Export (0) Print
Expand All

Sharing a Library with Partially Trusted Code

Note Note

This topic addresses the use of strong-named assemblies. The following information applies only to Level 1 assemblies or assemblies that use legacy security policy. Security-transparent code, level 2 assemblies in the .NET Framework 4 or later are not affected by strong names. For more information about changes to the security system, see Security Changes in the .NET Framework. Several steps must be completed before shared libraries can be called by partially trusted code. For an overview of this issue, see Using Libraries from Partially Trusted Code. You can enable partially trusted access to your libraries by completing the three tasks described in the following sections.

Before your library can be shared through the global assembly cache or used as a downloaded component, you must create a strong name. Complete the following tasks described in Creating and Using Strong-Named Assemblies to assign a strong name to your library:

  1. Create a key pair.

  2. Use the Assembly Linker (Al.exe) or an assembly attribute to apply the key pair to your library.

To disable the implicit LinkDemand that blocks partially trusted code from calling shared libraries, apply the AllowPartiallyTrustedCallersAttribute at the assembly level of your code.

The following code example demonstrates how to apply the AllowPartiallyTrustedCallersAttribute attribute to a shared library.

[assembly:AllowPartiallyTrustedCallersAttribute()] 

When this attribute is present, all other security checks in your code still work as before, including any class-level or method-level declarative security attributes that are present. This attribute blocks only the implicit LinkDemand enforcement.

NoteNote

In the .NET Framework 4, a new property has been added to the AllowPartiallyTrustedCallersAttribute class that allows the attribute to be conditionally activated. For more information, see the PartialTrustVisibilityLevel property.

After the previous tasks are completed, you can share the library by placing it in the global assembly cache. For more information, see Installing an Assembly into the Global Assembly Cache.

Note Note

If you want to prevent partially trusted callers from calling select classes or members in your library, you can place demands on those classes or members. For more information, see Requiring Full Trust for Types Within an APTCA Assembly.

Show:
© 2014 Microsoft