This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!
PInvoke Security
Code compiled for the NGWS runtime uses Code Access Security. So, the runtime environment checks the code to see it has the requisite permissions before it tries to access a resource or perform other sensitive tasks. However, this level of checking is not available with unmanaged code at runtime. Hence, any PInvoke calls to unmanaged code must be checked for security implications and care must be taken to ensure that no security holes are introduced. The Execution Engine introduces the following constraints:
- The calling NGWS class must be fully trusted. This means that the class must be signed with “Full Trust” access and that the administration policies have allowed to code to run on the system with full trust. This level of security is essential since the unmanaged code runs with no runtime checks
- Any code calling a class that makes PInvoke calls must be fully trusted. Since the Execution Engine walks up the stack to ensure that all code in the call chain has the right level of trust, all NGWS runtime code that is on a chain that ultimately makes an PInvoke call must also be fully trusted