#94 AllowPartiallyTrustedCallersAttribute inappropriate

v1.0_(example)
open
nobody
None
1
2014-08-14
2013-11-30
Zijian
No

Assembly DDay.iCal v1.0.2 BC2 is decorated by AllowPartiallyTrustedCallers, however, the assembly is not strong named. And when being used in .NET 4, there could be exception:

System.TypeLoadException: Inheritance security rules violated while overriding member: 'DDay.iCal.CalendarObject.add_GroupChanged(System.EventHandler1<DDay.Collections.ObjectEventArgs2<System.String,System.String>>)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.

According to MSDN,

The .NET Framework 4 introduces new security rules that affect the behavior of the AllowPartiallyTrustedCallersAttribute attribute (see Security-Transparent Code, Level 2). In the .NET Framework 4, all code defaults to security-transparent, that is, partially trusted. However, you can annotate individual types and members to assign them other transparency attributes. For this and other security changes, see Security Changes in the .NET Framework.

.NET Framework version 2.0 ( level 1 transparent) assemblies must be strong-named to effectively use the AllowPartiallyTrustedCallersAttribute (APTCA) attribute. .NET Framework 4 ( level 2) assemblies do not have to be strong-named for the APTCA attribute to be effective, and they can contain transparent, security-critical and security-safe-critical code. For more information about applying attributes at the assembly level, see Applying Attributes.

By default, if a strong-named, level 1 transparent assembly does not explicitly apply this attribute at the assembly level, it can be called only by other assemblies that are granted full trust. This restriction is enforced by placing a LinkDemand for FullTrust on every public or protected method on every publicly accessible class in the assembly. Assemblies that are intended to be called by partially trusted code can declare their intent through the use of AllowPartiallyTrustedCallersAttribute.

In short, current DDay.iCal v1.0.2 BC2 is built with .NET Framework 3.5 without strong name, thus AllowPartiallyTrustedCallersAttribute is inappropriate.

Possible solution:
1. Introduce strong name.
2. In the future of in a fork when building with .NET 4, remove AllowPartiallyTrustedCallersAttribute .

Discussion