- [PermissionSetAttribute(SecurityAction.LinkDemand, Name="FullTrust")]
Now think of a situation where you have been supplied with a third party assembly which does not have APTCA.You are asked to use it from your ASP.NET Web Application running with medium trust policy (though by default ASP.NET applications have FullTrust).What happens now?I tried to simulate the situation with strong named assembly "DummyThirdPartyLib.dll" without APTCA with a demo method as shown below:
namespace DummyThirdPartyLib
{
public class Test
{
public string HelloWorld()
{
return "Hello World";
}
}
}
I Changed the trust level of the web application to Medium by following setting in Web.config
<trust level="Medium"/>
In the page load I added a call to the assembly:
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Write(new Test().HelloWorld());
}
}
I got the following error:
System.Security.SecurityException: That assembly does not allow partially trusted callers.
As per our understanding of APTCA this is what is expected.So we need a work around to tackle this situation as we cannot request the publishers of third party library to change their code.We can solve this very easily by sandboxing the third party assembly.This is achieved by
- Develop a wrapper assembly around the third party assembly.
- Mark the wrapper assembly with APTCA
- Put the wrapper assembly in GAC so that it has FullTrust
I followed the steps mentioned above.Developed a wrapper assembly with APTCA and placed it in GAC as shown below:
namespace APTCAWrapper {
public class Wrapper {
public string HelloWorld()
{
return new DummyThirdPartyLib.Test().HelloWorld();
}
}
}
Changed the call in Page Load as follows:
protected void Page_Load(object sender, EventArgs e)
{
Response.Write(new APTCAWrapper.Wrapper().HelloWorld());
}
My code executes and displays Hello World.Great!!!.This will be particularly very helpful while working with third party libraries from MOSS which by default runs with Medium Trust.