In fact, if we do not set it up, but just modify the code, after running the program, the error interface will be as shown in Figure 1 below:
The exception thrown is as follows:
************** Exception Text **************
System.MethodAccessException: Attempt by security transparent method ' Rare.Card.Libary.Controls.
ReadCardControl.btnRead_Click(System.Object, System.EventArgs)' to call native code through method 'Rare.Card.Libary.MifareOneHelper.rf_read(Int32, Int32, Byte[ ])' failed. Methods must be security critical or
security safe-critical to call native code.
By consulting MSDN, the explanation of the exception is as follows:
In Microsoft .NET Framework 4, the common language runtime (CLR) security model has undergone many changes. One of the changes, the adoption of Level2 transparency (very similar to Silverlight's security model) is likely to affect the authors of the AllowPartiallyTrustedCallers (APTCA) library. There are three transparency attributes: SecurityTransparent, SecuritySafeCritical and SecurityCritical.
SecurityTransparent: Code marked as SecurityTransparent is reliable from a security perspective. It cannot accomplish any dangerous operations, such as asserting permissions,
executing unverifiable code, or calling native code. It also cannot call SecurityCritical code directly.
As mentioned above, for security reasons, all partially trusted code is forced to be SecurityTransparent. This is also the default transparency of the APTCA library.
SecurityCritical: Unlike SecurityTransparent, SecurityCritical code is able to perform any desired operation. It can perform declarations,
calls to native code, and other operations. It can call other methods without being restricted by the transparency flag.
Only fully trusted code can be SecurityCritical. In fact, (non-APTCA) fully trusted code is SecurityCritical by default,
thereby protecting it from calls by transparent partially trusted callers.
SecuritySafeCritical: SecuritySafeCritical code plays the role of a bridge, which allows transparent code to call key methods. SecuritySafeCritical
code has the same permissions as SecurityCritical code, but it can be called by SecurityTransparent code. Therefore, it is extremely important that SecuritySafeCritical code exposes the underlying SecurityCritical methods in a secure manner (to avoid some partially trusted malicious code trying to attack these methods through the SecuritySafeCritical layer).
Like SecurityCritical code, SecuritySafeCritical code must be fully trusted.
According to MSDN's explanation, the problem lies in the C# class library CardReader.Library that encapsulates the original Dll. We can set the transparency attribute at the code level to solve the problem.
The specific solution is as follows:
1. Set the transparent attribute of the ActiveX control card reading code to: SecuritySafeCritical. The code list after setting is as follows:[SecuritySafeCritical] /// <summary> /// 读卡 /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void btnRead_Click(object sender, EventArgs e) { int i = 0; byte[] data = new byte[16]; byte[] buff = new byte[32]; for (i = 0; i < 16; i++) data[i] = 0; for (i = 0; i < 32; i++) buff[i] = 0; st = MifareOneHelper.rf_read(icdev, sec * 4 + 1, data); if (st == 0) { SerialInterfaceHelper.hex_a(data, buff, 16); txtCardID.Text = System.Text.Encoding.ASCII.GetString(buff); lblMsg.Text = "读取卡号成功!"; } else lblMsg.Text = "读取卡号失败!"; //test method //if (string.IsNullOrEmpty(txtCardID.Text)) //{ // lblMsg.Text = "读取数据失败!"; //} //else //{ // lblMsg.Text = string.Format("读取数据:{0}!", txtCardID.Text); //} }
2. Set the transparent attribute that encapsulates the original card reader Dll.
Set the transparent attribute of the M1 card reader helper class MifareOneHelper to: [SecurityCritical], and set the
transparent attribute of the called method MifareOneHelper.rf_read to [SecurityCritical].
Set the transparent attribute of the serial communication helper class SerialInterfaceHelper to: [SecurityCritical], and set the
transparent attribute of the called method SerialInterfaceHelper.hex_a to [SecurityCritical].
The complete code has been provided. There are two other things to note. If the client fails to install ActiveX, the address running ActiveX will be added to the trusted site.
The security level of the trusted site will be reduced to Minimize or set the Trust Sites option regarding ActiveX.
More on using VS2010 C# to develop ActiveX controls (Part 2), complete code package downloads, please pay attention to the PHP Chinese website for related articles!