By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,827 Members | 2,177 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,827 IT Pros & Developers. It's quick & easy.

.NET Security

P: n/a
I am fairly new to .NET programming so this may be a simplistic
question. I wrote a C# application that reads and writes files. If
the program resides on a local drive everything is fine. If the
program resides on a network drive then I get the following error.

System.Security.SecurityException: Request for the permission of type
'System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.
at System.Security.CodeAccessSecurityEngine.Check(Obj ect demand,
StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.IO.Directory.GetCurrentDirectory()
at Transmitter.TransmProcess.GetFiles(Form1 oTWin, String sDirPath)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The Zone of the assembly that failed was:
Intranet

I have tried the following with no luck. Any suggestions?
FileIOPermission f = new
FileIOPermission(PermissionState.Unrestricted);
f.AllFiles = FileIOPermissionAccess.AllAccess;
Thanks,

Gary

Mar 28 '07 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Gary,

The problem here is that you are running it off a network drive. Code
that resides on the local drive typically is given unrestricted freedom.
When running of a network drive (or the internet, which is even more
restrictive), the thinking here is that since the code came from a place not
on your machine (which you probably have less control over than your own
machine), it shouldn't be trusted.

In order to get around this, you have to go to the .NET Framework
Configuration tool, located in the Administrative Tools for your machine.
Once you have that, you can add a new code group to the runtime security
policy for the user or machine. In this code group, you identify your app
(through location, hash, or strong name. Signing your app with a strong
name key is the best bet in this scenario, as recompiles will mess with your
hash), and then you can assign it Full Trust, or whatever permissions subset
is required to run your application.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"GMiller" <lu********@gmail.comwrote in message
news:11**********************@n76g2000hsh.googlegr oups.com...
>I am fairly new to .NET programming so this may be a simplistic
question. I wrote a C# application that reads and writes files. If
the program resides on a local drive everything is fine. If the
program resides on a network drive then I get the following error.

System.Security.SecurityException: Request for the permission of type
'System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.
at System.Security.CodeAccessSecurityEngine.Check(Obj ect demand,
StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.IO.Directory.GetCurrentDirectory()
at Transmitter.TransmProcess.GetFiles(Form1 oTWin, String sDirPath)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The Zone of the assembly that failed was:
Intranet

I have tried the following with no luck. Any suggestions?
FileIOPermission f = new
FileIOPermission(PermissionState.Unrestricted);
f.AllFiles = FileIOPermissionAccess.AllAccess;
Thanks,

Gary

Mar 28 '07 #2

P: n/a
"GMiller" <lu********@gmail.comwrote in message
news:11**********************@n76g2000hsh.googlegr oups.com...
>[...] If
the program resides on a local drive everything is fine. If the
program resides on a network drive then I get the following error.

System.Security.SecurityException: Request for the permission of type
'System.Security.Permissions.FileIOPermission,
[...]
I have tried the following with no luck. Any suggestions?
FileIOPermission f = new
FileIOPermission(PermissionState.Unrestricted);
f.AllFiles = FileIOPermissionAccess.AllAccess;
No, you don't fix it in code from within the program. This is the .Net
runtime protecting you against a potentially harmful program. Since you are
running the executable from a network drive, and the framework does not know
that this location is trusted, it defaults to limiting the permissions of
the program.
You can grant additional permissions to the programas downloaded from
that location from the Control Panel, Administrative tools, .Net Framework
Configuration. This has to be done at every PC that needs to trust that
location. This configuration tool comes with the Framework v1, but not with
v2; if you have v2 you can get the configuration tool with the framework
SDK.
Another tool that serves the same purpose is CASPOL.exe. You run it from
a command prompt with various parameters that determine the permissions to
grant.
If you need to configure multiple computers, you create an enterprise
policy from control panel at a computer that has the framework configuration
tool installed. The tool can then generate a .msi that you can then install
at the rest of the computers. This can be automated via group policy if it
needs to be deployed in a large organization.

Mar 28 '07 #3

P: n/a
Nicholas
Thanks for the quick answer. A couple of questions.

Is there a "best" way to handle this? Should I simply require a user
to run the application on a local drive and not a network drive?

How do a 'sign' my application for the security policy?

Exactly where under the .NET configuration tool do I assign the
security policy?

Thanks,

Gary
Mar 28 '07 #4

P: n/a
Gary,

Well, having it on the local drive as opposed to the network drive is
not any big deal, but you do have to worry about re-deploying the app every
time it changes, which is what I imagine the reason for putting it on a
network share is.

If you want a better deployment story, look at ClickOnce. It is an
install/update mechanism in .NET which will help with all of these issues.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"GMiller" <lu********@gmail.comwrote in message
news:11**********************@r56g2000hsd.googlegr oups.com...
Nicholas
Thanks for the quick answer. A couple of questions.

Is there a "best" way to handle this? Should I simply require a user
to run the application on a local drive and not a network drive?

How do a 'sign' my application for the security policy?

Exactly where under the .NET configuration tool do I assign the
security policy?

Thanks,

Gary


Mar 28 '07 #5

P: n/a
I set the security policy to "full trust" at the machine level and I
still receive the same error. It seems like I'm missing the obvious
here.

Thanks,

Gary

Mar 28 '07 #6

P: n/a
"GMiller" <lu********@gmail.comwrote in message
news:11********************@n59g2000hsh.googlegrou ps.com...
>I set the security policy to "full trust" at the machine level and I
still receive the same error. It seems like I'm missing the obvious
here.
"full trust" at the machine level ... and what code group? If your
server is on the "local intranet", and you apply "full trust" to the
local_intranet group at machine level, it should work ... unless inferior
permissions are assigned at the user or enterprise level, since you get the
intersection of the three permission sets (by default these two levels are
set to full trust so you should have no problems).

Mar 28 '07 #7

P: n/a
PS

"GMiller" <lu********@gmail.comwrote in message
news:11**********************@n76g2000hsh.googlegr oups.com...
>I am fairly new to .NET programming so this may be a simplistic
question. I wrote a C# application that reads and writes files. If
the program resides on a local drive everything is fine. If the
program resides on a network drive then I get the following error.

System.Security.SecurityException: Request for the permission of type
'System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.
at System.Security.CodeAccessSecurityEngine.Check(Obj ect demand,
StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.IO.Directory.GetCurrentDirectory()
at Transmitter.TransmProcess.GetFiles(Form1 oTWin, String sDirPath)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The Zone of the assembly that failed was:
Intranet

I have tried the following with no luck. Any suggestions?
FileIOPermission f = new
FileIOPermission(PermissionState.Unrestricted);
f.AllFiles = FileIOPermissionAccess.AllAccess;
%windir%\Microsoft.Net\Framework\v2.0.50727\caspol -cg 1.2 FullTrust will
allow "intranet" applications to run. Note that referencing an IP address
will make this an "internet" zone so use UNC. IE7 can also change the
interpretation of "intranet" so Tools / Options / Security and add server
name to Local Intranet if necessary.

PS
Mar 28 '07 #8

This discussion thread is closed

Replies have been disabled for this discussion.