Note: As of 19/09/2023, due to organizational changes in Winvision, this repository & extension are no longer updated or supported. Enables your project to utilize functionality provided by other (Microsoft) libraries that normally are not available in a Partial Trust environment like the Microsoft Dynamics CRM sandbox process.
Build status
Sandboxing is the practice of running code in a restricted security environment, which limits the access permissions granted to the code. For example, if you have a managed library from a source you do not completely trust, you should not run it as fully trusted. Instead, you should place the code in a sandbox that limits its permissions to those that you expect it to need.
You can read more on this in the article How to: Run Partially Trusted Code in a Sandbox If you encounter a .NET sandbox today chances are it's running with Security-Transparent Code, Level 2
- Microsoft Dynamics CRM (Online) Plug-ins and custom workflow activities (Plug-in Trusts)
As developers we use a lot of library code like NuGet packages because we don't want to reinvent the wheel. The downside is that most of these libraries are not written with a Partial Trust environment in mind.
When we embed these libraries to our code in the sandbox we encounter 2 common issues
- The code contains security critical code and will fail to load with a
TypeLoadExceptionor will throw anSecurityExceptionat runtime - The package references another package that contains security critical code and even though the code might not even be used it will trigger one of the exceptions mentioned above
-
Calling native code
[DllImport("advapi32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] internal static extern bool CryptDestroyHash(IntPtr hashHandle);
-
Override
SecurityCriticalproperties of an object likeExceptionpublic override void GetObjectData(SerializationInfo info, StreamingContext context) { ... }
Where
Exceptionhas the following attributes on this method[System.Security.SecurityCritical] public virtual void GetObjectData(SerializationInfo info, StreamingContext context) { ... }
-
Serialize non-public classes, fields or properties
[JsonProperty(DefaultValueHandling = DefaultValueHandling.Ignore, NullValueHandling = NullValueHandling.Ignore, PropertyName = PropertyNotBefore, Required = Required.Default)] private long? _notBeforeUnixTime { get; set; }
When we encounter a NuGet package that fails to load or execute in the sandbox and it's source is available we make a Sandboxable copy of it.
This is done by eliminating the offending code in a way that is the least obtrusive and publish this version to NuGet.
The base rules are:
- Keep the code changes as small as possible
- Prefix all namespaces with Sandboxable
- Eliminate offending NuGet dependencies
- If a new dependency is needed it will on a sandbox friendly NuGet package
These packages need modification
A checked box means there is a Sandboxable alternative available in this project
- Hyak.Common
- Removed dependencies on Microsoft.Bcl, Microsoft.Bcl.Async, Microsoft.Bcl.Build and Microsoft.Net.Http
- Windows.Azure.Common
- Changed dependency from Hyak.Common to Sandboxable.Hyak.Common
- Removed dependency on Microsoft.WindowsAzure.Common.Dependencies
- Microsoft.Azure.KeyVault
- Changed dependency from Windows.Azure.Common to Sandboxable.Windows.Azure.Common
- Changed serialized private fields to public
- Microsoft.Azure.Management.KeyVault
- Changed dependency from Windows.Azure.Common to Sandboxable.Windows.Azure.Common
- Microsoft.IdentityModel.Clients.ActiveDirectory
- Changed certificate management to BouncyCastle.Crypto.dll, slightly changing the public API
- Microsoft.WindowsAzure.Storage
- Removed using native MD5 methods
In our experience these packages don't need to be modified to be used in a sandbox
- BouncyCastle.Crypto.dll
- Microsoft.Azure.KeyVault.Core
- Microsoft.Data.Edm
- Microsoft.Data.OData
- Microsoft.Data.Services.Client
- Newtonsoft.Json
- System.Spatial