473,320 Members | 2,071 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Can't configure security for client side control

I've created a Windows.Forms control and placed it on an aspx page with the
<object> tag and verified that it works nicely. But, when I add
functionality to it (specifically, stuff from system.net.sockets) I get a
security policy violation. I've followed the instructions given at
http://msdn.microsoft.com/msdnmag/is...l/default.aspx, but I
can't get it to work at all. I add a permission set, add a code group,
point it at my assembly via the strong name, etc... It works fine in a
standalone app, but I can't get past security when the control is on a web
page. Any suggestions?
Nov 18 '05 #1
4 1098
Are you sure the code is executing in the group you specified? Under what
node in the code groups tree did you create the new group? What condition
type did you choose? I have done the exact thing you are trying but instead
of using StrongName, I used url which worked.

More than likely the code is not executing it the group you think.

"0to60" wrote:
I've created a Windows.Forms control and placed it on an aspx page with the
<object> tag and verified that it works nicely. But, when I add
functionality to it (specifically, stuff from system.net.sockets) I get a
security policy violation. I've followed the instructions given at
http://msdn.microsoft.com/msdnmag/is...l/default.aspx, but I
can't get it to work at all. I add a permission set, add a code group,
point it at my assembly via the strong name, etc... It works fine in a
standalone app, but I can't get past security when the control is on a web
page. Any suggestions?

Nov 18 '05 #2
"tom wisnowski" <to**********@discussions.microsoft.com> wrote in message
news:56**********************************@microsof t.com...
Are you sure the code is executing in the group you specified? Under what
node in the code groups tree did you create the new group? What condition
type did you choose? I have done the exact thing you are trying but instead of using StrongName, I used url which worked.

More than likely the code is not executing it the group you think.


I created the code group under Machine->IntranetZone. Does that make a
difference? How exactly do I say which zone my code will apply to? I
thought that was all controlled by the membership specifics for that code
group, i.e. if it has a strong name of such and such, it will be run under
this code group. Is that not so?

Furthermore, when I ran the Evaluate an Assembly util on my assembly, it
came back "unrestriced access". That kinda makes sense, because if I
created an assembly for a standalone .exe, it would be able to pretty much
do anything. If I look at it that way, it SHOULD be unrestricted. But on a
web page, it SHOULD have more security. How can I see the difference?
Nov 18 '05 #3
Try something like this to look at the evidence the assembly is executing with:
public void GetEvidence()
{
IEnumerator enumerator =
Assembly.GetExecutingAssembly().Evidence.GetEnumer ator();
while(enumerator.MoveNext())
{
object o = enumerator.Current;
//try cast to type of evidence object...
switch(o.GetType().Name)
{
case "Group":
CodeGroup g = (Group)o;
//g.Name;
break;
case "Site":
Site s = (Site)o;
//s.Name;
break;
case "Url":
Url u = (Url)u;
//u.Value;
break;
//etc.....
}
}
}

you could call a function to return the group names that you could call from
javascript, then write the names on the client UI for debugging purposes.
(You could also use Debug.WriteLine and use Dbmon or DebugView on the client
as well).

Hope this helps!

"tom wisnowski" wrote:
Are you sure the code is executing in the group you specified? Under what
node in the code groups tree did you create the new group? What condition
type did you choose? I have done the exact thing you are trying but instead
of using StrongName, I used url which worked.

More than likely the code is not executing it the group you think.

"0to60" wrote:
I've created a Windows.Forms control and placed it on an aspx page with the
<object> tag and verified that it works nicely. But, when I add
functionality to it (specifically, stuff from system.net.sockets) I get a
security policy violation. I've followed the instructions given at
http://msdn.microsoft.com/msdnmag/is...l/default.aspx, but I
can't get it to work at all. I add a permission set, add a code group,
point it at my assembly via the strong name, etc... It works fine in a
standalone app, but I can't get past security when the control is on a web
page. Any suggestions?

Nov 18 '05 #4
That is partly true, it does resolve group membership via evidence. The
system first resolves the top level group mebership, ie internet, intranet,
etc. Once inside a group it looks at the sub groups at that level and thier
membership conditions. The system will execute the code in the group that has
a condition that matches the assembly's evidence. This process of searching
for group membership is recursivley repeated until the assembly does not
qualify for any sub group at a particular level. Once this condition is met,
the code executes in the group at the current search level.

"0to60" wrote:
"tom wisnowski" <to**********@discussions.microsoft.com> wrote in message
news:56**********************************@microsof t.com...
Are you sure the code is executing in the group you specified? Under what
node in the code groups tree did you create the new group? What condition
type did you choose? I have done the exact thing you are trying but

instead
of using StrongName, I used url which worked.

More than likely the code is not executing it the group you think.


I created the code group under Machine->IntranetZone. Does that make a
difference? How exactly do I say which zone my code will apply to? I
thought that was all controlled by the membership specifics for that code
group, i.e. if it has a strong name of such and such, it will be run under
this code group. Is that not so?

Furthermore, when I ran the Evaluate an Assembly util on my assembly, it
came back "unrestriced access". That kinda makes sense, because if I
created an assembly for a standalone .exe, it would be able to pretty much
do anything. If I look at it that way, it SHOULD be unrestricted. But on a
web page, it SHOULD have more security. How can I see the difference?

Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

16
by: MLH | last post by:
Using MS Access, I have attached to MySQL servers in other states and other countries on the other side of my router. But when I use the MySQL ODBC driver 3.51 to connect to a MySQL server on my...
26
by: Don | last post by:
I'm writing an html page with some JavaScript that reads a web page into a client-side temp file, then reformats it, then submits that same file as a URL to the browser for display, via...
1
by: Krich | last post by:
Can I control what and how to print the data from my web form project via client's printer? Something like using printdocument object. I don't want to use print command from browser program.
0
by: Mr. Land | last post by:
Hello. I'm having trouble creating a new Web project using VS .NET 2003 on the local default web. I've done a lot of research about this and found a lot of suggestions, but none of them seem to...
4
by: david | last post by:
It seems that it can not do it due to security. My boss believes that .NET ASP web form application can spawn a local application at the client computer via web browser. Can we do it? How to...
0
by: Matt | last post by:
I have an intranet asp.net application that I am hosting a windows control in. The control is referenced using the <object> tag in the html. The control interfaces with a usb i/o device on the...
6
by: scottyman | last post by:
I can't make this script work properly. I've gone as far as I can with it and the rest is out of my ability. I can do some html editing but I'm lost in the Java world. The script at the bottom of...
46
by: Ian Boyd | last post by:
IIS5, on a Windows 2000 Server machine. Debeg.WriteLine "Hello, world!" How can i view it?
4
by: Joseph Geretz | last post by:
We use a Soap Header to pass a token class (m_Token) back and forth with authenticated session information. Given the following implementation for our Logout method, I vastly prefer to simply code...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.