You can subscribe to this discussion group using an RSS feed reader. RSS Feed
Plugin Developer Discussion

Discussion for FogBugz Plugin developers

Using the pluin ActiveRecord class causes SecurityException

The following occurs when I try to use the ActiveRecord class provided for use with Pluings.

System.FieldAccessException: KanbanBoard.KanbanColumn.ixKanbanColumn ---> System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
  at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
  at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException)
  at System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh)
  at System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh)
  at System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet)
  at System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext)
  at System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.ReflectionPermission
The first permission that failed was:
<IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="RestrictedMemberAccess"/>

The demand was for:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="RestrictedMemberAccess"/>
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Assertion, Execution, ControlEvidence, RemotingConfiguration"/>
<IPermission class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Level="Minimal"/>
<IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
</PermissionSet>

The granted set of the failing assembly was:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Assertion, Execution, ControlEvidence, RemotingConfiguration"/>
<IPermission class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Level="Minimal"/>
<IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
</PermissionSet>

  --- End of inner exception stack trace ---

Server stack trace:
  at System.Reflection.RtFieldInfo.PerformVisibilityCheckOnField(IntPtr field, Object target, IntPtr declaringType, FieldAttributes attr, UInt32 invocationFlags)
  at System.Reflection.RtFieldInfo.InternalSetValue(Object obj, Object value, BindingFlags invokeAttr, Binder binder, CultureInfo culture, Boolean doVisibilityCheck, Boolean doCheckConsistency)
  at System.Reflection.RtFieldInfo.SetValue(Object obj, Object value, BindingFlags invokeAttr, Binder binder, CultureInfo culture)
  at System.Reflection.FieldInfo.SetValue(Object obj, Object value)
  at FogCreek.Plugins.Database.ActiveRecord.set_Ix(Int32 value)
  at FogCreek.Plugins.Database.ActiveRecord..ctor(CPluginApi api)
  at KanbanBoard.KanbanColumn..ctor(CPluginApi api)
  at KanbanBoard.KanbanBoardPlugin.DatabaseUpgradeAfter(Int32 ixVersionFrom, Int32 ixVersionTo, CDatabaseUpgradeApi apiUpgrade)
  at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
  at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
  at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
  at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
  at FogCreek.FogBugz.Plugins.Interfaces.IPluginDatabase.DatabaseUpgradeAfter(Int32 ixVersionFrom, Int32 ixVersionTo, CDatabaseUpgradeApi apiUpgrade)
  at FogCreek.FogBugz.CPlugin.Lambda_UpgradeTables_203.__Run() in c:\Program Files (x86)\FogBugz\src-Website\CPlugin.was:line 120
  at FogCreek.FogBugz.Plugins.CDatabaseUpgradeApi.Enable(Sub fx) in c:\Program Files (x86)\FogBugz\src-Website\CPluginApi.was:line 385
  at FogCreek.FogBugz.CPlugin.UpgradeTables(Plugin instance) in c:\Program Files (x86)\FogBugz\src-Website\CPlugin.was:line 119
Stefan Rusek Send private email
Thursday, April 23, 2009
 
 
It looks like it's trying to access a non-Public field via Reflection (ixKanbanColumn), which is disallowed by our AppDomain permissions (since you could use it to do nefarious things with our objects). 

I know it's not ideal, but try making the class and the field public and see if that fixes it.  If that's actually the problem I'll open a case to catch that case and give a more intelligible error.
David Fullerton Send private email
Thursday, April 23, 2009
 
 
I figured out the problem. The KanbanColumn class (the one extending ActiveRecord) must be public in order for reflection to be used. If you add the following two lines to the ActiveRecord constructor, or to one of the metadata classes, then users will get a much more useful error message.

if (!GetType().IsPublic)
    throw new InvalidProgramException(string.Format("{0} must be a public class to use ActiveRecord", GetType().FullName));
Stefan Rusek Send private email
Thursday, April 23, 2009
 
 
Yep, that's what I was figuring.  I've opened a case.

I see that it's called "Kanban".  Are you making a Kanban Board plugin?
David Fullerton Send private email
Thursday, April 23, 2009
 
 
Indeed, I am. :) It is good be awesome! (Or at least fun to play with.)
Stefan Rusek Send private email
Thursday, April 23, 2009
 
 
Neat!  I'm excited to see some of the plugins you guys are writing.
David Fullerton Send private email
Thursday, April 23, 2009
 
 
This has been fixed
David Fullerton Send private email
Friday, May 15, 2009
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz