开发者

Replace Assembly.LoadFrom(String, Evidence) call with Assembly.LoadFrom(String) - .NET 4

开发者 https://www.devze.com 2023-03-23 03:25 出处:网络
I have to move some old .NET 2 code to the .NET 4 project. It has the next line: `return Assembly.LoadFrom(filePath, Assembly.GetExecutingAssembly().Evidence);`

I have to move some old .NET 2 code to the .NET 4 project. It has the next line:

`return Assembly.LoadFrom(filePath, Assembly.GetExecutingAssembly().Evidence);`

As it said in Microsoft's (MSDN):

Note: This API is now obsolete. The non-obsolete alternative is Loa开发者_运维知识库dFrom(String).

I'm not familiar with the Evidence class. What is the risk of just removing the Evidence parameter from the call? What is the real case when the Evidence parameter is necessary?

Thanks in advance for the help


The evidence argument was used to provide data that the Code Access Security (CAS) policy mechanism could use when deciding which CAS permissions to grant to the assembly being loaded. However, in .NET 4.0, the "naked" CLR no longer uses CAS policy ( http://blogs.msdn.com/b/shawnfa/archive/2010/02/24/so-is-cas-dead-in-net-4-or-what.aspx, http://blogs.msdn.com/b/shawnfa/archive/2009/06/12/clr-v4-security-policy-roundup.aspx), so the used of evidence in API has been deprecated. There are usually only two reasons why one might have provided evidence in a LoadFrom call in code targeting an earlier .NET version:

  1. To allow the assembly to run with more permissions than it might have otherwise been granted, or
  2. To restrict the permissions of the assembly, removing permissions that would otherwise have been granted under the default evidence for the assembly.

For #1, you probably have nothing to do in .NET 4.0 since all code will run with unrestricted CAS permissions (aka "full trust") by default. For #2, the recommended approach is to use a sandboxed appdomain.

0

精彩评论

暂无评论...
验证码 换一张
取 消