Reading a File from Partial Trust

When authoring an application to run with partial trust, one of the problems many people hit is the inability to open an arbitrary file for reading.  Generally partial trust code just won’t have the FileIOPermission necessary to do this.  Obviously preventing partial trust applications from reading files of their choice is necessary, since I don’t want arbitrary code to be able to open up and read my Microsoft Money file, or my Outlook PST archives.

However, the risk of a rogue application opening a file I don’t want them to have access to goes away if I have to approve the file before hand.  In fact, the WinForms OpenFileDialog class allows just this.  After prompting the user to select a file with the OpenFileDialog, you can access a read only stream of its contents by using the OpenFile method.  This will bypass the need to have FileIOPermission which would be required to access the FileName property and open the file by hand.

You can see a sample of this technique on Ivan Medvedev’s Mangler and MDExplorer page, where he disassembles a managed file of your choice, using code running in the Internet zone, without requiring a change to the CLR security policy.

Update 3:06 pm: fixed a typo.

Comments (2)

  1. Chango V. says:

    Wow, this feature definitely boosts my respect for the WinForms API. Nifty. Thanks for the hint.

  2. Brant says:

    Can you explain why it is not possible to get the name of the file with a Partial trust mode?