I have to move some old .NET 2
code to the .NET 4
project. It has the next line:
`return Assembly.LoadFrom(filePath, Assembly.GetExecutingAssembly().Evidence);`
As it said in Microsoft's (MSDN):
Note: This API is now obsolete. The non-obsolete alternative is Loa开发者_运维知识库dFrom(String).
I'm not familiar with the Evidence
class. What is the risk of just removing the Evidence
parameter from the call? What is the real case when the Evidence
parameter is necessary?
Thanks in advance for the help
The evidence argument was used to provide data that the Code Access Security (CAS) policy mechanism could use when deciding which CAS permissions to grant to the assembly being loaded. However, in .NET 4.0, the "naked" CLR no longer uses CAS policy ( http://blogs.msdn.com/b/shawnfa/archive/2010/02/24/so-is-cas-dead-in-net-4-or-what.aspx, http://blogs.msdn.com/b/shawnfa/archive/2009/06/12/clr-v4-security-policy-roundup.aspx), so the used of evidence in API has been deprecated. There are usually only two reasons why one might have provided evidence in a LoadFrom call in code targeting an earlier .NET version:
- To allow the assembly to run with more permissions than it might have otherwise been granted, or
- To restrict the permissions of the assembly, removing permissions that would otherwise have been granted under the default evidence for the assembly.
For #1, you probably have nothing to do in .NET 4.0 since all code will run with unrestricted CAS permissions (aka "full trust") by default. For #2, the recommended approach is to use a sandboxed appdomain.
精彩评论