Partial trust apps

Sep 24, 2007 at 2:52 PM
When developping some xbap apps I noticed that the wpf contrib lib wont run under partial trust even though it has the correct assembly level attributes set. This is probably because there are some imported functions used that require higher trust levels. Yet most classes can be used in partial trust. I think it would be a shame not to allow this. I therefor propose to split up the library into 2 assemblies: one for classes that require full trust, another that doesn't.
Sep 24, 2007 at 3:50 PM
I'll look into it, there might be some security attributes missing.

It's not required to split the library. All of WPF's assemblies are marked with AllowPartiallyTrustedCallers, yet they have some functionality requiring Full Trust.
Sep 26, 2007 at 2:03 PM
Makes sence. In the mean time, I have tried something different: I removed all the code, so it was an empty lib but it still gave the same error, so it's not in the code. Although I don't find anything wrong with the attributes at this moment.
Still looking.
Sep 26, 2007 at 2:42 PM
Found it, although I don't know exactly how to fix it.
Apparently, assemblies can't be used in partial trust mode if they have unsafe code. If you deacivate this option in the 'Build' tab on the properties of the lib and remove the code in NativeMethods.GetHIcon, it works fine. And that's where the problem is, NativeMethods.GetHIcon uses a pointer in unsafe mode. So this little peace of code either needs to be replaced with something safe (which I don't know how to do), or we can extract this class in a seperate assembly (UnafeAvalon or something) containing all the unsafe code, and link that into the lib. Normally, this assembly will only be loaded if required (so if partial trust apps don't use anything not allowed, it doesn't get loaded). -> this I know how to do.
Any suggestions?
Sep 30, 2007 at 8:40 AM
Assemblies can have unsafe code and run in partial trust. Again, WPF's own assemblies are a good example. You just need to add a few more attributes declaring the code requires additional permissions to run. I'll add them soon.

This is okay, since the control using this method is NotifyIcon, which would not run in partial trust anyway.
Oct 2, 2007 at 11:33 AM
I found how to get it working with the unsafe code. The assembly needs to be placed in the GAC. No extra attributes or seperate assemblies needed. I will update the installer so that the assembly is registered in the GAC.
Oct 2, 2007 at 3:04 PM
Installing an assembly to the GAC grants it Full Trust, so no wonder it works! However this scenario is usually irrelevant for partially trusted applications, since you cannot add assemblies to the GAC using ClickOnce (which makes it also true for XBAPs).

So please don't update the installer. As I said, I'll fix the partial trust for the next release...