Security transparent code cannot leverage Async Targeting Pack

Security transparent code cannot leverage Async Targeting Pack by Kent Boogaart

Active

Type:	Bug
ID:	777864
Opened:	1/30/2013 3:25:09 AM
Access Restriction:	Public

Workaround(s)

view

User(s) can reproduce this bug

A .NET 4 library that makes use of the Async Targeting Pack (ATP) and also marks itself as security transparent will fail to execute. The CLR throws an exception along the lines of:

System.TypeLoadException was unhandled
Message=Inheritance security rules violated while overriding member: 'ATPTest.Program+<DoWork>d__0.MoveNext()'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.
<snip>

Running code analysis against the library results in warnings such as:

CA2140 Transparent code must not reference security critical items Transparent method 'Class.DoSomethingAsync()' references security critical method 'AsyncTaskMethodBuilder<int>.Start<Class.<DoSomethingAsync>d__0>(ref Class.<DoSomethingAsync>d__0)'. In order for this reference to be allowed under the security transparency rules, either 'Class.DoSomethingAsync()' must become security critical or safe-critical, or 'AsyncTaskMethodBuilder<int>.Start<Class.<DoSomethingAsync>d__0>(ref Class.<DoSomethingAsync>d__0)' become security safe-critical or transparent.

This problem also applies transitively to any application referencing the library. That is, if the library does NOT have SecurityTransparent applied but a host application references the library and itself has SecurityTransparent, the same problem occurs.

Details (expand)

Visual Studio 2012

1. Create a .NET 4 class library that uses the ATP and exposes some an async method.
2. Add an assembly-wide SecurityTransparentAttribute to the library's AssemblyInfo.cs.
3. Create a .NET 4 application that references the library and invokes the async method.
4. Attempt to run the application and an exception is thrown.

This likely affects Silverlight 5 scenarios too, though I haven't verified. Note that the equivalent steps for a .NET 4.5 application (without using the ATP, of course) result in working code.

Also note that the attached repro is in a working state. You need to uncomment one of the security attributes in AssemblyInfo.cs to see the problem.

English

Windows 7 SP1

English

An exception is thrown similar to that in the description.

No exception should be thrown - the application should be able to invoke the async method in the security transparent library without issue.

File Name	Submitted By	Submitted On	File Size
ATPRepro.zip	Kent Boogaart	1/30/2013	5 KB

Hi Kent,

Thank you for your feedback. Unfortunately, the C# and VB compilers are not transparency aware, so auto-generated code for things such as lambdas, iterators and async state machines can wind up with transparency annotations that cause the program to fail to run. This is what's happening in your case.

This is a request that we're aware of, and it is currently something being tracked on our backlog of items along with other feature requests. However, due to the relative usage level of transaprent code the feature tends to be prioritized lower and thus it hasn't yet made a release.

Generally, the workaround for this sort of issue is to use async methods in a fully transparent type, which means that the generated code is also fully transparent and avoids the type load exception. If your async method needs to perform critical operations, it can call out to safe critical helper methods to achieve those.

We'll continue to consider this request in the future, thank you for your feedback.

-Shawn Farkas [MS]