By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,890 Members | 1,226 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,890 IT Pros & Developers. It's quick & easy.

Security issue when creating thread in Smart Client

P: n/a
I have a C# application that I want to run as a "smart client", by executing
the exe through IE pointing to an intranet server. I need to increase
permissions to the application because it accesses a local SQL server, and
the Intranet zone by default doesn't have rights to do this
(SqlClientPermission).

So, I assigned FullTrust to the URL that points to my app through the .NET
configuration tool. Everything was working fine until I needed to have my
app access an unmanaged COM object. That object needs to run in an STA
thread, and the IExec process that starts my app is MTA. So, no problem - I
started an STA thread and have all my code run inside that.

Now I have a strange security problem. The application will run fine if I
run it directly by double-clicking on the exe in "My Computer", but when I
try to run it through the IE shortcut, I get a permission exception -
SqlClientPermission.

Code running in the STA thread is doesn't longer have the rights I assigned
in the .NET config tool. I verified this by requesting SQLClientPermission
in the calling thread, and then in the created thread. The calling thread
can get the permission fine. The created thread can't. I then tried having
the created thread impersonate the WindowsIdentity of the calling thread,
but it doesn't have rights to do that, either.

Anyone have any ideas?

- Dave
Nov 16 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.