473,569 Members | 2,532 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Apply security permission in class library, fail to call it out!

Hi there,

I had applied this security permissions in my class library based on fxcop
standards.

Before namespace:

using System.Runtime. InteropServices ;
using System.Security .Permissions;

[assembly:Isolat edStorageFilePe rmission(Securi tyAction.Reques tMinimum,
UserQuota=10485 76)]
[assembly:Securi tyPermission(Se curityAction.Re questRefuse,
UnmanagedCode=t rue)]
[assembly:FileIO Permission(Secu rityAction.Requ estOptional, Unrestricted=tr ue)]

In AssemblyInfo.cs

[assembly: AssemblyKeyFile ("../../snkey.snk")]

But when my windows app try to all the function during run time, it just
fails.

The errors:

An unhandled exception of type 'System.Securit y.SecurityExcep tion' occured
in Tester.exe

Any tips?

Thanks.
--
Regards,
Chua Wen Ching :)
Nov 16 '05 #1
3 2747
Hi there,

if the exception is being thrown right after you start the app, there should
be a problem with the requested permissions (The RequestMinimum for example
or some more like it in the app).

Before the CLR starts the execution of the assembly, it will check if all of
the requested permissions are being granted. That means that based on the
evidences for the assembly's origin (zone it is being started from, strong
name, digital signature, etc.) it will be assigned to a predefined code
group.
If at that point, the CLR can't apply the securty request, an exception will
be trown(which might be a SecurityExcepti on or PolicyException - depending
on the case).

Otherwise, if the exception is being thrown after the app starts, you should
try to find where the exception is being trowned - there should be a problem
with some resource (something else than those with RequestMinimum or an
action performed to a resource being explicitly refused or optional - like
the FileIO or the UnmanagedCode) not being allowed by the CLR's Security
system to your app. The problem might be the restricted user's account under
you're trying to start the app or something else - like starting it from a
network location (which is not being detected as local intranet) - in this
case the CAS (code access security) just restricts the permissions to the
app.

Hope that helps,
Branimir

--
Branimir Giurov
MCSD.NET, MCDBA
www.sofiadev.org

"Chua Wen Ching" <ch************ @nospam.hotmail .com> wrote in message
news:E7******** *************** ***********@mic rosoft.com...
Hi there,

I had applied this security permissions in my class library based on fxcop
standards.

Before namespace:

using System.Runtime. InteropServices ;
using System.Security .Permissions;

[assembly:Isolat edStorageFilePe rmission(Securi tyAction.Reques tMinimum,
UserQuota=10485 76)]
[assembly:Securi tyPermission(Se curityAction.Re questRefuse,
UnmanagedCode=t rue)]
[assembly:FileIO Permission(Secu rityAction.Requ estOptional, Unrestricted=tr ue)]
In AssemblyInfo.cs

[assembly: AssemblyKeyFile ("../../snkey.snk")]

But when my windows app try to all the function during run time, it just
fails.

The errors:

An unhandled exception of type 'System.Securit y.SecurityExcep tion' occured
in Tester.exe

Any tips?

Thanks.
--
Regards,
Chua Wen Ching :)

Nov 16 '05 #2
I had a tester app with a button. Inside the button click function, it will
call the class library with security permission.

It means, when i run the app no problem, just when i click on the button, i
receive the security problem.

Thanks for the previous tip. Do i need to do anything extra on the tester
app? Like coding attributes or doing something to allow me? Or is more to
permission on windows side?

Thanks again.

"Branimir Giurov" wrote:
Hi there,

if the exception is being thrown right after you start the app, there should
be a problem with the requested permissions (The RequestMinimum for example
or some more like it in the app).

Before the CLR starts the execution of the assembly, it will check if all of
the requested permissions are being granted. That means that based on the
evidences for the assembly's origin (zone it is being started from, strong
name, digital signature, etc.) it will be assigned to a predefined code
group.
If at that point, the CLR can't apply the securty request, an exception will
be trown(which might be a SecurityExcepti on or PolicyException - depending
on the case).

Otherwise, if the exception is being thrown after the app starts, you should
try to find where the exception is being trowned - there should be a problem
with some resource (something else than those with RequestMinimum or an
action performed to a resource being explicitly refused or optional - like
the FileIO or the UnmanagedCode) not being allowed by the CLR's Security
system to your app. The problem might be the restricted user's account under
you're trying to start the app or something else - like starting it from a
network location (which is not being detected as local intranet) - in this
case the CAS (code access security) just restricts the permissions to the
app.

Hope that helps,
Branimir

--
Branimir Giurov
MCSD.NET, MCDBA
www.sofiadev.org

"Chua Wen Ching" <ch************ @nospam.hotmail .com> wrote in message
news:E7******** *************** ***********@mic rosoft.com...
Hi there,

I had applied this security permissions in my class library based on fxcop
standards.

Before namespace:

using System.Runtime. InteropServices ;
using System.Security .Permissions;

[assembly:Isolat edStorageFilePe rmission(Securi tyAction.Reques tMinimum,
UserQuota=10485 76)]
[assembly:Securi tyPermission(Se curityAction.Re questRefuse,
UnmanagedCode=t rue)]
[assembly:FileIO Permission(Secu rityAction.Requ estOptional,

Unrestricted=tr ue)]

In AssemblyInfo.cs

[assembly: AssemblyKeyFile ("../../snkey.snk")]

But when my windows app try to all the function during run time, it just
fails.

The errors:

An unhandled exception of type 'System.Securit y.SecurityExcep tion' occured
in Tester.exe

Any tips?

Thanks.
--
Regards,
Chua Wen Ching :)


Nov 16 '05 #3
It depends -

if there is a permission denied from the OS (like file permission) it should
throw an exception as well. You can do something else - try to do a security
demand in the class library before accessing a resource. Before the demand,
write into the debuger or the trace, then do the same after the deman. The
security demand will wall the call stack and make sure that the callers have
the the same permissions as well as the one you're asking for. For example:

Trace.WriteLine ("before demand permission to ...");
FileIOPermissio n fp = new FileIOPermissio n(FileIOPermiss ionAccess.Read,
"c:\\test.txt") ;
fp.Demand();
Trace.WriteLine ("after demand permission to ...");

You should do that if you can't debug the source with VS. By doing this, you
can intercept where the exception comes from. The other possible solution is
to compile in a Debug mode and catch the permission at app level. Then log
the stack trace and the message. By looking at the stack trace, you'll see
in which method the exception was thrown originally.

Let me know how it goes. :)

Branimir

--
Branimir Giurov
MCSD.NET, MCDBA
www.sofiadev.org

"Chua Wen Ching" <ch************ @nospam.hotmail .com> wrote in message
news:CC******** *************** ***********@mic rosoft.com...
I had a tester app with a button. Inside the button click function, it will call the class library with security permission.

It means, when i run the app no problem, just when i click on the button, i receive the security problem.

Thanks for the previous tip. Do i need to do anything extra on the tester
app? Like coding attributes or doing something to allow me? Or is more to
permission on windows side?

Thanks again.

"Branimir Giurov" wrote:
Hi there,

if the exception is being thrown right after you start the app, there should be a problem with the requested permissions (The RequestMinimum for example or some more like it in the app).

Before the CLR starts the execution of the assembly, it will check if all of the requested permissions are being granted. That means that based on the evidences for the assembly's origin (zone it is being started from, strong name, digital signature, etc.) it will be assigned to a predefined code
group.
If at that point, the CLR can't apply the securty request, an exception will be trown(which might be a SecurityExcepti on or PolicyException - depending on the case).

Otherwise, if the exception is being thrown after the app starts, you should try to find where the exception is being trowned - there should be a problem with some resource (something else than those with RequestMinimum or an
action performed to a resource being explicitly refused or optional - like the FileIO or the UnmanagedCode) not being allowed by the CLR's Security
system to your app. The problem might be the restricted user's account under you're trying to start the app or something else - like starting it from a network location (which is not being detected as local intranet) - in this case the CAS (code access security) just restricts the permissions to the app.

Hope that helps,
Branimir

--
Branimir Giurov
MCSD.NET, MCDBA
www.sofiadev.org

"Chua Wen Ching" <ch************ @nospam.hotmail .com> wrote in message
news:E7******** *************** ***********@mic rosoft.com...
Hi there,

I had applied this security permissions in my class library based on fxcop standards.

Before namespace:

using System.Runtime. InteropServices ;
using System.Security .Permissions;

[assembly:Isolat edStorageFilePe rmission(Securi tyAction.Reques tMinimum,
UserQuota=10485 76)]
[assembly:Securi tyPermission(Se curityAction.Re questRefuse,
UnmanagedCode=t rue)]
[assembly:FileIO Permission(Secu rityAction.Requ estOptional,

Unrestricted=tr ue)]

In AssemblyInfo.cs

[assembly: AssemblyKeyFile ("../../snkey.snk")]

But when my windows app try to all the function during run time, it just fails.

The errors:

An unhandled exception of type 'System.Securit y.SecurityExcep tion' occured in Tester.exe

Any tips?

Thanks.
--
Regards,
Chua Wen Ching :)


Nov 16 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
2488
by: Olaf Baeyens | last post by:
Can someone out there point me to a URL or other reference how to use these security stuff in .NET? I know everything can be found online on the msdn but since I am new to this security stuff, I have a very hard time to find the correct page in the zillions of abstract pages talking about this topic. One of the problems is this: I can...
3
2337
by: craig | last post by:
I am working on my first .NET development project that involves custom role-based security per the project requirements. This lead to a general design issue this week that really caused us some concern. I have described the situation below because we are very curious to see what other, more experienced, developers might suggest. The specific...
3
2397
by: James Radke | last post by:
Hello, I have an asp.net application (using vb.net codebehind), that is calling some older c++ dlls. These dlls require the use of the c++ Runtime which is in the windows/System32 directories. What is the best way to get access to these directories for the web application? Add the security for IUSR_<system name> to the System32...
16
2086
by: Marina | last post by:
Hi, I am trying to find the minimum security settings to allow a windows control embedded in IE have full trust. If I give the entire Intranet zone full trust, this works. However, this is very broad and gives the entire zone high privleges. I tried giving just the assembly full trust (using the full URL for the DLL), but this doesn't...
29
15499
by: Patrick | last post by:
I have the following code, which regardless which works fine and logs to the EventViewer regardless of whether <processModel/> section of machine.config is set to username="SYSTEM" or "machine" ---Start of test.aspx---- <%@ Page language="C#" AutoEventWireup="false" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >...
3
415
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is comprised of a DataGrid may have separate permissions for adding, deleting and updating a news item. Problem Up until now, I have been implementing...
1
2649
by: Jason | last post by:
Hi I have a ASP.NET application where i would like to authenticate the connecting users according to the Local Users and Groups on the web server. I have the following code in the ASP.NET project. private static void Demand(string groups) { WindowsIdentity processIdentity = WindowsIdentity.GetCurrent();...
19
3198
by: Diego F. | last post by:
I think I'll never come across that error. It happens when running code from a DLL that tries to write to disk. I added permissions in the project folder, the wwwroot and in IIS to NETWORK_SERVICE and Everyone, with Full Control to see if it's a permissions problem. The project is hosted in a Windows 2003 Server and developed from PCs in a...
5
8284
by: Henry Stock | last post by:
I am trying to understand the following error: Any thing you can tell me about this is appreciated. Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's...
0
7711
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7938
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8145
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7694
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
7993
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6317
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5519
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
3679
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
970
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.