DLR需要哪些强制性的PermissionSet
项目才能正常运行?
我们已经在沙盒脚本环境中启用了DLR。但是像以下代码这样的一些代码......
dynamic foo = someobject
foo.FooBar();
仅仅这样会导致一个相当模糊和“未完成”的异常被抛出,如下所示:
System.Security.SecurityException: Request failed.
at CallSite.Target(Closure , CallSite , Object )
at System.Dynamic.UpdateDelegates.UpdateAndExecuteVoid1[T0](CallSite site, T0 arg0)
at AcmeCorp.AcmeRocket.Workflow.Scripting.Assemblies.WorkflowScriptImplementation.Test()
at AcmeCorp.AcmeRocket.Workflow.Scripting.Assemblies.WorkflowScriptImplementation.__action_activity_4397110c5d7141a6802a070d3b942b77()
--- End of inner exception stack trace ---
at AcmeCorp.AcmeRocket.Workflow.Scripting.WorkflowScriptProxy.Invoke(String method_name)
at AcmeCorp.AcmeRocket.Workflow.Execution.Executors.ActionActivityExecutor.Execute(WorkflowInstance wi, ActionActivity activity)
at AcmeCorp.AcmeRocket.Workflow.Execution.ActivityExecutorBase.Execute(WorkflowInstance wi, Activity activity)
at AcmeCorp.AcmeRocket.Workflow.Execution.WorkflowExecutor.ExecuteActivity(WorkflowInstance wi, Activity activity)
at AcmeCorp.AcmeRocket.Workflow.Execution.WorkflowExecutor.Execute(WorkflowInstance wi, Nullable`1 branch_index)
通常情况下,
SecurityException
会包含大量详细信息,明确说明哪些权限导致了失败,但在这种情况下,我们没有得到那些信息 - 非常恼人。附注:如果我暂时使用
PermissionSet(PermissionState.Unrestricted)
授予沙盒相同的测试,则问题消失。但是,显然我们真正想要锁定的是DLR所需的非常特定的权限集。附注2:当前(失败的)PermissionSet的创建方式如下:
var ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
ps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess));
感谢您的选择。
someobject
来源于此)缺少了 "AllowPartiallyTrustedCallersAttribute" 标记。我很生气自己没有早点检查和反复确认这个问题。 - nbevans