User Control Security on .Net 2.0

Hi Norsoft,

Welcome to ASPNET newsgroup.
As for the IE host winform control scenario, yes, the IE by default will
load the latest installed dotnet framework on the client machine. And as
for the CAS permission, we can just use the .NET 2.0's configuration wizard
to add a code group for our winform control(by URL path or strong-name...)
on the clientside machine. I think that's just like what we do in .net 1.1
environment. What's the permissions you used to grant to your control in
..net 1.1 CAS configuation?

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Norsoft" <no*****@newsgr oup.nospam>
| Subject: User Control Security on .Net 2.0
| Date: Mon, 14 Nov 2005 15:26:30 -0800
| Lines: 21
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <e#************ **@TK2MSFTNGP10 .phx.gbl>
| Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comc ast.net 67.181.77.42
| Path: TK2MSFTNGXA02.p hx.gbl!TK2MSFTN GP08.phx.gbl!TK 2MSFTNGP10.phx. gbl
| Xref: TK2MSFTNGXA02.p hx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:3581 02
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
| I have a .Net 1.1 application which is downloaded into an aspx page. It
is a
| dll which inherits from System.Windows. Forms.UserContr ol. It works fine
on a
| PC with only the 1.1 Framework. However, the control will not load on a
PC
| with the 2.0 Framework installed. I know that IE will use the newest
| framework so I assume it is a security issue.
|
| At the assembly level I apply the following attributes;
| [assembly: PermissionSet(S ecurityAction.R equestMinimum, Name =
| "LocalIntranet" )]
| [assembly: UIPermissionAtt ribute(Security Action.RequestM inimum, Window =
| UIPermissionWin dow.SafeSubWind ows)]
|
| At the class level I apply;
| [UIPermissionAtt ribute(Security Action.Assert)]
| [PermissionSet(S ecurityAction.A ssert)
|
| What do I need to do to enable it to load in a PC with the 2.0 Framework
| installed.
| Thanks!
|
|
|

Ok, if you see my other post I could not see this message. I have fixed that
problem by deleting all messages and reloading them. Anyway, let me post the
info I put in the other one.

Thanks for the reply. I had posted the same question on the 14th but the
Outlook Express news reader will not see it, even if I do a search, so I
would appreciate it if you would add your reply here.

I have been using the 1.1 application for a long time but this model seems
incredibly fragile. I found part of my problem to be I defined one of my
class variables as "private JLReport m_JLReport = null;" This will stop the
app from loading in a web page with .Net 2.0. If I define it as "private
JLReport m_JLReport ;" (no =null) then it loads. Also, I have some problem
with a call to a web service, If you change almost anything the app won't
load.

What I did was create a new web application with just the form and no
functionality. That worked, then I started adding chunks of code from the
app until it failed. This is a really poor way to build an application.

Isn't there any way to drop into the debugger so you can see where it fails?

Right now I have a problem with printing permissions. When I try to set the
printer name on the PrintDocument class I get a security exception say it
could not get the permissions required. I use the attribute
[assembly: PrintingPermiss ionAttribute(Se curityAction.Re questMinimum, Level
= PrintingPermiss ionLevel.Defaul tPrinting)] but it still won't work.
Peter Bourget

Now as to your reply, we did not have to create a code group on the clients
machine. We used the 1.1 Wizards to Adjust .Net Security so the Trusted
Sites had Full Trust. I don't see the equivalent Wizard for .Net 2.0. I
will look into code groups and see if they will work.
Peter Bourget

"Steven Cheng[MSFT]" <st*****@online .microsoft.com> wrote in message
news:20******** *****@TK2MSFTNG XA02.phx.gbl...

Hi Norsoft,

Welcome to ASPNET newsgroup.
As for the IE host winform control scenario, yes, the IE by default will
load the latest installed dotnet framework on the client machine. And as
for the CAS permission, we can just use the .NET 2.0's configuration
wizard
to add a code group for our winform control(by URL path or strong-name...)
on the clientside machine. I think that's just like what we do in .net 1.1
environment. What's the permissions you used to grant to your control in
net 1.1 CAS configuation?

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Norsoft" <no*****@newsgr oup.nospam>
| Subject: User Control Security on .Net 2.0
| Date: Mon, 14 Nov 2005 15:26:30 -0800
| Lines: 21
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <e#************ **@TK2MSFTNGP10 .phx.gbl>
| Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comc ast.net 67.181.77.42
| Path: TK2MSFTNGXA02.p hx.gbl!TK2MSFTN GP08.phx.gbl!TK 2MSFTNGP10.phx. gbl
| Xref: TK2MSFTNGXA02.p hx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:3581 02
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
| I have a .Net 1.1 application which is downloaded into an aspx page. It
is a
| dll which inherits from System.Windows. Forms.UserContr ol. It works fine
on a
| PC with only the 1.1 Framework. However, the control will not load on a
PC
| with the 2.0 Framework installed. I know that IE will use the newest
| framework so I assume it is a security issue.
|
| At the assembly level I apply the following attributes;
| [assembly: PermissionSet(S ecurityAction.R equestMinimum, Name =
| "LocalIntranet" )]
| [assembly: UIPermissionAtt ribute(Security Action.RequestM inimum, Window =
| UIPermissionWin dow.SafeSubWind ows)]
|
| At the class level I apply;
| [UIPermissionAtt ribute(Security Action.Assert)]
| [PermissionSet(S ecurityAction.A ssert)
|
| What do I need to do to enable it to load in a PC with the 2.0 Framework
| installed.
| Thanks!
|
|
|

Thanks for your followup Peter,

Yes, since the IE hosted winform control are hosted in Internet explore
process, we can not perform managed debugging on it. As far as I know, for
IE host control, we have the IE host log for general troubleshooting :

#HOW TO: Use the IEHost Log to Debug .NET Object Hosting in Internet
Explorer
http://support.microsoft.com/default...b;en-us;313892

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Norsoft" <no*****@newsgr oup.nospam>
| References: <e#************ **@TK2MSFTNGP10 .phx.gbl>
<20************ *@TK2MSFTNGXA02 .phx.gbl>
| Subject: Re: User Control Security on .Net 2.0
| Date: Wed, 16 Nov 2005 10:26:37 -0800
| Lines: 103
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uM************ **@tk2msftngp13 .phx.gbl>
| Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comc ast.net 67.181.77.42
| Path: TK2MSFTNGXA02.p hx.gbl!TK2MSFTN GP08.phx.gbl!tk 2msftngp13.phx. gbl
| Xref: TK2MSFTNGXA02.p hx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:3586 56
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
| Ok, if you see my other post I could not see this message. I have fixed
that
| problem by deleting all messages and reloading them. Anyway, let me post
the
| info I put in the other one.
|
| Thanks for the reply. I had posted the same question on the 14th but the
| Outlook Express news reader will not see it, even if I do a search, so I
| would appreciate it if you would add your reply here.
|
| I have been using the 1.1 application for a long time but this model seems
| incredibly fragile. I found part of my problem to be I defined one of my
| class variables as "private JLReport m_JLReport = null;" This will stop
the
| app from loading in a web page with .Net 2.0. If I define it as "private
| JLReport m_JLReport ;" (no =null) then it loads. Also, I have some problem
| with a call to a web service, If you change almost anything the app won't
| load.
|
| What I did was create a new web application with just the form and no
| functionality. That worked, then I started adding chunks of code from the
| app until it failed. This is a really poor way to build an application.
|
| Isn't there any way to drop into the debugger so you can see where it
fails?
|
| Right now I have a problem with printing permissions. When I try to set
the
| printer name on the PrintDocument class I get a security exception say it
| could not get the permissions required. I use the attribute
| [assembly: PrintingPermiss ionAttribute(Se curityAction.Re questMinimum,
Level
| = PrintingPermiss ionLevel.Defaul tPrinting)] but it still won't work.
| Peter Bourget
|
| Now as to your reply, we did not have to create a code group on the
clients
| machine. We used the 1.1 Wizards to Adjust .Net Security so the Trusted
| Sites had Full Trust. I don't see the equivalent Wizard for .Net 2.0. I
| will look into code groups and see if they will work.
| Peter Bourget
|
| "Steven Cheng[MSFT]" <st*****@online .microsoft.com> wrote in message
| news:20******** *****@TK2MSFTNG XA02.phx.gbl...
| > Hi Norsoft,
| >
| > Welcome to ASPNET newsgroup.
| > As for the IE host winform control scenario, yes, the IE by default will
| > load the latest installed dotnet framework on the client machine. And as
| > for the CAS permission, we can just use the .NET 2.0's configuration
| > wizard
| > to add a code group for our winform control(by URL path or
strong-name...)
| > on the clientside machine. I think that's just like what we do in .net
1.1
| > environment. What's the permissions you used to grant to your control in
| > net 1.1 CAS configuation?
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| > --------------------
| > | From: "Norsoft" <no*****@newsgr oup.nospam>
| > | Subject: User Control Security on .Net 2.0
| > | Date: Mon, 14 Nov 2005 15:26:30 -0800
| > | Lines: 21
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <e#************ **@TK2MSFTNGP10 .phx.gbl>
| > | Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| > | NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comc ast.net 67.181.77.42
| > | Path: TK2MSFTNGXA02.p hx.gbl!TK2MSFTN GP08.phx.gbl!TK 2MSFTNGP10.phx. gbl
| > | Xref: TK2MSFTNGXA02.p hx.gbl
| > microsoft.publi c.dotnet.framew ork.aspnet:3581 02
| > | X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
| > |
| > | I have a .Net 1.1 application which is downloaded into an aspx page.
It
| > is a
| > | dll which inherits from System.Windows. Forms.UserContr ol. It works
fine
| > on a
| > | PC with only the 1.1 Framework. However, the control will not load on
a
| > PC
| > | with the 2.0 Framework installed. I know that IE will use the newest
| > | framework so I assume it is a security issue.
| > |
| > | At the assembly level I apply the following attributes;
| > | [assembly: PermissionSet(S ecurityAction.R equestMinimum, Name =
| > | "LocalIntranet" )]
| > | [assembly: UIPermissionAtt ribute(Security Action.RequestM inimum,
Window =
| > | UIPermissionWin dow.SafeSubWind ows)]
| > |
| > | At the class level I apply;
| > | [UIPermissionAtt ribute(Security Action.Assert)]
| > | [PermissionSet(S ecurityAction.A ssert)
| > |
| > | What do I need to do to enable it to load in a PC with the 2.0
Framework
| > | installed.
| > | Thanks!
| > |
| > |
| > |
| >
|
|
|

Thanks!
I'll take a look at it and see if it helps. I have opened an incident with
MSFT on this. I bypassed my printing code and also have trouble with my
imaging section. Microsoft really needs to put out some clear information on
the security issues and how to deal with them for these controls loaded in
IE. There is just way too much information on security and it is way too
spread out. While there is a lot of info the usual suggestion seems to be
"keep trying different things until it works". There should be clear,
concise step by step walkthroughs on how to diagnose and determine the
security required and how to configure and code so it works. Just saying I
may have to create a policy is not sufficient. Even if I wanted to put a
custom policy on thousands of PC during deployment I would still have to
figure out what has to be in that policy by trial and error.

"Steven Cheng[MSFT]" <st*****@online .microsoft.com> wrote in message
news:N$******** ******@TK2MSFTN GXA02.phx.gbl.. .

Thanks for your followup Peter,

Yes, since the IE hosted winform control are hosted in Internet explore
process, we can not perform managed debugging on it. As far as I know, for
IE host control, we have the IE host log for general troubleshooting :

#HOW TO: Use the IEHost Log to Debug .NET Object Hosting in Internet
Explorer
http://support.microsoft.com/default...b;en-us;313892

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Norsoft" <no*****@newsgr oup.nospam>
| References: <e#************ **@TK2MSFTNGP10 .phx.gbl>
<20************ *@TK2MSFTNGXA02 .phx.gbl>
| Subject: Re: User Control Security on .Net 2.0
| Date: Wed, 16 Nov 2005 10:26:37 -0800
| Lines: 103
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uM************ **@tk2msftngp13 .phx.gbl>
| Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comc ast.net 67.181.77.42
| Path: TK2MSFTNGXA02.p hx.gbl!TK2MSFTN GP08.phx.gbl!tk 2msftngp13.phx. gbl
| Xref: TK2MSFTNGXA02.p hx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:3586 56
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
| Ok, if you see my other post I could not see this message. I have fixed
that
| problem by deleting all messages and reloading them. Anyway, let me post
the
| info I put in the other one.
|
| Thanks for the reply. I had posted the same question on the 14th but the
| Outlook Express news reader will not see it, even if I do a search, so I
| would appreciate it if you would add your reply here.
|
| I have been using the 1.1 application for a long time but this model
seems
| incredibly fragile. I found part of my problem to be I defined one of my
| class variables as "private JLReport m_JLReport = null;" This will stop
the
| app from loading in a web page with .Net 2.0. If I define it as "private
| JLReport m_JLReport ;" (no =null) then it loads. Also, I have some
problem
| with a call to a web service, If you change almost anything the app
won't
| load.
|
| What I did was create a new web application with just the form and no
| functionality. That worked, then I started adding chunks of code from
the
| app until it failed. This is a really poor way to build an application.
|
| Isn't there any way to drop into the debugger so you can see where it
fails?
|
| Right now I have a problem with printing permissions. When I try to set
the
| printer name on the PrintDocument class I get a security exception say
it
| could not get the permissions required. I use the attribute
| [assembly: PrintingPermiss ionAttribute(Se curityAction.Re questMinimum,
Level
| = PrintingPermiss ionLevel.Defaul tPrinting)] but it still won't work.
| Peter Bourget
|
| Now as to your reply, we did not have to create a code group on the
clients
| machine. We used the 1.1 Wizards to Adjust .Net Security so the Trusted
| Sites had Full Trust. I don't see the equivalent Wizard for .Net 2.0. I
| will look into code groups and see if they will work.
| Peter Bourget
|
| "Steven Cheng[MSFT]" <st*****@online .microsoft.com> wrote in message
| news:20******** *****@TK2MSFTNG XA02.phx.gbl...
| > Hi Norsoft,
| >
| > Welcome to ASPNET newsgroup.
| > As for the IE host winform control scenario, yes, the IE by default
will
| > load the latest installed dotnet framework on the client machine. And
as
| > for the CAS permission, we can just use the .NET 2.0's configuration
| > wizard
| > to add a code group for our winform control(by URL path or
strong-name...)
| > on the clientside machine. I think that's just like what we do in .net
1.1
| > environment. What's the permissions you used to grant to your control
in
| > net 1.1 CAS configuation?
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| > --------------------
| > | From: "Norsoft" <no*****@newsgr oup.nospam>
| > | Subject: User Control Security on .Net 2.0
| > | Date: Mon, 14 Nov 2005 15:26:30 -0800
| > | Lines: 21
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <e#************ **@TK2MSFTNGP10 .phx.gbl>
| > | Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| > | NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comc ast.net 67.181.77.42
| > | Path:
TK2MSFTNGXA02.p hx.gbl!TK2MSFTN GP08.phx.gbl!TK 2MSFTNGP10.phx. gbl
| > | Xref: TK2MSFTNGXA02.p hx.gbl
| > microsoft.publi c.dotnet.framew ork.aspnet:3581 02
| > | X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
| > |
| > | I have a .Net 1.1 application which is downloaded into an aspx page.
It
| > is a
| > | dll which inherits from System.Windows. Forms.UserContr ol. It works
fine
| > on a
| > | PC with only the 1.1 Framework. However, the control will not load
on
a
| > PC
| > | with the 2.0 Framework installed. I know that IE will use the newest
| > | framework so I assume it is a security issue.
| > |
| > | At the assembly level I apply the following attributes;
| > | [assembly: PermissionSet(S ecurityAction.R equestMinimum, Name =
| > | "LocalIntranet" )]
| > | [assembly: UIPermissionAtt ribute(Security Action.RequestM inimum,
Window =
| > | UIPermissionWin dow.SafeSubWind ows)]
| > |
| > | At the class level I apply;
| > | [UIPermissionAtt ribute(Security Action.Assert)]
| > | [PermissionSet(S ecurityAction.A ssert)
| > |
| > | What do I need to do to enable it to load in a PC with the 2.0
Framework
| > | installed.
| > | Thanks!
| > |
| > |
| > |
| >
|
|
|

Thanks for your followup and the feedback Norsoft,

Yes, I agree with you that currently as for IE hosting managed code
reference is quite unsufficient. We also often meet such problems which
lead us to troubleshooting from basic CAS checking.... And there seems
only some individual techincal articles discussing on IE hosting and
related security ...... So I'll also recommend you submit this request
through the new MS product feedback:

# MSDN Product Feedback Center
http://lab.msdn.microsoft.com/produc...k/default.aspx

In addition, for such CAS related application(exe cuting managed code in
Partial Trust environment...) , we'll suggest design the security policy and
analyize the code permission from start and often evaluate the permission
sets required. There exist some tool in .NET framework SDK like the
permview.exe for .net 1.0/1.1 and the permCalc.exe for .NET 2.0 which can
help calculate the permissions our assemblies require....

Thanks again for your posting.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Norsoft" <no*****@newsgr oup.nospam>
| References: <e#************ **@TK2MSFTNGP10 .phx.gbl>
<20************ *@TK2MSFTNGXA02 .phx.gbl>
<uM************ **@tk2msftngp13 .phx.gbl>
<N$************ **@TK2MSFTNGXA0 2.phx.gbl>
| Subject: Re: User Control Security on .Net 2.0
| Date: Fri, 18 Nov 2005 06:58:33 -0800
| Lines: 188
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <Og************ **@TK2MSFTNGP11 .phx.gbl>
| Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comc ast.net 67.181.77.42
| Path: TK2MSFTNGXA02.p hx.gbl!TK2MSFTN GP08.phx.gbl!TK 2MSFTNGP11.phx. gbl
| Xref: TK2MSFTNGXA02.p hx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:3592 22
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
| Thanks!
| I'll take a look at it and see if it helps. I have opened an incident
with
| MSFT on this. I bypassed my printing code and also have trouble with my
| imaging section. Microsoft really needs to put out some clear information
on
| the security issues and how to deal with them for these controls loaded
in
| IE. There is just way too much information on security and it is way too
| spread out. While there is a lot of info the usual suggestion seems to be
| "keep trying different things until it works". There should be clear,
| concise step by step walkthroughs on how to diagnose and determine the
| security required and how to configure and code so it works. Just saying
I
| may have to create a policy is not sufficient. Even if I wanted to put a
| custom policy on thousands of PC during deployment I would still have to
| figure out what has to be in that policy by trial and error.
|
| "Steven Cheng[MSFT]" <st*****@online .microsoft.com> wrote in message
| news:N$******** ******@TK2MSFTN GXA02.phx.gbl.. .
| > Thanks for your followup Peter,
| >
| > Yes, since the IE hosted winform control are hosted in Internet explore
| > process, we can not perform managed debugging on it. As far as I know,
for
| > IE host control, we have the IE host log for general troubleshooting :
| >
| > #HOW TO: Use the IEHost Log to Debug .NET Object Hosting in Internet
| > Explorer
| > http://support.microsoft.com/default...b;en-us;313892
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| >
| > --------------------
| > | From: "Norsoft" <no*****@newsgr oup.nospam>
| > | References: <e#************ **@TK2MSFTNGP10 .phx.gbl>
| > <20************ *@TK2MSFTNGXA02 .phx.gbl>
| > | Subject: Re: User Control Security on .Net 2.0
| > | Date: Wed, 16 Nov 2005 10:26:37 -0800
| > | Lines: 103
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <uM************ **@tk2msftngp13 .phx.gbl>
| > | Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| > | NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comc ast.net 67.181.77.42
| > | Path: TK2MSFTNGXA02.p hx.gbl!TK2MSFTN GP08.phx.gbl!tk 2msftngp13.phx. gbl
| > | Xref: TK2MSFTNGXA02.p hx.gbl
| > microsoft.publi c.dotnet.framew ork.aspnet:3586 56
| > | X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
| > |
| > | Ok, if you see my other post I could not see this message. I have
fixed
| > that
| > | problem by deleting all messages and reloading them. Anyway, let me
post
| > the
| > | info I put in the other one.
| > |
| > | Thanks for the reply. I had posted the same question on the 14th but
the
| > | Outlook Express news reader will not see it, even if I do a search,
so I
| > | would appreciate it if you would add your reply here.
| > |
| > | I have been using the 1.1 application for a long time but this model
| > seems
| > | incredibly fragile. I found part of my problem to be I defined one of
my
| > | class variables as "private JLReport m_JLReport = null;" This will
stop
| > the
| > | app from loading in a web page with .Net 2.0. If I define it as
"private
| > | JLReport m_JLReport ;" (no =null) then it loads. Also, I have some
| > problem
| > | with a call to a web service, If you change almost anything the app
| > won't
| > | load.
| > |
| > | What I did was create a new web application with just the form and no
| > | functionality. That worked, then I started adding chunks of code from
| > the
| > | app until it failed. This is a really poor way to build an
application.
| > |
| > | Isn't there any way to drop into the debugger so you can see where it
| > fails?
| > |
| > | Right now I have a problem with printing permissions. When I try to
set
| > the
| > | printer name on the PrintDocument class I get a security exception
say
| > it
| > | could not get the permissions required. I use the attribute
| > | [assembly: PrintingPermiss ionAttribute(Se curityAction.Re questMinimum,
| > Level
| > | = PrintingPermiss ionLevel.Defaul tPrinting)] but it still won't work.
| > | Peter Bourget
| > |
| > | Now as to your reply, we did not have to create a code group on the
| > clients
| > | machine. We used the 1.1 Wizards to Adjust .Net Security so the
Trusted
| > | Sites had Full Trust. I don't see the equivalent Wizard for .Net 2.0.
I
| > | will look into code groups and see if they will work.
| > | Peter Bourget
| > |
| > | "Steven Cheng[MSFT]" <st*****@online .microsoft.com> wrote in message
| > | news:20******** *****@TK2MSFTNG XA02.phx.gbl...
| > | > Hi Norsoft,
| > | >
| > | > Welcome to ASPNET newsgroup.
| > | > As for the IE host winform control scenario, yes, the IE by default
| > will
| > | > load the latest installed dotnet framework on the client machine.
And
| > as
| > | > for the CAS permission, we can just use the .NET 2.0's configuration
| > | > wizard
| > | > to add a code group for our winform control(by URL path or
| > strong-name...)
| > | > on the clientside machine. I think that's just like what we do in
..net
| > 1.1
| > | > environment. What's the permissions you used to grant to your
control
| > in
| > | > net 1.1 CAS configuation?
| > | >
| > | > Thanks,
| > | >
| > | > Steven Cheng
| > | > Microsoft Online Support
| > | >
| > | > Get Secure! www.microsoft.com/security
| > | > (This posting is provided "AS IS", with no warranties, and confers
no
| > | > rights.)
| > | > --------------------
| > | > | From: "Norsoft" <no*****@newsgr oup.nospam>
| > | > | Subject: User Control Security on .Net 2.0
| > | > | Date: Mon, 14 Nov 2005 15:26:30 -0800
| > | > | Lines: 21
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | Message-ID: <e#************ **@TK2MSFTNGP10 .phx.gbl>
| > | > | Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
| > | > | NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comc ast.net 67.181.77.42
| > | > | Path:
| > TK2MSFTNGXA02.p hx.gbl!TK2MSFTN GP08.phx.gbl!TK 2MSFTNGP10.phx. gbl
| > | > | Xref: TK2MSFTNGXA02.p hx.gbl
| > | > microsoft.publi c.dotnet.framew ork.aspnet:3581 02
| > | > | X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
| > | > |
| > | > | I have a .Net 1.1 application which is downloaded into an aspx
page.
| > It
| > | > is a
| > | > | dll which inherits from System.Windows. Forms.UserContr ol. It works
| > fine
| > | > on a
| > | > | PC with only the 1.1 Framework. However, the control will not
load
| > on
| > a
| > | > PC
| > | > | with the 2.0 Framework installed. I know that IE will use the
newest
| > | > | framework so I assume it is a security issue.
| > | > |
| > | > | At the assembly level I apply the following attributes;
| > | > | [assembly: PermissionSet(S ecurityAction.R equestMinimum, Name =
| > | > | "LocalIntranet" )]
| > | > | [assembly: UIPermissionAtt ribute(Security Action.RequestM inimum,
| > Window =
| > | > | UIPermissionWin dow.SafeSubWind ows)]
| > | > |
| > | > | At the class level I apply;
| > | > | [UIPermissionAtt ribute(Security Action.Assert)]
| > | > | [PermissionSet(S ecurityAction.A ssert)
| > | > |
| > | > | What do I need to do to enable it to load in a PC with the 2.0
| > Framework
| > | > | installed.
| > | > | Thanks!
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|