Hi folks,
I have two classes say Foo and Bar [1] that reside in different
assemblies. Basically, all that Foo does is to call a method in Bar called
DoSomething(), which is protected using the StrongNameIdentityPermission
attribute. The intent here is to validate the caller's identity using
Foo's public key.
If I use SecurityAction.LinkDemand, everything works like a charm if the
immediate caller is Foo (which is the way it should be).
However, if I try to use SecurityAction.Demand the CLR throws an exception
[2]. I would imagine that the CLR performs a stack walk, but I am baffled
as to why this should fail since the only caller on the stack is Foo.
I tried doing an demand for the same permission inside Foo.Main() and no
exception was thrown.
Am I missing something here?
[1]:
public class Foo
{
static public void Main(string[] Args)
{
new Bar().DoSomething();
}
}
public class Bar
{
[StrongNameIdentityPermission
(SecurityAction.Demand,PublicKey="Foo's public key")]
public void DoSomething()
{
System.Console.WriteLine("Bar called");
}
}
[2]:
Unhandled Exception: System.Security.SecurityException: Request for the
permission of type
System.Security.Permissions.StrongNameIdentityPermission, mscorlib, V
ersion=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
at System.Security.CodeAccessSecurityEngine.CheckTokenBasedSetHelper
(Boolean
ignoreGrants, TokenBasedSet grants, TokenBasedSet denied, TokenBasedSet
demands)
at System.Security.CodeAccessSecurityEngine.CheckSetHelper
(PermissionSet grants, PermissionSet denied, PermissionSet demands)
at Bar.DoSomething()
at Foo.Main(String[] Args)
The state of the failed permission was:
<IPermission
class="System.Security.Permissions.StrongNameIdentityPermission, ms
corlib, Version=1.0.3300.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
PublicKeyBlob="Foo's public key"/>
You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced
DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.
