CAS LocalIntranet

S

sfgianthater

I am completely at a loss here.. Nevermind I am also a newbie..

I created a C# 2.0 console application that needs to write to a network
share. I have strong named my app.. And have triedmany different
combinations all with no success:

Created a new permission set, with Permission Settings, Security.
(enable assebmly execution, allow calls to unamanged assemblies, allow
evidence control), IO (given rights to both the share and the logical
drive, also tried full access) and added them to a new zone under local
intranet. Given the new code group, permission to the URL share.

Trusted assembly through Runtime Security Policy.

Given all Code Groups Full Trust (for testing).

Turned CAS Security off. (for testing)

Per Juval Lowy's webcast, removed all Code Groups, except Microsoft
Strong Name, and EMCA Strong Name. Created my own code group, set the
membership to Strong Name, and imported my application.

All of the above options, come back with the following errors, or some
variant of the same error.

Unhandled Exception: System.Security.SecurityException: Request for the
permissi
on of type 'System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.
0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The first permission that failed was:
<IPermission class="System.Security.Permissions.FileIOPermission,
mscorlib, Vers
ion=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Write="\\SERVERNAME\spl\input.pdf"/>

The assembly or AppDomain that failed was:
apcta, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=5f7eafc7f3a0bbd6
The method that caused the failure was:
Void Main(System.String[])
The Zone of the assembly that failed was:
Intranet
The Url of the assembly that failed was:
file://SERVERNAME/spl/apcta.exe

I dont understand how even though I only now have 3 codegroups, I am
still getting the zone "intranet" error. Also, I would assume if I
disabled CAS (caspol -security off) my app would work, but it doesnt..
Is CAS somehow inheriting permissions from my Domain? What is the best
practice for setting up and running an app through a share?
Help...
I am running this from an XP box, to a Win2k3 Box.
 
N

Natrajk

Hi,

Have you set policies for both "Enterprise", "Machine" and "User"?
As far as I can see you do not mention anything about this. Before an
application is given a permission is must be accepted by all of them.

In the ".Net Framework configuartion tool" right click on the tool
"Runtime Security Policy", select "Evaluate Assembly".
From there you can see which code groups gives permissions to your
assembly, and which permissions the assembly is given.

Hope this helps!
 
S

sfgianthater

Thanks tried, and no luck.. If I evaluate the assembly the permissions
granted are unrestricted..

If I the code group, it shows up in Enterprise, and Machine, but user
shows "Policy Level not evaluated"..

My understanding was that both the Enterprise and User give full trust
by default, and I shouldnt have to change these only the Machine
Policy..
 
N

Nicole Calinoiu

Are you making the CAS policy changes on the client machine on which you are
attempting to run the application or on the server? If the former, is there
more than one version of the .NET Framework installed on the machine, and
are you making the CAS policy changes against the version in which your
application runs?
 
N

Natrajk

Hi again!

The reason that you get "Policy level not evaluated" might be that you
have checked the option "Policy levels below this level will not be
evaluated" on one of the groups.

You cannot add permissions that are not present on the enterprise
level, you can only remove them on the machine and user level. Are you
sure that you have enough permissions on the enterprise level?

When you evaluate your permissions in the "Evaluate assembly view" you
can select which policy level to evaluate.
What do you get if you set this to "All levels"? Is it still
"unrestricted"?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top