[IronPython] Embedded IronPython 0.9.2, AutoCAD 2005 and Security.
Brian Tyler
bloggingbrian at gmail.com
Mon Oct 3 22:26:37 CEST 2005
I ran into the same problem using our product (LabVIEW) but the fix is
fairly simple - go into AssemblyGen.cs of the IronPython assembly and delete
the last parameter (domain.Evidence) of the two DefineDynamicAssembly()
methods.
The problem comes up when you try to host the IronPython engine inside any
AppDomain other than the DefaultDomain (as I assume you are doing in
AutoCAD, we are doing in LabVIEW and as you would find if you tried
ASP.NET<http://ASP.NET>).
The most common way to create a new AppDomain is with null evidence, because
you typically rely on the assembly evidence to handle CAS (as you were
trying to do with caspol). Even if you do domain.Evidence when creating your
own AppDomain, you still get null - there is something about the
DefaultDomain that we are not inheriting.
If you read the docs on DefineDynamicAssembly(), you'll see that only fully
trusted callers can supply evidence - and somehow we are not...I'm still
trying to figure out what's the special invocation to make it work with the
evidence, but so far I've only found one way - create your own evidence when
creating your AppDomain and add MyComputer as the Zone. I'm not about to
ship that code as it seems to break just about every part of CAS, but it is
a clue...
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20051003/7ebca053/attachment.html>
More information about the Ironpython-users
mailing list