Home/ Questions/Q 8768579
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T17:06:20+00:00

We have a worker role in Azure which uses Process.Start to kick off a

  • 0

We have a worker role in Azure which uses Process.Start to kick off a background process (which hosts a native application we need to run)

FxCop gives me a whole load of CA2122 errors due to a link demand. When I tried to add this attribute:

[PermissionSet(SecurityAction.LinkDemand, Name = "FullTrust")]

I then started to get CA2135 instead, the solution to which seems to be to add the SecurityCritical attribute instead.

But then I get the CA2122 again.

Are either of these things an issue? Under what circumstances could they be and how can I be sure that I’m not introducing a security problem?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    SecurityCritical should perform an equivalent role as a LinkDemand for full trust:

    The SecurityCriticalAttribute is equivalent to a link demand for full
    trust. A type or member marked with the SecurityCriticalAttribute can
    be called only by fully trusted code; it does not have to demand
    specific permissions. It cannot be called by partially trusted code.

    Ergo, I’d suggest adding SecurityCritical (to fulfil the needs for CA2135) and suppress the CA2122, which is presumably just Microsoft forgetting to account for their newer solution in their code analysis.

    The objective of CA2122 is to ensure that the method…

    no longer provides unsecured access to the link demand-protected
    member.

    This isn’t the case once SecurityCritical is added (which ensures the member can be called only by fully trusted code), so the second CA2122 is a false positive.

    • 0