c# – .NET DLR和SecurityException

我们在沙盒脚本环境中启用了DLR.但是有些代码如下……

dynamic foo = someobject
foo.FooBar();

…只是导致一个相当模糊和“未完成”的异常被抛出,如下所示：

System.Security.SecurityException: Request failed.
   at CallSite.Target(Closure,CallSite,Object )
   at System.Dynamic.UpdateDelegates.UpdateAndExecuteVoid1[T0](CallSite site,T0 arg0)
   at AcmeCorp.AcmeRocket.Workflow.Scripting.Assemblies.WorkflowScriptImplementation.Test()
   at AcmeCorp.AcmeRocket.Workflow.Scripting.Assemblies.WorkflowScriptImplementation.__action_activity_4397110c5d7141a6802a070d3b942b77()
   --- End of inner exception stack trace ---
   at AcmeCorp.AcmeRocket.Workflow.Scripting.WorkflowScriptProxy.Invoke(String method_name)
   at AcmeCorp.AcmeRocket.Workflow.Execution.Executors.ActionActivityExecutor.Execute(WorkflowInstance wi,ActionActivity activity)
   at AcmeCorp.AcmeRocket.Workflow.Execution.ActivityExecutorBase.Execute(WorkflowInstance wi,Activity activity)
   at AcmeCorp.AcmeRocket.Workflow.Execution.WorkflowExecutor.ExecuteActivity(WorkflowInstance wi,Activity activity)
   at AcmeCorp.AcmeRocket.Workflow.Execution.WorkflowExecutor.Execute(WorkflowInstance wi,Nullable`1 branch_index)

通常SecurityException包含一系列详细信息,准确指定哪些权限导致它失败,但在这种情况下我们没有得到 – 非常烦人.

PS：如果我使用我们的沙箱临时授予PermissionSet(PermissionState.Unrestricted)运行相同的测试,那么问题就会消失.但显然我们真的想把它锁定到DLR所需的非常具体的权限集.

PPS：当前(失败)PermissionSet创建如下：

var ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
ps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess));

谢谢.