Hi All,
I've got a simple wrapper static test method on a class to expand the
environment variables on a specified string:
public static string ExpandEnvironme ntStr(string Str)
{
return Environment.Exp andEnvironmentV ariables(Str);
}
For some apparently security related reason it crashes with the following
exception:
An unhandled exception of type 'System.Securit y.SecurityExcep tion' occurred
in mscorlib.dll
Additional information: Request for the permission of type
System.Security .Permissions.En vironmentPermis sion, mscorlib,
Version=1.0.500 0.0, Culture=neutral , PublicKeyToken= b77a5c561934e08 9 failed.
Being a security newbe I just can't figure out from the MS doc's what this
means and how to use the EnvironmentPerm ission to fix it. The doc's only
confused me completely. All I need to do is be able to read stuff from the
Environment class (expanding variables and retreiving special folders,
etc.). All the MS doc's examples say something like this... which doesn't
help me at all. I need to know HOW to keep it secure.
// <-- Keep this information secure! -->
Do I need some kind of assembly permission attribute in the AssemlyInfo.cs
file or some kind of attribute on this method? If so, what? Can someone
please explain this to me and give me working example? I'm baffled.
Many thanks in advance,
--
John Bowman
Verona, WI 18*******@chart er.net 13 2197
"John Bowman" <jm******@chart er.net> wrote in message
news:uP******** ******@TK2MSFTN GP09.phx.gbl... Hi All,
I've got a simple wrapper static test method on a class to expand the environment variables on a specified string:
public static string ExpandEnvironme ntStr(string Str) { return Environment.Exp andEnvironmentV ariables(Str); }
For some apparently security related reason it crashes with the following exception:
An unhandled exception of type 'System.Securit y.SecurityExcep tion' occurred in mscorlib.dll
Additional information: Request for the permission of type System.Security .Permissions.En vironmentPermis sion, mscorlib, Version=1.0.500 0.0, Culture=neutral , PublicKeyToken= b77a5c561934e08 9 failed.
Being a security newbe I just can't figure out from the MS doc's what this means and how to use the EnvironmentPerm ission to fix it. The doc's only confused me completely. All I need to do is be able to read stuff from the Environment class (expanding variables and retreiving special folders, etc.). All the MS doc's examples say something like this... which doesn't help me at all. I need to know HOW to keep it secure.
// <-- Keep this information secure! -->
Do I need some kind of assembly permission attribute in the AssemlyInfo.cs file or some kind of attribute on this method? If so, what? Can someone please explain this to me and give me working example? I'm baffled.
Many thanks in advance,
-- John Bowman Verona, WI 18*******@chart er.net
Assuming you are running from a file share / Intranet site, the Code Access
Security (CAS) settings only allow you to read the USERNAME environment
variable and nothing else. If you copy the program locally you should be
able to have the program execute normally. This is because non-local code is
given fewer permissions than local code.
However, assuming you actually need to be able to run from the non-local
machine you need to adjust CAS policy in some way to give extra permissions
to this site or assembly. There are a couple of ways to do this.
CAS assigns permissions based on the information about the executing code
(like its origin in terms of where it is running from or who authored it)
this information is called Evidence.
The CAS policy on a machine performs tests on this evidence and assigns
groups of permissions (called Permission Sets) based on the code passing
this test. The mapping of a test of evidence to a permissoin set is called a
code group. You can see all of this policy configuration in the .NET
configuration utility (mscorcfg.msc) under the Runtime Security Policy
section.
The basic configuration is principally based on IE Zone (LocalMachine,
Intranet, Internet, etc). Your code is executing from the Intranet to you
need to add a code group under the Local Intranet codegroup. Make a test of
evidence based on the site, URL or stong name or your assembly and map it to
a permission set that will grant your code the rights it needs. You could
create a custom one that grants unrestricted access to the environment block
but you could set it to FullTrust for now. A custom one is better as it
means your code only has access to the things it needs to do (principle of
least privilege).
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
Richard,
Thanks for the explanations, it is a start in my learning curve. But I've
got nothing to do with the Internet for this program. It will ONLY be
installed and executed locally. This is even currently on a development
system where I've got Admin priviledges for the sake of testing/debugging.
Furthermore, when I use the "Evaluate Assembly" tool under the .NET 1.1
Configuration tool, it claims my assembly gets "Unrestrict ed" permissions.
So I still don't have a clue as to how to properly code this. I've used
Environment.Get FolderaPath() and Environment.New Line, etc. before and never
had a problem.
Any more help?
John
"Richard Blewett [DevelopMentor]" <richard at nospam dotnetconsult dot co
dot uk> wrote in message news:eu******** *****@TK2MSFTNG P09.phx.gbl... "John Bowman" <jm******@chart er.net> wrote in message news:uP******** ******@TK2MSFTN GP09.phx.gbl... Hi All,
I've got a simple wrapper static test method on a class to expand the environment variables on a specified string:
public static string ExpandEnvironme ntStr(string Str) { return Environment.Exp andEnvironmentV ariables(Str); }
For some apparently security related reason it crashes with the following exception:
An unhandled exception of type 'System.Securit y.SecurityExcep tion' occurred in mscorlib.dll
Additional information: Request for the permission of type System.Security .Permissions.En vironmentPermis sion, mscorlib, Version=1.0.500 0.0, Culture=neutral , PublicKeyToken= b77a5c561934e08 9 failed.
Being a security newbe I just can't figure out from the MS doc's what this means and how to use the EnvironmentPerm ission to fix it. The doc's only confused me completely. All I need to do is be able to read stuff from the Environment class (expanding variables and retreiving special folders, etc.). All the MS doc's examples say something like this... which doesn't help me at all. I need to know HOW to keep it secure.
// <-- Keep this information secure! -->
Do I need some kind of assembly permission attribute in the AssemlyInfo.cs file or some kind of attribute on this method? If so, what? Can someone please explain this to me and give me working example? I'm baffled.
Many thanks in advance,
-- John Bowman Verona, WI 18*******@chart er.net
Assuming you are running from a file share / Intranet site, the Code Access Security (CAS) settings only allow you to read the USERNAME environment variable and nothing else. If you copy the program locally you should be able to have the program execute normally. This is because non-local code is given fewer permissions than local code.
However, assuming you actually need to be able to run from the non-local machine you need to adjust CAS policy in some way to give extra permissions to this site or assembly. There are a couple of ways to do this.
CAS assigns permissions based on the information about the executing code (like its origin in terms of where it is running from or who authored it) this information is called Evidence.
The CAS policy on a machine performs tests on this evidence and assigns groups of permissions (called Permission Sets) based on the code passing this test. The mapping of a test of evidence to a permissoin set is called a code group. You can see all of this policy configuration in the .NET configuration utility (mscorcfg.msc) under the Runtime Security Policy section.
The basic configuration is principally based on IE Zone (LocalMachine, Intranet, Internet, etc). Your code is executing from the Intranet to you need to add a code group under the Local Intranet codegroup. Make a test of evidence based on the site, URL or stong name or your assembly and map it to a permission set that will grant your code the rights it needs. You could create a custom one that grants unrestricted access to the environment block but you could set it to FullTrust for now. A custom one is better as it means your code only has access to the things it needs to do (principle of least privilege).
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
"John Bowman" <jm******@chart er.net> wrote in message
news:OZ******** ******@TK2MSFTN GP09.phx.gbl... Richard,
Thanks for the explanations, it is a start in my learning curve. But I've got nothing to do with the Internet for this program. It will ONLY be installed and executed locally. This is even currently on a development system where I've got Admin priviledges for the sake of testing/debugging. Furthermore, when I use the "Evaluate Assembly" tool under the .NET 1.1 Configuration tool, it claims my assembly gets "Unrestrict ed" permissions. So I still don't have a clue as to how to properly code this. I've used Environment.Get FolderaPath() and Environment.New Line, etc. before and never had a problem.
Any more help?
John
Hmmm - so the evaluate assembly tool says you have fulltrust? Then it should
work.
Create a console app with the following code in it and make sure that
executes correctly, then copy it to the same place as the app you are trying
to run and try it there
using System;
class Program
{
static void Main(string[] args)
{
Console.WriteLi ne(Environment. ExpandEnvironme ntVariables("%w indir%"));
}
}
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
"John Bowman" <jm******@chart er.net> wrote in message
news:OZ******** ******@TK2MSFTN GP09.phx.gbl... Richard,
Thanks for the explanations, it is a start in my learning curve. But I've got nothing to do with the Internet for this program. It will ONLY be installed and executed locally. This is even currently on a development system where I've got Admin priviledges for the sake of testing/debugging. Furthermore, when I use the "Evaluate Assembly" tool under the .NET 1.1 Configuration tool, it claims my assembly gets "Unrestrict ed" permissions. So I still don't have a clue as to how to properly code this. I've used Environment.Get FolderaPath() and Environment.New Line, etc. before and never had a problem.
Any more help?
John
Oh, and admin privilege is nothing to do with CAS. CAS layers on top of
windows security and can provide extra restrictions based on the evidence
(it can't however extend permissions not granted by windows security)
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
Richard,
Thanks again for the additional assistance. The test app works perfectly,
even in the same location as the real app. When I copy your line:
Console.WriteLi ne(Environment. ExpandEnvironme ntVariables("%w indir%"));
into my code to replace my existing function. It crashes just like my code.
Any other ideas?
John
"Richard Blewett [DevelopMentor]" <richard at nospam dotnetconsult dot co
dot uk> wrote in message news:%2******** ********@TK2MSF TNGP09.phx.gbl. .. "John Bowman" <jm******@chart er.net> wrote in message news:OZ******** ******@TK2MSFTN GP09.phx.gbl... Richard,
Thanks for the explanations, it is a start in my learning curve. But I've got nothing to do with the Internet for this program. It will ONLY be installed and executed locally. This is even currently on a development system where I've got Admin priviledges for the sake of testing/debugging. Furthermore, when I use the "Evaluate Assembly" tool under the .NET 1.1 Configuration tool, it claims my assembly gets "Unrestrict ed" permissions. So I still don't have a clue as to how to properly code this. I've used Environment.Get FolderaPath() and Environment.New Line, etc. before and never had a problem.
Any more help?
John
Hmmm - so the evaluate assembly tool says you have fulltrust? Then it should work.
Create a console app with the following code in it and make sure that executes correctly, then copy it to the same place as the app you are trying to run and try it there
using System;
class Program { static void Main(string[] args) { Console.WriteLi ne(Environment. ExpandEnvironme ntVariables("%w indir%")); } }
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
"John Bowman" <jm******@chart er.net> wrote in message
news:ez******** ********@TK2MSF TNGP12.phx.gbl. .. Richard,
Thanks again for the additional assistance. The test app works perfectly, even in the same location as the real app. When I copy your line:
Console.WriteLi ne(Environment. ExpandEnvironme ntVariables("%w indir%"));
into my code to replace my existing function. It crashes just like my code.
Any other ideas?
John
How is your code being loaded - are you a plug-in or something like that?
There is obviously something fundementally different about the .exe I sent
and how your code executes - can you give us some more detail about what
your application does?
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
Richard,
Thanks again for continuing to try and help me out. Basically, it's an
installer launcher. It figures out what installers are on the media and then
launches them in succession. Nothing really fancy. The
Environment.Exp andVariables method is used whenever a folder spec is
retrieved from various places (such as the registry or ini file) to make
certain that any environment strings embedded in the retrieved value are
properly expanded. This same routine worked fine in another one of my apps.
Then I just lifted the code (such as it is <g>) and put it in here and now
it refuses to cooperate.
John
"Richard Blewett [DevelopMentor]" <richard at nospam dotnetconsult dot co
dot uk> wrote in message news:ek******** *****@TK2MSFTNG P10.phx.gbl... "John Bowman" <jm******@chart er.net> wrote in message news:ez******** ********@TK2MSF TNGP12.phx.gbl. .. Richard,
Thanks again for the additional assistance. The test app works perfectly, even in the same location as the real app. When I copy your line:
Console.WriteLi ne(Environment. ExpandEnvironme ntVariables("%w indir%"));
into my code to replace my existing function. It crashes just like my code.
Any other ideas?
John
How is your code being loaded - are you a plug-in or something like that? There is obviously something fundementally different about the .exe I sent and how your code executes - can you give us some more detail about what your application does?
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
Ricahrd,
Thanks again for continuing trying to help me out. Basically, the program is
an installer launcher. It figures out what MSI based installers are present
on the media and runs them - nothing really fancy. It uses the
Environment.Exp andVariables method to make certain that any folder spec
strings retrieved from ini or registry are properly expanded before the
program makes any use of them. I had this code in another program and simply
lifted it for this one and now it doesn't work.
John
"Richard Blewett [DevelopMentor]" <richard at nospam dotnetconsult dot co
dot uk> wrote in message news:ek******** *****@TK2MSFTNG P10.phx.gbl... "John Bowman" <jm******@chart er.net> wrote in message news:ez******** ********@TK2MSF TNGP12.phx.gbl. .. Richard,
Thanks again for the additional assistance. The test app works perfectly, even in the same location as the real app. When I copy your line:
Console.WriteLi ne(Environment. ExpandEnvironme ntVariables("%w indir%"));
into my code to replace my existing function. It crashes just like my code.
Any other ideas?
John
How is your code being loaded - are you a plug-in or something like that? There is obviously something fundementally different about the .exe I sent and how your code executes - can you give us some more detail about what your application does?
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
Sorry about the accidental double posts...
John
"John Bowman" <jm******@chart er.net> wrote in message
news:u4******** ******@tk2msftn gp13.phx.gbl... Ricahrd,
Thanks again for continuing trying to help me out. Basically, the program is an installer launcher. It figures out what MSI based installers are present on the media and runs them - nothing really fancy. It uses the Environment.Exp andVariables method to make certain that any folder spec strings retrieved from ini or registry are properly expanded before the program makes any use of them. I had this code in another program and simply lifted it for this one and now it doesn't work.
John
"Richard Blewett [DevelopMentor]" <richard at nospam dotnetconsult dot co dot uk> wrote in message news:ek******** *****@TK2MSFTNG P10.phx.gbl... "John Bowman" <jm******@chart er.net> wrote in message news:ez******** ********@TK2MSF TNGP12.phx.gbl. .. Richard,
Thanks again for the additional assistance. The test app works perfectly, even in the same location as the real app. When I copy your line:
Console.WriteLi ne(Environment. ExpandEnvironme ntVariables("%w indir%"));
into my code to replace my existing function. It crashes just like my code.
Any other ideas?
John
How is your code being loaded - are you a plug-in or something like that? There is obviously something fundementally different about the .exe I sent and how your code executes - can you give us some more detail about what your application does?
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: jwpioneer |
last post by:
I have a need within an application to modify the path environment variable,
as I need to find specific directories and remove them. I use the following
code to do this:
RegistryKey rkey = null;
rkey =
Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\Session
Manager\Environment",true);
string p = (String)rkey.GetValue("Path");
string pp = p.Split(';');
|
by: John Dalberg |
last post by:
I am trying to lock down file access of some sites in a shared hosting
environment so that different users can only access their own site's
directory with their asp.net code. However there's a problem with some
aspnet user access.
After some experimenting with ntfs permissions, I noticed that any asp.net
enabled site *must* have asp.net user have read access on the folder above
the application folder plus have read access to the...
|
by: Bill Baker |
last post by:
I have a class that requires the Machine Name as a parameter in the
construtor. It is a Windows Form app. When I run the executable, I get the
"Send Error Report..." dialog. When I debug in VS.NET, I get these details:
System.Security.SecurityException was unhandled
Message="Request for the permission of type
'System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'...
|
by: tmoffett |
last post by:
I am very new to the language so please pardon my ignorance.
I am writing a small console application to gather hardware inventory
information. When I run the application locally all works well. It
gathers the needed information and writes that info to a remote SQL
server.
If I put the file in the scripts folder on our AD domain controller (so
that I can use it with login scripts) it fails to run. It also fails
when I run it from...
|
by: Richard Levasseur |
last post by:
(Forewarning, most of these problems and solutions come from being the
only developer in a 1 server department with no budget, few resources,
unresponsive IT, and non-technical managers, so thats where I'm coming
from.)
(Additionally, this may or may not fit in this group, but I know
there's bright people here, and it is largely PHP development centric)
Any time I've done web development, I've always been plagued by some of
the...
| |
by: Will Asrari |
last post by:
In my code I have created a Process for opening up a command line
executable using System.Diagnostics.Process that imports a csv full of
Generic Authorization account information to numerous tables (SQL). When
the executable resides on the same server as my application the import
works fine. When my application is executed a new text file is created
in the folder listed below. The process arguments ent=1 and store=1 know
to look in...
|
by: mohins |
last post by:
I am getting the error while I am trying to connect to Oracle with my code in ASP.NET, this code is working in another machine, but it fails in my laptop, giving the below error.
Could not create an environment: OCIEnvCreate returned -1.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
...
|
by: ram.rachum |
last post by:
Hey, I'm looking for a good Python environment. That is, at least an
editor and a debugger, and it should run on Windows. Does anyone have
any idea?
|
by: =?Utf-8?B?SGVsZW4gVHJpbQ==?= |
last post by:
I am developing a web application in Visual Studio 2003, .NET 1.1 to run on
our intranet. I want to identify users to save them logging in.
The line:
UserName = Environment.UserName
is returning "ASPNET", instead of my user name.
I have read all the Help documentation, but I can't find any reason why this
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |