| title | description | author | ms.author | ms.date | ms.service | ms.subservice | ms.topic | helpviewer_keywords | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Common Language Runtime (CLR) Host Protection Attributes |
The CLR provides a mechanism to annotate managed APIs in the .NET Framework with attributes such as SharedState, Synchronization, and ExternalProcessMgmt. |
rwestMSFT |
randolphwest |
12/27/2024 |
sql |
clr |
reference |
|
[!INCLUDE SQL Server]
The common language runtime (CLR) provides a mechanism to annotate managed application programming interfaces (APIs) that are part of the [!INCLUDE dnprdnshort-md]. These attributes might be of interest to a host of the CLR, such as [!INCLUDE ssNoVersion]. Examples of such host protection attributes (HPAs) include:
-
SharedState, which indicates whether the API exposes the ability to create or manage shared state (for example, static class fields). -
Synchronization, which indicates whether the API exposes the ability to perform synchronization between threads. -
ExternalProcessMgmt, which indicates whether the API exposes a way to control the host process.
Given these attributes, [!INCLUDE ssNoVersion] specifies a list of HPAs that are disallowed in the hosted environment through code access security (CAS). The CAS requirements are specified by one of three [!INCLUDE ssNoVersion] permission sets: SAFE, EXTERNAL_ACCESS, or UNSAFE. One of these three security levels is specified when the assembly is registered on the server, using the CREATE ASSEMBLY statement. Code executing within the SAFE or EXTERNAL_ACCESS permission sets must avoid certain types or members that have the System.Security.Permissions.HostProtectionAttribute attribute applied. For more information, see Create an assembly and CLR integration programming model restrictions.
The HostProtectionAttribute isn't a security permission as much as a way to improve reliability, in that it identifies specific code constructs, either types or methods, that the host might disallow. The use of the HostProtectionAttribute enforces a programming model that helps protect the stability of the host.
HPAs identify types or members that don't fit the host programming model and represent the following increasing levels of reliability threat:
- Are otherwise benign.
- Could lead to destabilization of server-managed user code.
- Could lead to destabilization of the server process itself.
[!INCLUDE ssNoVersion] disallows the use of a type or member that has a HostProtectionAttribute that specifies a System.Security.Permissions.HostProtectionResource enumeration with a value of ExternalProcessMgmt, ExternalThreading, MayLeakOnAbort, SecurityInfrastructure, SelfAffectingProcessMgmt, SelfAffectingThreading, SharedState, Synchronization, or UI. This prevents the assemblies from calling members that enable sharing state, perform synchronization, might cause a resource leak on termination, or affect the integrity of the [!INCLUDE ssNoVersion] process.
The following articles identify types and members whose HostProtectionResource values [!INCLUDE ssNoVersion] disallows.
The lists in these articles were generated from the supported assemblies. For more information, see Supported .NET Framework libraries.
| Article | Description |
|---|---|
| Disallowed types and members in Microsoft.VisualBasic.dll | Lists the types and members in Microsoft.VisualBasic.dll whose HPA values are disallowed. |
| Disallowed types and members in mscorlib.dll | Lists the types and members in mscorlib.dll whose HPA values are disallowed. |
| Disallowed types and members in System.dll | Lists the types and members in System.dll whose HPA values are disallowed. |
| Disallowed types and members in System.Data.dll | Lists the types and members in System.Data.dll whose HPA values are disallowed. |
| Disallowed types and members in System.Core.dll | Lists the types and members in System.Core.dll whose HPA values are disallowed. |