public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments hostEvidence = applicationEvidence.GetHostEvidence <ActivationArguments>();
if (hostEvidence == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext activationContext = hostEvidence.ActivationContext;
if (activationContext == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ApplicationTrust applicationTrust = applicationEvidence.GetHostEvidence <ApplicationTrust>();
if ((applicationTrust != null) && !CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = null;
}
if (applicationTrust == null)
{
if ((AppDomain.CurrentDomain.ApplicationTrust != null) && CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
applicationTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(activationContext, context);
}
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
if (((applicationTrust != null) && applicationTrust.IsApplicationTrustedToRun) && !info.DefaultRequestSet.IsSubsetOf(applicationTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return(applicationTrust);
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
Contract.EndContractBlock();
// This method looks for a trust decision for the ActivationContext in three locations, in order
// of preference:
//
// 1. Supplied by the host in the AppDomainSetup. If the host supplied a decision this way, it
// will be in the applicationEvidence.
// 2. Reuse the ApplicationTrust from the current AppDomain
// 3. Ask the TrustManager for a trust decision
// get the activation context from the application evidence.
// The default HostSecurityManager does not examine the activatorEvidence
// but other security managers could use it to figure out the
// evidence of the domain attempting to activate the application.
ActivationArguments activationArgs = applicationEvidence.GetHostEvidence <ActivationArguments>();
if (activationArgs == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext actCtx = activationArgs.ActivationContext;
if (actCtx == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
// Make sure that any ApplicationTrust we find applies to the ActivationContext we're
// creating the new AppDomain for.
ApplicationTrust appTrust = applicationEvidence.GetHostEvidence <ApplicationTrust>();
if (appTrust != null &&
!CmsUtils.CompareIdentities(appTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = null;
}
// If there was not a trust decision supplied in the Evidence, we can reuse the existing trust
// decision from this domain if its identity matches the ActivationContext of the new domain.
// Otherwise consult the TrustManager for a trust decision
if (appTrust == null)
{
if (AppDomain.CurrentDomain.ApplicationTrust != null &&
CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
appTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(actCtx, context);
}
}
// If the trust decision allows the application to run, then it should also have a permission set
// which is at least the permission set the application requested.
ApplicationSecurityInfo appRequest = new ApplicationSecurityInfo(actCtx);
if (appTrust != null &&
appTrust.IsApplicationTrustedToRun &&
!appRequest.DefaultRequestSet.IsSubsetOf(appTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return(appTrust);
}