1

I want to create an AppDomain and run an external WPF application through it. The main reason is security, as I would like to control what the external WPF app can do. Specifically, I want to disallow any usage of unmanaged code.

I've run the following code:

PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, PATH));
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set.AddPermission(new UIPermission(PermissionState.Unrestricted));
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));

Evidence ev = new Evidence();
AppDomain domain = AppDomain.CreateDomain("Test", ev, new AppDomainSetup() { ApplicationBase = PATH }, set);
domain.ExecuteAssembly(PATH);

and it works great.

When I remove the last line in the permission set (i.e., allowing the unmanaged code to run) it stops working.

How can I disallow the new app domain to run unmanaged code, but still have the WPF app run? (Btw, the WPF app is just a File->New WPF Application, so it doesn't use any unmanaged code).

Thanks!

4

1 回答 1

1

不幸的是,您需要 UnmagedCode 权限才能实例化 WPF 窗口。在后台,WPF 使用非托管代码来访问 Windows API,以进行消息传递和窗口管理等操作。

来自 MSDN 窗口概述文档http://msdn.microsoft.com/en-us/library/ms748948.aspx

Window 需要 UnmanagedCode 安全权限才能被实例化。对于在本地机器上安装和启动的应用程序,这属于授予应用程序的权限集。

但是,这不属于授予使用 ClickOnce 从 Internet 或本地 Intranet 区域启动的应用程序的权限集。因此,用户将收到 ClickOnce 安全警告,并且需要将应用程序的权限集提升到完全信任。

如果您想限制 WPF 应用程序可以执行的操作,您可能想尝试在不同的用户名下运行它。

于 2012-05-11T13:18:59.093 回答