How do I deploy my Win Form application to other computers on the network. I
tried "Build Solution" and "Build ProjectName", and then I run the exe out of
the bin folder and get the error about "not allowed by the security policy…..
Request for the permission of type System Data.SqlClient.SqlClientPermission,
System.Data…." : "
System.Security.SecurityException: Request for the permission of type
System.Data.SqlClient.SqlClientPermission, System.Data, Version=1.0.5000.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
at System.Security.CodeAccessSecurityEngine.CheckHelper(PermissionSet
grantedSet, PermissionSet deniedSet, CodeAccessPermission demand,
PermissionToken permToken)"



My Win Form application connects to MS SQL 2000, the connection string is in
App.config file.

Hi Mike,
if you are trying to run the exe from one computer when it is located on
the disk of another computer you could run into security issues by trying to
run an exe not located on the local disk.

The easiest thing would be to try copying the exe locally onto the remote
computer and then executing it.

Mark

"Mike L" wrote:

> How do I deploy my Win Form application to other computers on the network. I
> tried "Build Solution" and "Build ProjectName", and then I run the exe out of
> the bin folder and get the error about "not allowed by the security policy…..
> Request for the permission of type System Data.SqlClient.SqlClientPermission,
> System.Data…." : "
> System.Security.SecurityException: Request for the permission of type
> System.Data.SqlClient.SqlClientPermission, System.Data, Version=1.0.5000.0,
> Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
> at System.Security.CodeAccessSecurityEngine.CheckHelper(PermissionSet
> grantedSet, PermissionSet deniedSet, CodeAccessPermission demand,
> PermissionToken permToken)"
>
>
>
> My Win Form application connects to MS SQL 2000, the connection string is in
> App.config file.
>

Hi Cadel,

Thanks for your post.

Yes, .Net has the Code access security to only enforce partial trust for
network share application. And defautly, it does not give
SqlClientPermission for network share application.

We can run "Microsoft .NET Framework 1.1 Configuration" tool in the control
panel, then expand "Runtime Security Policy"->"Code Groups"->"All Codes",
right click this node, then select "New...". In the popup dialog, type a
code group name, press "Next", in the next dropdownlist, select "URL", in
the textbox input your Exe's URL, such as
"\\msjeff\temp\ComboBoxTest\ComboBoxTest\bin\Debug\XXX.exe" press "Next".
Select "Full Trust" permission set for this application. Then your network
share running application will have full trust permission on the
application.

Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Worked local, but I want the exe on the fileserver, with 15 computers access
it.

So, if I need to make a change to my Win Form application, I can update the
exe in one place.

Will I have to go the the .Net security configuration for each computer?

""Jeffrey Tan[MSFT]"" wrote:

> Hi Cadel,
>
> Thanks for your post.
>
> Yes, .Net has the Code access security to only enforce partial trust for
> network share application. And defautly, it does not give
> SqlClientPermission for network share application.
>
> We can run "Microsoft .NET Framework 1.1 Configuration" tool in the control
> panel, then expand "Runtime Security Policy"->"Code Groups"->"All Codes",
> right click this node, then select "New...". In the popup dialog, type a
> code group name, press "Next", in the next dropdownlist, select "URL", in
> the textbox input your Exe's URL, such as
> "\\msjeff\temp\ComboBoxTest\ComboBoxTest\bin\Debug\XXX.exe" press "Next".
> Select "Full Trust" permission set for this application. Then your network
> share running application will have full trust permission on the
> application.
>
> Hope this helps.
>
> Best regards,
> Jeffrey Tan
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> This posting is provided "as is" with no warranties and confers no rights.
>
>

Hi Cadel,

Thanks for your feedback.

Yes, I see your concern. However, this is the default CAS setting of any
machine installed .Net Framework. That is, defaultly, .Net does not trust
the Sql operation of network shared application. We have to explicit tell
the .Net to trust our application.

Because our Winform application runs with .Net code, we can not use .Net
code to config the CAS settings, or this will become a security hole.
Currently, I think we have 2 options:
1. Manually config all the client machines to trust our network shared
application
2. First use a bootstrapper unmanaged application to config the .Net
settings to trust our winform application. Then invoke our Winform
application to run.

For #2, to config the .Net settings, we can use CreateProcess API(or other
shell api) to invoke Caspol.exe to do the configuration. Caspol.exe is the
command line tool of .Net Security configuration snap-in. For more
information, please refer to the links below:
"Code Access Security Policy-Tool (Caspol.exe)"
http://msdn.microsoft.com/library/de.../deu/cptools/h
tml/cpgrfCodeAccessSecurityPolicyUtilityCaspolexe.asp
"Using CasPol to Fully Trust a Share"
http://blogs.msdn.com/shawnfa/archiv...30/344554.aspx

Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

The english version is
http://msdn.microsoft.com/library/de...ycaspolexe.asp

At first this looks hard but its very easy. Thanks.

I added the command to a batch file works, perfect.

""Jeffrey Tan[MSFT]"" wrote:

> Hi Cadel,
>
> Thanks for your feedback.
>
> Yes, I see your concern. However, this is the default CAS setting of any
> machine installed .Net Framework. That is, defaultly, .Net does not trust
> the Sql operation of network shared application. We have to explicit tell
> the .Net to trust our application.
>
> Because our Winform application runs with .Net code, we can not use .Net
> code to config the CAS settings, or this will become a security hole.
> Currently, I think we have 2 options:
> 1. Manually config all the client machines to trust our network shared
> application
> 2. First use a bootstrapper unmanaged application to config the .Net
> settings to trust our winform application. Then invoke our Winform
> application to run.
>
> For #2, to config the .Net settings, we can use CreateProcess API(or other
> shell api) to invoke Caspol.exe to do the configuration. Caspol.exe is the
> command line tool of .Net Security configuration snap-in. For more
> information, please refer to the links below:
> "Code Access Security Policy-Tool (Caspol.exe)"
> http://msdn.microsoft.com/library/de.../deu/cptools/h
> tml/cpgrfCodeAccessSecurityPolicyUtilityCaspolexe.asp
> "Using CasPol to Fully Trust a Share"
> http://blogs.msdn.com/shawnfa/archiv...30/344554.aspx
>
> Hope this helps.
>
> Best regards,
> Jeffrey Tan
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> This posting is provided "as is" with no warranties and confers no rights.
>
>

Hi Cadel,

I am glad your problem is resolved. If you need further help, please feel
free to post. Thanks

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.