<div>(I think) I can repro this with the following code:</div>
<div> </div>
<div>static void Main() { </div>
<div> AppDomainSetup info = new AppDomainSetup();<br> info.ApplicationBase = System.Environment.CurrentDirectory;<br> info.ApplicationName = "Test";</div>
<div> Evidence evidence = new Evidence();<br> evidence.AddHost(new Zone(SecurityZone.Internet));</div>
<div> AppDomain newDomain = AppDomain.CreateDomain("test", evidence, info);</div>
<div> ScriptRuntime runtime = ScriptRuntime.Create(newDomain);<br> }</div>
<div><br>System.MethodAccessException was unhandled<br> Message="RemoteRuntimeFactory..ctor(Microsoft.Scripting.Hosting.ScriptRuntimeSetup)"<br> Source="mscorlib"<br> StackTrace:<br> at System.Reflection.MethodBase.PerformSecurityCheck(Object obj, RuntimeMethodHandle method, IntPtr parent, UInt32 invocationFlags)<br>
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)<br> at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)<br>
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)<br> at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo, StackCrawlMark& stackMark)<br>
at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo)<br>
at System.AppDomain.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityAttributes)<br>
at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityAttributes)<br>
at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityAttributes)<br>
at Microsoft.Scripting.Hosting.ScriptRuntime.RemoteRuntimeFactory.CreateRuntime(AppDomain domain, ScriptRuntimeSetup setup)<br> at Microsoft.Scripting.Hosting.ScriptRuntime.CreateInternal(AppDomain domain, ScriptRuntimeSetup setup)<br>
at Microsoft.Scripting.Hosting.ScriptRuntime.Create(AppDomain domain)<br> at ConsoleApplication7.Program.Main() in C:\Users\CurtH\Documents\Visual Studio 2008\Projects\ConsoleApplication1\ConsoleApplication7\Program.cs:line 27<br>
at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)<br> at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)<br> at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()<br>
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)<br> at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)<br> at System.Threading.ThreadHelper.ThreadStart()<br>
InnerException: <br><br> </div>
<div class="gmail_quote">On Tue, Apr 1, 2008 at 1:33 PM, Dino Viehland <<a href="mailto:dinov@exchange.microsoft.com">dinov@exchange.microsoft.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div lang="EN-US" vlink="purple" link="blue">
<div>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d">Can you give us the full stack trace of the exception that gets thrown and also what version of the CLR are you running against?</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d">It may be the case that partial trust will require the latest and greatest patch of .NET as there have been some changes to enable reflection / reflection emit to work better in partial trust. But it could also be a DLR or IronPython bug when running in partial trust on the desktop CLR.</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<div>
<div style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<p><b><span style="FONT-SIZE: 10pt">From:</span></b><span style="FONT-SIZE: 10pt"> <a href="mailto:users-bounces@lists.ironpython.com" target="_blank">users-bounces@lists.ironpython.com</a> [mailto:<a href="mailto:users-bounces@lists.ironpython.com" target="_blank">users-bounces@lists.ironpython.com</a>] <b>On Behalf Of </b>Sho List<br>
<b>Sent:</b> Tuesday, April 01, 2008 12:43 PM<br><b>To:</b> <a href="mailto:users@lists.ironpython.com" target="_blank">users@lists.ironpython.com</a><br><b>Subject:</b> [IronPython] Restricting IronPython/DLR in a Sandbox?</span></p>
</div></div>
<p> </p>
<p style="MARGIN-BOTTOM: 12pt"><span style="FONT-SIZE: 10pt">Hello IronPythoners,<br> <br>I am using the IronPython 2 Beta 1 on .Net 2.0.<br> <br>My goal is to create a restricted sandbox for scripts to run in using the DLR. I have searched high and low and have not found a solution utilizing the latest python beta release and DLR. It would seem this is something that should be straightforward to accomplish as the DLR's ScriptRuntime.Create takes an AppDomain as an overload. And indeed, my Python engine and runtime are loaded in the remote AppDomain, however I can only get it to work when the AppDomain has FullTrust permissions. Anything lower (say Intranet Zone and the like) and it throws a Method Access Exceptions on the ScriptRuntime.Create method.<br>
<br>I have tried creating the AppDomain like so:<br>AppDomain.CreateDomain(name, defaultEvidence, appDomainSetup, defaultPermissions, TrustedAssemblies.ToArray)<br> <br>Where:<br>name is the name<br>defaultEvidence is the evidence for the restricted zone<br>
appDomainSetup sets the BaseDirectory<br>defaultPermissions is the permission set of the restricted zone<br>TrustedAssemblies is a list containing references to "Microsoft.Scripting", "IronPython", "IronPython.Modules"<br>
<br>Using any zone other than MyComputer results in the exception. I am not stuck on getting a permission set from a predefined zone, I have tried creating permissions sets other ways with the same result. Using zones seems easier for illustration.<br>
<br>I need IronPython scripts to be run in a fairly constrained environment. No file IO, no loading assemblies. Basically, just the ability for the user to interact with the Hosting apps object model with some basic .Net library functions like String etc.<br>
<br>Thanks!</span></p>
<div style="TEXT-ALIGN: center" align="center"><span style="FONT-SIZE: 10pt">
<hr align="center" width="100%" size="2">
</span></div>
<p><span style="FONT-SIZE: 10pt">Pack up or back up–use SkyDrive to transfer files or keep extra copies. <a>Learn how.</a></span></p></div></div><br>_______________________________________________<br>Users mailing list<br>
<a href="mailto:Users@lists.ironpython.com">Users@lists.ironpython.com</a><br><a href="http://lists.ironpython.com/listinfo.cgi/users-ironpython.com" target="_blank">http://lists.ironpython.com/listinfo.cgi/users-ironpython.com</a><br>
<br></blockquote></div><br>