Private full trust proxy

Einem Kunden von uns wollte nicht, dass ein FullTrustProxy für andere Anwendungen erreichbar ist. Deshalb wird zukünftig der Proxy wie folgt gesichert. Der Text soll in den Development Guidelines des Kunden ergänzt werden und ist deshalb in Englisch verfasst. 

In your projects you don’t want your full trust proxy to be accessible for other solutions. This would be a security issue. To secure your full trust proxy so that it can only be used by your application you have to provision your proxy arguments in a separate (common) assembly and mark the argument type with the internal modifier. To use these arguments in the farm- and sandboxed solutions you have to add the InternalsVisibleToAttribute to the common assembly. The attribute is added to the Properties.cs like this:

[assembly: InternalsVisibleTo("AssemblyName, PublicKey=…")]

You can get the public key by using the tool sn.exe with the option –Tp:

sn.exe –Tp assembly.dll

In your proxy you can then evaluate the arguments by checking their type against you internal type:

var convertedArgs = args as MyArgs;
if (convertedArgs == null)
    throw new SecurityException("This proxy operation can only be called with 'MyArgs'.")

The common assembly must be packaged in the farm and in the sandboxed solution.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s