Geek Answers Handbook

Limited Resolution AppDomain Grant Set Error

I have code that dynamically compiles Razor templates into an assembly that I execute using a set of permissions (without access to files, etc.).

This works on our development computers and on our test server (Windows 2008 IIS7 x64.NET 4). But on our production server (Same spec) it gives an error:

"Downloading this assembly will result in a different set of grants from other instances. (Exception from HRESULT: 0x80131401)"

Here is the code: -

public static SandboxContext Create(string pathToUntrusted, List<Assembly> references) { AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ShadowCopyFiles = "true"; var dir = new DirectoryInfo(pathToUntrusted); String tempPath = Path.Combine(Path.GetTempPath(), dir.Name + "_shadow"); adSetup.CachePath = tempPath; // Our sandbox needs access to this assembly. string AccessPath = Path.Combine(System.Web.Hosting.HostingEnvironment.ApplicationPhysicalPath, "bin\\CommonInterfaces.WebPages.dll"); System.IO.File.Copy(AccessPath, Path.Combine(pathToUntrusted, "CommonInterfaces.WebPages.dll"), true); var baseDir = Path.GetFullPath(pathToUntrusted); adSetup.ApplicationBase = baseDir; adSetup.PrivateBinPath = baseDir; adSetup.PartialTrustVisibleAssemblies = new string[] { typeof(System.Web.WebPageTraceListener).Assembly.FullName, typeof(System.Web.Razor.RazorEngineHost).Assembly.FullName}; //Setting the permissions for the AppDomain. We give the permission to execute and to //read/discover the location where the untrusted code is loaded. PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); //We want the sandboxer assembly strong name, so that we can add it to the full trust list. StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>(); Evidence evidence = new Evidence(); //Now we have everything we need to create the AppDomain, so let create it. AppDomain newDomain = AppDomain.CreateDomain("Sandbox", evidence, adSetup, permSet, fullTrustAssembly); ObjectHandle handle = Activator.CreateInstanceFrom( newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName, typeof(Sandboxer).FullName ); //Unwrap the new domain instance into a reference in this domain and use it to execute the //untrusted code. var newDomainInstance = (Sandboxer)handle.Unwrap(); return new SandboxContext(newDomain, newDomainInstance); }

Any ideas why this will be different on the same server? I just installed all the outstanding Windows updates on a broken server and that didn't help.

If I changed PermissionSet to: -

  PermissionSet permSet = new PermissionSet(PermissionState.Unrestricted);

All code works (but presumably with a security issue)

+4
source share
1 answer

This error usually occurs when trying to load an assembly into an existing AppDomain two times with a different set of permissions. The $ 1M question is what assembly is and what is AppDomain.

I do not have a complete answer to this question, but you can study the following things:

  • What isolated assemblies (if any) are uploaded to your main application domain due to sorting?
  • If you have your own server code, does it indicate LoadOptimizationAttribute ?
  • Does your development server and your production server use different isolation levels?
  • Are there any other applications on the production server that use some of your builds?

You can also try to set the remote debug runtime on the server, attach the debugger to the process where your application is located, and check what exactly is loaded there, in which area. You may need SOS debugging extensions for this.

http://msdn.microsoft.com/en-us/library/bb190764.aspx

+1
source

More articles:


All Articles