Apply security permission in class library, fail to call it out!

G

Guest

Hi there,

I had applied this security permissions in my class library based on fxcop
standards.

Before namespace:

using System.Runtime.InteropServices;
using System.Security.Permissions;

[assembly:IsolatedStorageFilePermission(SecurityAction.RequestMinimum,
UserQuota=1048576)]
[assembly:SecurityPermission(SecurityAction.RequestRefuse,
UnmanagedCode=true)]
[assembly:FileIOPermission(SecurityAction.RequestOptional, Unrestricted=true)]

In AssemblyInfo.cs

[assembly: AssemblyKeyFile("../../snkey.snk")]

But when my windows app try to all the function during run time, it just
fails.

The errors:

An unhandled exception of type 'System.Security.SecurityException' occured
in Tester.exe

Any tips?

Thanks.
 
B

Branimir Giurov

Hi there,

if the exception is being thrown right after you start the app, there should
be a problem with the requested permissions (The RequestMinimum for example
or some more like it in the app).

Before the CLR starts the execution of the assembly, it will check if all of
the requested permissions are being granted. That means that based on the
evidences for the assembly's origin (zone it is being started from, strong
name, digital signature, etc.) it will be assigned to a predefined code
group.
If at that point, the CLR can't apply the securty request, an exception will
be trown(which might be a SecurityException or PolicyException - depending
on the case).

Otherwise, if the exception is being thrown after the app starts, you should
try to find where the exception is being trowned - there should be a problem
with some resource (something else than those with RequestMinimum or an
action performed to a resource being explicitly refused or optional - like
the FileIO or the UnmanagedCode) not being allowed by the CLR's Security
system to your app. The problem might be the restricted user's account under
you're trying to start the app or something else - like starting it from a
network location (which is not being detected as local intranet) - in this
case the CAS (code access security) just restricts the permissions to the
app.

Hope that helps,
Branimir
 
G

Guest

I had a tester app with a button. Inside the button click function, it will
call the class library with security permission.

It means, when i run the app no problem, just when i click on the button, i
receive the security problem.

Thanks for the previous tip. Do i need to do anything extra on the tester
app? Like coding attributes or doing something to allow me? Or is more to
permission on windows side?

Thanks again.

Branimir Giurov said:
Hi there,

if the exception is being thrown right after you start the app, there should
be a problem with the requested permissions (The RequestMinimum for example
or some more like it in the app).

Before the CLR starts the execution of the assembly, it will check if all of
the requested permissions are being granted. That means that based on the
evidences for the assembly's origin (zone it is being started from, strong
name, digital signature, etc.) it will be assigned to a predefined code
group.
If at that point, the CLR can't apply the securty request, an exception will
be trown(which might be a SecurityException or PolicyException - depending
on the case).

Otherwise, if the exception is being thrown after the app starts, you should
try to find where the exception is being trowned - there should be a problem
with some resource (something else than those with RequestMinimum or an
action performed to a resource being explicitly refused or optional - like
the FileIO or the UnmanagedCode) not being allowed by the CLR's Security
system to your app. The problem might be the restricted user's account under
you're trying to start the app or something else - like starting it from a
network location (which is not being detected as local intranet) - in this
case the CAS (code access security) just restricts the permissions to the
app.

Hope that helps,
Branimir

--
Branimir Giurov
MCSD.NET, MCDBA
www.sofiadev.org



Chua Wen Ching said:
Hi there,

I had applied this security permissions in my class library based on fxcop
standards.

Before namespace:

using System.Runtime.InteropServices;
using System.Security.Permissions;

[assembly:IsolatedStorageFilePermission(SecurityAction.RequestMinimum,
UserQuota=1048576)]
[assembly:SecurityPermission(SecurityAction.RequestRefuse,
UnmanagedCode=true)]
[assembly:FileIOPermission(SecurityAction.RequestOptional, Unrestricted=true)]

In AssemblyInfo.cs

[assembly: AssemblyKeyFile("../../snkey.snk")]

But when my windows app try to all the function during run time, it just
fails.

The errors:

An unhandled exception of type 'System.Security.SecurityException' occured
in Tester.exe

Any tips?

Thanks.
Click to expand...
Click to expand...
 
B

Branimir Giurov

It depends -

if there is a permission denied from the OS (like file permission) it should
throw an exception as well. You can do something else - try to do a security
demand in the class library before accessing a resource. Before the demand,
write into the debuger or the trace, then do the same after the deman. The
security demand will wall the call stack and make sure that the callers have
the the same permissions as well as the one you're asking for. For example:

Trace.WriteLine("before demand permission to ...");
FileIOPermission fp = new FileIOPermission(FileIOPermissionAccess.Read,
"c:\\test.txt");
fp.Demand();
Trace.WriteLine("after demand permission to ...");

You should do that if you can't debug the source with VS. By doing this, you
can intercept where the exception comes from. The other possible solution is
to compile in a Debug mode and catch the permission at app level. Then log
the stack trace and the message. By looking at the stack trace, you'll see
in which method the exception was thrown originally.

Let me know how it goes. :)

Branimir

--
Branimir Giurov
MCSD.NET, MCDBA
www.sofiadev.org



Chua Wen Ching said:
I had a tester app with a button. Inside the button click function, it will
call the class library with security permission.

It means, when i run the app no problem, just when i click on the button, i
receive the security problem.

Thanks for the previous tip. Do i need to do anything extra on the tester
app? Like coding attributes or doing something to allow me? Or is more to
permission on windows side?

Thanks again.

Branimir Giurov said:
Hi there,

if the exception is being thrown right after you start the app, there should
be a problem with the requested permissions (The RequestMinimum for example
or some more like it in the app).

Before the CLR starts the execution of the assembly, it will check if all of
the requested permissions are being granted. That means that based on the
evidences for the assembly's origin (zone it is being started from, strong
name, digital signature, etc.) it will be assigned to a predefined code
group.
If at that point, the CLR can't apply the securty request, an exception will
be trown(which might be a SecurityException or PolicyException - depending
on the case).

Otherwise, if the exception is being thrown after the app starts, you should
try to find where the exception is being trowned - there should be a problem
with some resource (something else than those with RequestMinimum or an
action performed to a resource being explicitly refused or optional - like
the FileIO or the UnmanagedCode) not being allowed by the CLR's Security
system to your app. The problem might be the restricted user's account under
you're trying to start the app or something else - like starting it from a
network location (which is not being detected as local intranet) - in this
case the CAS (code access security) just restricts the permissions to the
app.

Hope that helps,
Branimir

--
Branimir Giurov
MCSD.NET, MCDBA
www.sofiadev.org



Chua Wen Ching said:
Hi there,

I had applied this security permissions in my class library based on fxcop
standards.

Before namespace:

using System.Runtime.InteropServices;
using System.Security.Permissions;

[assembly:IsolatedStorageFilePermission(SecurityAction.RequestMinimum,
UserQuota=1048576)]
[assembly:SecurityPermission(SecurityAction.RequestRefuse,
UnmanagedCode=true)]
[assembly:FileIOPermission(SecurityAction.RequestOptional, Unrestricted=true)]

In AssemblyInfo.cs

[assembly: AssemblyKeyFile("../../snkey.snk")]

But when my windows app try to all the function during run time, it just
fails.

The errors:

An unhandled exception of type 'System.Security.SecurityException' occured
in Tester.exe

Any tips?

Thanks.
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SecurityException on GetTempFileName() 15

Top