By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,667 Members | 2,611 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,667 IT Pros & Developers. It's quick & easy.

.NET CGI script has inadequate permissions to receive form data ???

P: n/a
I'm trying to write a CGI script in C#; it receives data from an HTML
form via the POST method, and tries to read the form data using
System.Environment.GetEnvironmentVariable(). Which is where I have a
problem. When I use a 32-bit build of the CGI script, everything works
swimmingly. But when I use a 64-bit build of the CGI script,
GetEnvironmentVariable() throws a System.Security.SecurityException
saying it doesn't have permission to read the environment variable.
(I'm running Windows XP Professional x64 and .NET 2.0 SP1 64 bit, and
my web server is IIS 6.)

There must be something I'm missing, because if not, then it would be
impossible to write 64-bit CGI scripts in C# that use the POST method.
But: does anyone have any theories?

I've tried getting Visual Studio to sign the executable, to no avail.
And oddly, I can set the 32-bit build of the executable to be fully
trusted (using "caspol -af CgiScript.exe) but if I try to do the same
thing with the 64-bit build I get an "ERROR: Unable to load assembly".

My HTML form, CGI source code, and the 64-bit output (including the
exception) are below.

Cheers!

//////////////////////////////////////////////////////////////////////////

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"<html
xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>This will load CgiScript.exe</title>
</head>
<body>

<form action="CgiScript.exe", method="POST" id="MyForm">
<input type="checkbox" value="chkbox1" />Text1
<input type="checkbox" value="chkbox2" />Text2
<input type="submit" name="submit1" value="Submit1" />
<input type="submit" name="submit2" value="Submit2" />
</form>
</body>
</html>

//////////////////////////////////////////////////////////////////////////

namespace CgiScript
{
class Program
{
private static string GetProcessEnvironmentVariable(string
variable)
{
System.Console.WriteLine("About to get env var");
string value00 =
System.Environment.GetEnvironmentVariable(
variable, System.EnvironmentVariableTarget.Process
);
System.Console.WriteLine("Got env var");

if (null == value00) {
ReturnError("Missing value: " + variable);
}

return value00;
}

private static void ReturnError(string err)
{
System.Console.WriteLine();
System.Console.WriteLine();
System.Console.WriteLine(err);
}

public static void Main(string[] args)
{
try {
System.Console.WriteLine("Content-Type: text/plain");
System.Console.WriteLine();
System.Console.WriteLine();

string request_method =
GetProcessEnvironmentVariable("REQUEST_METHOD");
if (null == request_method) {
ReturnError("Missing value REQUEST_METHOD");
return;
}

} catch (System.Exception exc) {
ReturnError(exc.ToString());
}
}
}
}

//////////////////////////////////////////////////////////////////////////

About to get env var
System.Security.SecurityException: Request for the permission of type
'System.Security.Permissions.EnvironmentPermission , mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.
at System.Security.CodeAccessSecurityEngine.Check(Obj ect demand,
StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Environment.GetEnvironmentVariable(String variable)
at System.Environment.GetEnvironmentVariable(String variable,
EnvironmentVariableTarget target)
at CgiScript.Program.GetProcessEnvironmentVariable(St ring variable)
at CgiScript.Program.Main(String[] args)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.EnvironmentPermission
The Zone of the assembly that failed was:
Internet
Jul 24 '08 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.