117 lines
5.2 KiB
C#
117 lines
5.2 KiB
C#
|
//------------------------------------------------------------
|
||
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||
|
//------------------------------------------------------------
|
||
|
namespace System.ServiceModel
|
||
|
{
|
||
|
using System.Diagnostics.CodeAnalysis;
|
||
|
using System.Runtime;
|
||
|
using System.Security;
|
||
|
using System.Security.Permissions;
|
||
|
using System.Threading;
|
||
|
using System.Web;
|
||
|
using System.Web.Hosting;
|
||
|
|
||
|
static class AspNetPartialTrustHelpers
|
||
|
{
|
||
|
[Fx.Tag.SecurityNote(Critical = "Caches the PermissionSet associated with the asp.net trust level."
|
||
|
+ "This will not change over the life of the AppDomain.")]
|
||
|
[SecurityCritical]
|
||
|
static SecurityContext aspNetSecurityContext;
|
||
|
|
||
|
[Fx.Tag.SecurityNote(Critical = "If erroneously set to true, could bypass the PermitOnly.")]
|
||
|
[SecurityCritical]
|
||
|
static bool isInitialized;
|
||
|
|
||
|
[Fx.Tag.SecurityNote(Critical = "Critical field used to prevent usage of System.Web types in partial trust outside the ASP.NET context.")]
|
||
|
[SecurityCritical]
|
||
|
private static bool isInPartialTrustOutsideAspNet; // indicates if we are running in partial trust outside the ASP.NET context
|
||
|
|
||
|
[Fx.Tag.SecurityNote(Critical = "Critical field used to prevent usage of System.Web types in partial trust outside the ASP.NET context.")]
|
||
|
[SecurityCritical]
|
||
|
private static bool isInPartialTrustOutsideAspNetInitialized = false;
|
||
|
|
||
|
[Fx.Tag.SecurityNote(Miscellaneous = "RequiresReview - determines if the given PermissionSet is full trust."
|
||
|
+ "We will base subsequent security decisions on this.")]
|
||
|
static bool IsFullTrust(PermissionSet perms)
|
||
|
{
|
||
|
return perms == null || perms.IsUnrestricted();
|
||
|
}
|
||
|
|
||
|
internal static bool NeedPartialTrustInvoke
|
||
|
{
|
||
|
[SuppressMessage(FxCop.Category.Security, "CA2107:ReviewDenyAndPermitOnlyUsage")]
|
||
|
[Fx.Tag.SecurityNote(Critical = "Makes a security sensitive decision, updates aspNetSecurityContext and isInitialized.",
|
||
|
Safe = "Ok to know whether the ASP app is partial trust.")]
|
||
|
[SecuritySafeCritical]
|
||
|
get
|
||
|
{
|
||
|
if (!isInitialized)
|
||
|
{
|
||
|
FailIfInPartialTrustOutsideAspNet();
|
||
|
NamedPermissionSet aspNetPermissionSet = GetHttpRuntimeNamedPermissionSet();
|
||
|
if (!IsFullTrust(aspNetPermissionSet))
|
||
|
{
|
||
|
try
|
||
|
{
|
||
|
aspNetPermissionSet.PermitOnly();
|
||
|
aspNetSecurityContext = System.Runtime.PartialTrustHelpers.CaptureSecurityContextNoIdentityFlow();
|
||
|
}
|
||
|
finally
|
||
|
{
|
||
|
CodeAccessPermission.RevertPermitOnly();
|
||
|
}
|
||
|
}
|
||
|
isInitialized = true;
|
||
|
}
|
||
|
return aspNetSecurityContext != null;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
[SuppressMessage(FxCop.Category.Security, FxCop.Rule.SecureAsserts, Justification = "Users cannot pass arbitrary data to this code.")]
|
||
|
[Fx.Tag.SecurityNote(Critical = "Asserts AspNetHostingPermission.")]
|
||
|
[SecurityCritical]
|
||
|
[AspNetHostingPermission(SecurityAction.Assert, Level = AspNetHostingPermissionLevel.Unrestricted)]
|
||
|
static NamedPermissionSet GetHttpRuntimeNamedPermissionSet()
|
||
|
{
|
||
|
return HttpRuntime.GetNamedPermissionSet();
|
||
|
}
|
||
|
|
||
|
[Fx.Tag.SecurityNote(Critical = "Touches aspNetSecurityContext.",
|
||
|
Safe = "Ok to invoke the user's delegate under the PT context.")]
|
||
|
[SecuritySafeCritical]
|
||
|
internal static void PartialTrustInvoke(ContextCallback callback, object state)
|
||
|
{
|
||
|
if (NeedPartialTrustInvoke)
|
||
|
{
|
||
|
SecurityContext.Run(aspNetSecurityContext.CreateCopy(), callback, state);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
callback(state);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/// <summary>
|
||
|
/// Used to guard usage of System.Web types in partial trust outside the ASP.NET context (because they are not secure),
|
||
|
/// in which case we shutdown the process.
|
||
|
/// </summary>
|
||
|
[Fx.Tag.SecurityNote(Critical = "Critical because it uses security critical fields.",
|
||
|
Safe = "Safe because it doesn't take user input and it doesn't leak security sensitive information.")]
|
||
|
[SecuritySafeCritical]
|
||
|
internal static void FailIfInPartialTrustOutsideAspNet()
|
||
|
{
|
||
|
if (!isInPartialTrustOutsideAspNetInitialized)
|
||
|
{
|
||
|
// The HostingEnvironment.IsHosted property is safe to be called in partial trust outside the ASP.NET context.
|
||
|
isInPartialTrustOutsideAspNet = !(PartialTrustHelpers.AppDomainFullyTrusted || HostingEnvironment.IsHosted);
|
||
|
isInPartialTrustOutsideAspNetInitialized = true;
|
||
|
}
|
||
|
|
||
|
if (isInPartialTrustOutsideAspNet)
|
||
|
{
|
||
|
throw FxTrace.Exception.AsError(new SecurityException(Activation.SR.CannotRunInPartialTrustOutsideAspNet));
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|