473,386 Members | 1,674 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > user control security on .net 2.0

Join Bytes to post your question to a community of 473,386 software developers and data experts.

User Control Security on .Net 2.0

I have a .Net 1.1 application which is downloaded into an aspx page. It is a
dll which inherits from System.Windows.Forms.UserControl. It works fine on a
PC with only the 1.1 Framework. However, the control will not load on a PC
with the 2.0 Framework installed. I know that IE will use the newest
framework so I assume it is a security issue.

At the assembly level I apply the following attributes;
[assembly: PermissionSet(SecurityAction.RequestMinimum, Name =
"LocalIntranet")]
[assembly: UIPermissionAttribute(SecurityAction.RequestMinimu m, Window =
UIPermissionWindow.SafeSubWindows)]

At the class level I apply;
[UIPermissionAttribute(SecurityAction.Assert)]
[PermissionSet(SecurityAction.Assert)

What do I need to do to enable it to load in a PC with the 2.0 Framework
installed.
Thanks!
Nov 19 '05 #1
5 2038
Hi Norsoft,

Welcome to ASPNET newsgroup.
As for the IE host winform control scenario, yes, the IE by default will
load the latest installed dotnet framework on the client machine. And as
for the CAS permission, we can just use the .NET 2.0's configuration wizard
to add a code group for our winform control(by URL path or strong-name...)
on the clientside machine. I think that's just like what we do in .net 1.1
environment. What's the permissions you used to grant to your control in
..net 1.1 CAS configuation?

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Norsoft" <no*****@newsgroup.nospam>
| Subject: User Control Security on .Net 2.0
| Date: Mon, 14 Nov 2005 15:26:30 -0800
| Lines: 21
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <e#**************@TK2MSFTNGP10.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comcast.net 67.181.77.42
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP10.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:358102
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have a .Net 1.1 application which is downloaded into an aspx page. It
is a
| dll which inherits from System.Windows.Forms.UserControl. It works fine
on a
| PC with only the 1.1 Framework. However, the control will not load on a
PC
| with the 2.0 Framework installed. I know that IE will use the newest
| framework so I assume it is a security issue.
|
| At the assembly level I apply the following attributes;
| [assembly: PermissionSet(SecurityAction.RequestMinimum, Name =
| "LocalIntranet")]
| [assembly: UIPermissionAttribute(SecurityAction.RequestMinimu m, Window =
| UIPermissionWindow.SafeSubWindows)]
|
| At the class level I apply;
| [UIPermissionAttribute(SecurityAction.Assert)]
| [PermissionSet(SecurityAction.Assert)
|
| What do I need to do to enable it to load in a PC with the 2.0 Framework
| installed.
| Thanks!
|
|
|

Nov 19 '05 #2
Ok, if you see my other post I could not see this message. I have fixed that
problem by deleting all messages and reloading them. Anyway, let me post the
info I put in the other one.

Thanks for the reply. I had posted the same question on the 14th but the
Outlook Express news reader will not see it, even if I do a search, so I
would appreciate it if you would add your reply here.

I have been using the 1.1 application for a long time but this model seems
incredibly fragile. I found part of my problem to be I defined one of my
class variables as "private JLReport m_JLReport = null;" This will stop the
app from loading in a web page with .Net 2.0. If I define it as "private
JLReport m_JLReport ;" (no =null) then it loads. Also, I have some problem
with a call to a web service, If you change almost anything the app won't
load.

What I did was create a new web application with just the form and no
functionality. That worked, then I started adding chunks of code from the
app until it failed. This is a really poor way to build an application.

Isn't there any way to drop into the debugger so you can see where it fails?

Right now I have a problem with printing permissions. When I try to set the
printer name on the PrintDocument class I get a security exception say it
could not get the permissions required. I use the attribute
[assembly: PrintingPermissionAttribute(SecurityAction.Request Minimum, Level
= PrintingPermissionLevel.DefaultPrinting)] but it still won't work.
Peter Bourget

Now as to your reply, we did not have to create a code group on the clients
machine. We used the 1.1 Wizards to Adjust .Net Security so the Trusted
Sites had Full Trust. I don't see the equivalent Wizard for .Net 2.0. I
will look into code groups and see if they will work.
Peter Bourget

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:20*************@TK2MSFTNGXA02.phx.gbl...
Hi Norsoft,

Welcome to ASPNET newsgroup.
As for the IE host winform control scenario, yes, the IE by default will
load the latest installed dotnet framework on the client machine. And as
for the CAS permission, we can just use the .NET 2.0's configuration
wizard
to add a code group for our winform control(by URL path or strong-name...)
on the clientside machine. I think that's just like what we do in .net 1.1
environment. What's the permissions you used to grant to your control in
net 1.1 CAS configuation?

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Norsoft" <no*****@newsgroup.nospam>
| Subject: User Control Security on .Net 2.0
| Date: Mon, 14 Nov 2005 15:26:30 -0800
| Lines: 21
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <e#**************@TK2MSFTNGP10.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comcast.net 67.181.77.42
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP10.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:358102
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have a .Net 1.1 application which is downloaded into an aspx page. It
is a
| dll which inherits from System.Windows.Forms.UserControl. It works fine
on a
| PC with only the 1.1 Framework. However, the control will not load on a
PC
| with the 2.0 Framework installed. I know that IE will use the newest
| framework so I assume it is a security issue.
|
| At the assembly level I apply the following attributes;
| [assembly: PermissionSet(SecurityAction.RequestMinimum, Name =
| "LocalIntranet")]
| [assembly: UIPermissionAttribute(SecurityAction.RequestMinimu m, Window =
| UIPermissionWindow.SafeSubWindows)]
|
| At the class level I apply;
| [UIPermissionAttribute(SecurityAction.Assert)]
| [PermissionSet(SecurityAction.Assert)
|
| What do I need to do to enable it to load in a PC with the 2.0 Framework
| installed.
| Thanks!
|
|
|

Nov 20 '05 #3
Thanks for your followup Peter,

Yes, since the IE hosted winform control are hosted in Internet explore
process, we can not perform managed debugging on it. As far as I know, for
IE host control, we have the IE host log for general troubleshooting:

#HOW TO: Use the IEHost Log to Debug .NET Object Hosting in Internet
Explorer
http://support.microsoft.com/default...b;en-us;313892

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Norsoft" <no*****@newsgroup.nospam>
| References: <e#**************@TK2MSFTNGP10.phx.gbl>
<20*************@TK2MSFTNGXA02.phx.gbl>
| Subject: Re: User Control Security on .Net 2.0
| Date: Wed, 16 Nov 2005 10:26:37 -0800
| Lines: 103
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uM**************@tk2msftngp13.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comcast.net 67.181.77.42
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msft ngp13.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:358656
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Ok, if you see my other post I could not see this message. I have fixed
that
| problem by deleting all messages and reloading them. Anyway, let me post
the
| info I put in the other one.
|
| Thanks for the reply. I had posted the same question on the 14th but the
| Outlook Express news reader will not see it, even if I do a search, so I
| would appreciate it if you would add your reply here.
|
| I have been using the 1.1 application for a long time but this model seems
| incredibly fragile. I found part of my problem to be I defined one of my
| class variables as "private JLReport m_JLReport = null;" This will stop
the
| app from loading in a web page with .Net 2.0. If I define it as "private
| JLReport m_JLReport ;" (no =null) then it loads. Also, I have some problem
| with a call to a web service, If you change almost anything the app won't
| load.
|
| What I did was create a new web application with just the form and no
| functionality. That worked, then I started adding chunks of code from the
| app until it failed. This is a really poor way to build an application.
|
| Isn't there any way to drop into the debugger so you can see where it
fails?
|
| Right now I have a problem with printing permissions. When I try to set
the
| printer name on the PrintDocument class I get a security exception say it
| could not get the permissions required. I use the attribute
| [assembly: PrintingPermissionAttribute(SecurityAction.Request Minimum,
Level
| = PrintingPermissionLevel.DefaultPrinting)] but it still won't work.
| Peter Bourget
|
| Now as to your reply, we did not have to create a code group on the
clients
| machine. We used the 1.1 Wizards to Adjust .Net Security so the Trusted
| Sites had Full Trust. I don't see the equivalent Wizard for .Net 2.0. I
| will look into code groups and see if they will work.
| Peter Bourget
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:20*************@TK2MSFTNGXA02.phx.gbl...
| > Hi Norsoft,
| >
| > Welcome to ASPNET newsgroup.
| > As for the IE host winform control scenario, yes, the IE by default will
| > load the latest installed dotnet framework on the client machine. And as
| > for the CAS permission, we can just use the .NET 2.0's configuration
| > wizard
| > to add a code group for our winform control(by URL path or
strong-name...)
| > on the clientside machine. I think that's just like what we do in .net
1.1
| > environment. What's the permissions you used to grant to your control in
| > net 1.1 CAS configuation?
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| > --------------------
| > | From: "Norsoft" <no*****@newsgroup.nospam>
| > | Subject: User Control Security on .Net 2.0
| > | Date: Mon, 14 Nov 2005 15:26:30 -0800
| > | Lines: 21
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <e#**************@TK2MSFTNGP10.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comcast.net 67.181.77.42
| > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP10.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:358102
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | I have a .Net 1.1 application which is downloaded into an aspx page.
It
| > is a
| > | dll which inherits from System.Windows.Forms.UserControl. It works
fine
| > on a
| > | PC with only the 1.1 Framework. However, the control will not load on
a
| > PC
| > | with the 2.0 Framework installed. I know that IE will use the newest
| > | framework so I assume it is a security issue.
| > |
| > | At the assembly level I apply the following attributes;
| > | [assembly: PermissionSet(SecurityAction.RequestMinimum, Name =
| > | "LocalIntranet")]
| > | [assembly: UIPermissionAttribute(SecurityAction.RequestMinimu m,
Window =
| > | UIPermissionWindow.SafeSubWindows)]
| > |
| > | At the class level I apply;
| > | [UIPermissionAttribute(SecurityAction.Assert)]
| > | [PermissionSet(SecurityAction.Assert)
| > |
| > | What do I need to do to enable it to load in a PC with the 2.0
Framework
| > | installed.
| > | Thanks!
| > |
| > |
| > |
| >
|
|
|

Nov 20 '05 #4
Thanks!
I'll take a look at it and see if it helps. I have opened an incident with
MSFT on this. I bypassed my printing code and also have trouble with my
imaging section. Microsoft really needs to put out some clear information on
the security issues and how to deal with them for these controls loaded in
IE. There is just way too much information on security and it is way too
spread out. While there is a lot of info the usual suggestion seems to be
"keep trying different things until it works". There should be clear,
concise step by step walkthroughs on how to diagnose and determine the
security required and how to configure and code so it works. Just saying I
may have to create a policy is not sufficient. Even if I wanted to put a
custom policy on thousands of PC during deployment I would still have to
figure out what has to be in that policy by trial and error.

"Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
news:N$**************@TK2MSFTNGXA02.phx.gbl...
Thanks for your followup Peter,

Yes, since the IE hosted winform control are hosted in Internet explore
process, we can not perform managed debugging on it. As far as I know, for
IE host control, we have the IE host log for general troubleshooting:

#HOW TO: Use the IEHost Log to Debug .NET Object Hosting in Internet
Explorer
http://support.microsoft.com/default...b;en-us;313892

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
| From: "Norsoft" <no*****@newsgroup.nospam>
| References: <e#**************@TK2MSFTNGP10.phx.gbl>
<20*************@TK2MSFTNGXA02.phx.gbl>
| Subject: Re: User Control Security on .Net 2.0
| Date: Wed, 16 Nov 2005 10:26:37 -0800
| Lines: 103
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uM**************@tk2msftngp13.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comcast.net 67.181.77.42
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msft ngp13.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:358656
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Ok, if you see my other post I could not see this message. I have fixed
that
| problem by deleting all messages and reloading them. Anyway, let me post
the
| info I put in the other one.
|
| Thanks for the reply. I had posted the same question on the 14th but the
| Outlook Express news reader will not see it, even if I do a search, so I
| would appreciate it if you would add your reply here.
|
| I have been using the 1.1 application for a long time but this model
seems
| incredibly fragile. I found part of my problem to be I defined one of my
| class variables as "private JLReport m_JLReport = null;" This will stop
the
| app from loading in a web page with .Net 2.0. If I define it as "private
| JLReport m_JLReport ;" (no =null) then it loads. Also, I have some
problem
| with a call to a web service, If you change almost anything the app
won't
| load.
|
| What I did was create a new web application with just the form and no
| functionality. That worked, then I started adding chunks of code from
the
| app until it failed. This is a really poor way to build an application.
|
| Isn't there any way to drop into the debugger so you can see where it
fails?
|
| Right now I have a problem with printing permissions. When I try to set
the
| printer name on the PrintDocument class I get a security exception say
it
| could not get the permissions required. I use the attribute
| [assembly: PrintingPermissionAttribute(SecurityAction.Request Minimum,
Level
| = PrintingPermissionLevel.DefaultPrinting)] but it still won't work.
| Peter Bourget
|
| Now as to your reply, we did not have to create a code group on the
clients
| machine. We used the 1.1 Wizards to Adjust .Net Security so the Trusted
| Sites had Full Trust. I don't see the equivalent Wizard for .Net 2.0. I
| will look into code groups and see if they will work.
| Peter Bourget
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:20*************@TK2MSFTNGXA02.phx.gbl...
| > Hi Norsoft,
| >
| > Welcome to ASPNET newsgroup.
| > As for the IE host winform control scenario, yes, the IE by default
will
| > load the latest installed dotnet framework on the client machine. And
as
| > for the CAS permission, we can just use the .NET 2.0's configuration
| > wizard
| > to add a code group for our winform control(by URL path or
strong-name...)
| > on the clientside machine. I think that's just like what we do in .net
1.1
| > environment. What's the permissions you used to grant to your control
in
| > net 1.1 CAS configuation?
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| > --------------------
| > | From: "Norsoft" <no*****@newsgroup.nospam>
| > | Subject: User Control Security on .Net 2.0
| > | Date: Mon, 14 Nov 2005 15:26:30 -0800
| > | Lines: 21
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <e#**************@TK2MSFTNGP10.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comcast.net 67.181.77.42
| > | Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP10.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:358102
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | I have a .Net 1.1 application which is downloaded into an aspx page.
It
| > is a
| > | dll which inherits from System.Windows.Forms.UserControl. It works
fine
| > on a
| > | PC with only the 1.1 Framework. However, the control will not load
on
a
| > PC
| > | with the 2.0 Framework installed. I know that IE will use the newest
| > | framework so I assume it is a security issue.
| > |
| > | At the assembly level I apply the following attributes;
| > | [assembly: PermissionSet(SecurityAction.RequestMinimum, Name =
| > | "LocalIntranet")]
| > | [assembly: UIPermissionAttribute(SecurityAction.RequestMinimu m,
Window =
| > | UIPermissionWindow.SafeSubWindows)]
| > |
| > | At the class level I apply;
| > | [UIPermissionAttribute(SecurityAction.Assert)]
| > | [PermissionSet(SecurityAction.Assert)
| > |
| > | What do I need to do to enable it to load in a PC with the 2.0
Framework
| > | installed.
| > | Thanks!
| > |
| > |
| > |
| >
|
|
|

Nov 20 '05 #5
Thanks for your followup and the feedback Norsoft,

Yes, I agree with you that currently as for IE hosting managed code
reference is quite unsufficient. We also often meet such problems which
lead us to troubleshooting from basic CAS checking.... And there seems
only some individual techincal articles discussing on IE hosting and
related security ...... So I'll also recommend you submit this request
through the new MS product feedback:

# MSDN Product Feedback Center
http://lab.msdn.microsoft.com/produc...k/default.aspx

In addition, for such CAS related application(executing managed code in
Partial Trust environment...), we'll suggest design the security policy and
analyize the code permission from start and often evaluate the permission
sets required. There exist some tool in .NET framework SDK like the
permview.exe for .net 1.0/1.1 and the permCalc.exe for .NET 2.0 which can
help calculate the permissions our assemblies require....

Thanks again for your posting.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Norsoft" <no*****@newsgroup.nospam>
| References: <e#**************@TK2MSFTNGP10.phx.gbl>
<20*************@TK2MSFTNGXA02.phx.gbl>
<uM**************@tk2msftngp13.phx.gbl>
<N$**************@TK2MSFTNGXA02.phx.gbl>
| Subject: Re: User Control Security on .Net 2.0
| Date: Fri, 18 Nov 2005 06:58:33 -0800
| Lines: 188
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <Og**************@TK2MSFTNGP11.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comcast.net 67.181.77.42
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP11.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:359222
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Thanks!
| I'll take a look at it and see if it helps. I have opened an incident
with
| MSFT on this. I bypassed my printing code and also have trouble with my
| imaging section. Microsoft really needs to put out some clear information
on
| the security issues and how to deal with them for these controls loaded
in
| IE. There is just way too much information on security and it is way too
| spread out. While there is a lot of info the usual suggestion seems to be
| "keep trying different things until it works". There should be clear,
| concise step by step walkthroughs on how to diagnose and determine the
| security required and how to configure and code so it works. Just saying
I
| may have to create a policy is not sufficient. Even if I wanted to put a
| custom policy on thousands of PC during deployment I would still have to
| figure out what has to be in that policy by trial and error.
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:N$**************@TK2MSFTNGXA02.phx.gbl...
| > Thanks for your followup Peter,
| >
| > Yes, since the IE hosted winform control are hosted in Internet explore
| > process, we can not perform managed debugging on it. As far as I know,
for
| > IE host control, we have the IE host log for general troubleshooting:
| >
| > #HOW TO: Use the IEHost Log to Debug .NET Object Hosting in Internet
| > Explorer
| > http://support.microsoft.com/default...b;en-us;313892
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| >
| > --------------------
| > | From: "Norsoft" <no*****@newsgroup.nospam>
| > | References: <e#**************@TK2MSFTNGP10.phx.gbl>
| > <20*************@TK2MSFTNGXA02.phx.gbl>
| > | Subject: Re: User Control Security on .Net 2.0
| > | Date: Wed, 16 Nov 2005 10:26:37 -0800
| > | Lines: 103
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <uM**************@tk2msftngp13.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comcast.net 67.181.77.42
| > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msft ngp13.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:358656
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | Ok, if you see my other post I could not see this message. I have
fixed
| > that
| > | problem by deleting all messages and reloading them. Anyway, let me
post
| > the
| > | info I put in the other one.
| > |
| > | Thanks for the reply. I had posted the same question on the 14th but
the
| > | Outlook Express news reader will not see it, even if I do a search,
so I
| > | would appreciate it if you would add your reply here.
| > |
| > | I have been using the 1.1 application for a long time but this model
| > seems
| > | incredibly fragile. I found part of my problem to be I defined one of
my
| > | class variables as "private JLReport m_JLReport = null;" This will
stop
| > the
| > | app from loading in a web page with .Net 2.0. If I define it as
"private
| > | JLReport m_JLReport ;" (no =null) then it loads. Also, I have some
| > problem
| > | with a call to a web service, If you change almost anything the app
| > won't
| > | load.
| > |
| > | What I did was create a new web application with just the form and no
| > | functionality. That worked, then I started adding chunks of code from
| > the
| > | app until it failed. This is a really poor way to build an
application.
| > |
| > | Isn't there any way to drop into the debugger so you can see where it
| > fails?
| > |
| > | Right now I have a problem with printing permissions. When I try to
set
| > the
| > | printer name on the PrintDocument class I get a security exception
say
| > it
| > | could not get the permissions required. I use the attribute
| > | [assembly: PrintingPermissionAttribute(SecurityAction.Request Minimum,
| > Level
| > | = PrintingPermissionLevel.DefaultPrinting)] but it still won't work.
| > | Peter Bourget
| > |
| > | Now as to your reply, we did not have to create a code group on the
| > clients
| > | machine. We used the 1.1 Wizards to Adjust .Net Security so the
Trusted
| > | Sites had Full Trust. I don't see the equivalent Wizard for .Net 2.0.
I
| > | will look into code groups and see if they will work.
| > | Peter Bourget
| > |
| > | "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| > | news:20*************@TK2MSFTNGXA02.phx.gbl...
| > | > Hi Norsoft,
| > | >
| > | > Welcome to ASPNET newsgroup.
| > | > As for the IE host winform control scenario, yes, the IE by default
| > will
| > | > load the latest installed dotnet framework on the client machine.
And
| > as
| > | > for the CAS permission, we can just use the .NET 2.0's configuration
| > | > wizard
| > | > to add a code group for our winform control(by URL path or
| > strong-name...)
| > | > on the clientside machine. I think that's just like what we do in
..net
| > 1.1
| > | > environment. What's the permissions you used to grant to your
control
| > in
| > | > net 1.1 CAS configuation?
| > | >
| > | > Thanks,
| > | >
| > | > Steven Cheng
| > | > Microsoft Online Support
| > | >
| > | > Get Secure! www.microsoft.com/security
| > | > (This posting is provided "AS IS", with no warranties, and confers
no
| > | > rights.)
| > | > --------------------
| > | > | From: "Norsoft" <no*****@newsgroup.nospam>
| > | > | Subject: User Control Security on .Net 2.0
| > | > | Date: Mon, 14 Nov 2005 15:26:30 -0800
| > | > | Lines: 21
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | Message-ID: <e#**************@TK2MSFTNGP10.phx.gbl>
| > | > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | > | NNTP-Posting-Host: c-67-181-77-42.hsd1.ca.comcast.net 67.181.77.42
| > | > | Path:
| > TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP10.phx.gbl
| > | > | Xref: TK2MSFTNGXA02.phx.gbl
| > | > microsoft.public.dotnet.framework.aspnet:358102
| > | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > | > |
| > | > | I have a .Net 1.1 application which is downloaded into an aspx
page.
| > It
| > | > is a
| > | > | dll which inherits from System.Windows.Forms.UserControl. It works
| > fine
| > | > on a
| > | > | PC with only the 1.1 Framework. However, the control will not
load
| > on
| > a
| > | > PC
| > | > | with the 2.0 Framework installed. I know that IE will use the
newest
| > | > | framework so I assume it is a security issue.
| > | > |
| > | > | At the assembly level I apply the following attributes;
| > | > | [assembly: PermissionSet(SecurityAction.RequestMinimum, Name =
| > | > | "LocalIntranet")]
| > | > | [assembly: UIPermissionAttribute(SecurityAction.RequestMinimu m,
| > Window =
| > | > | UIPermissionWindow.SafeSubWindows)]
| > | > |
| > | > | At the class level I apply;
| > | > | [UIPermissionAttribute(SecurityAction.Assert)]
| > | > | [PermissionSet(SecurityAction.Assert)
| > | > |
| > | > | What do I need to do to enable it to load in a PC with the 2.0
| > Framework
| > | > | installed.
| > | > | Thanks!
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|

Nov 20 '05 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
how to have component run in security context of windows user?
by: dave | last post by:
I have an application/component that updates an individual's active directory information. The current application finds the active directory entry via the following.. Dim entry As DirectoryEntry...
.NET Framework
6
c++ user control in ie browser
by: George Economos | last post by:
I am trying to display a user control contained within an c++ assembly in internet explorer. When I create an equivalent user control in c#, it displays just fine. Before I get into specifics,...
.NET Framework
2
Events in dynamically loaded user controls
by: Danny Bloodworth | last post by:
I have a usercontrol (login.ascx) that is very simple. It accepts input through two textboxes, and then the user clicks an Imagebutton to submit. I have a parent form that checks the page...
ASP.NET
5
Network access from ASPNET user
by: Dave Kolb | last post by:
Is there any other solution for an ASPNET application to access network resources other than running as SYSTEM, using delegation (a nightmare to get to work) or the COM+ solution? I cannot seem to...
ASP.NET
1
Design Issue: Separating Application Security Model from the Application (Custom or User) Controls
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
ASP.NET
8
Setting Properties to my user control
by: David Lozzi | last post by:
Howdy, I have a user control that is a report to display data. On the page the control is inserted in, I have filter options to filter the report. When I try to do something like this, nothing...
ASP.NET
5
Problem with WinForms User Control Hosted in IE
by: Segfahlt | last post by:
I need a little help here please. I have 2 win forms user controls in 2 different projects that I'm hosting in 2 different virtual directories. The controls have been test and operate okay in...
ASP.NET
2
Programmatically adding ASP.net User Control to UpdatePanel
by: ChrisCicc | last post by:
Hi All, I got a real doozy here. I have read hundreds upon hundreds of forum posts and found numerous others who have replicated this problem, but have yet to find a solution. Through testing I have...
ASP / Active Server Pages
4
Inclusion of user control within custom control
by: =?Utf-8?B?UmljaEI=?= | last post by:
I am trying to create a project using the ASP.NET AJAX accordion control. I would like to dynamically add panes to the control with a form template added when the pane is added. I have tried...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!