Client side controls in IE not working as expected

[Guest]

I am developing a windows forms user control that will be hosted within IE
from a web page.

For testing purposes and on the client machine, I changed the .NET Framework
security policy to give full access for the site that has the control. After
all this, IE shows the control fine without problems.

The problem happens when the control is signed with public private keys
pair, IE doesn't show the control but shows an empty box instead (like an
image link is missing or something)..

This is the HTML code i am using to host the control:

<OBJECT id="HelloWorldControl1" height="500" width="500"
classid="NetAppletCtrl.dll#NetAppletCtrl.HelloWorldControl" VIEWASTEXT>
</OBJECT>

Any comments why IE doens't show the control when it's signed. Do I have to
specify the strong name?

I tried a lot and couldn't figure out how.. Maybe it's a bug in IE!!

Thanks,

 

[Jeffrey Tan[MSFT]]

Hi,

For this issue, you may strong name your control assembly, then edit the
customized code group, for "the condition type" of the code group, just use
"Strong Name", we may import our trust assembly. At last, give this code
group full control access. I think this problem will be eliminated.

Thank you for your patience and cooperation. If you have any questions or
concerns, please feel free to post it in the group. I am standing by to be
of assistance.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Guest]

Thanks Jeffrey for the reply..

I tried this originally and it didn't work.. This's what I did:

(I am doing everything on the current machine as localhost)

1. I signed my assembly with a public, private key pair
2. Made sure the assembly is valid using (sn -v)
3. Copied the assembly to the application root of the site that is using it.
4. Cleared any downloaded cache using (regasm -cdl)
5. Went into .NET Configuration 1.1 tool and under Runtime Security
Policy/Machine/Code Groups/All_Code, I added a new code group called Test.
6. Setuped the condition to be "Strong Name" and imported the public key
from the same file mentioned above.
7. Set the permission set to be FullTrust
8. Clicked OK.
9. Restarted my machine.
10. Went to the page and the control is showing as an empty box (as it's
broken picture)
11. I went back to .NET Configuration 1.1 tool and changed the condition of
my code group to be site and set it to (localhost)..
12. Closed IE, opened it again and went to the page and the control is
showing fine..

So, I wonder why it didn't do it correctly when specifying a strong name??

Thanks,

 

[fowad]

Hani-
I am seeing the same problem with my controls. Did you find a solution?

-Fowad

 

[Jeffrey Tan[MSFT]]

Hi,

Thanks very much for your feedback!!

For this issue, I think you can first ensure if your assembly belongs to
the code group you created. In .NET Configuration Tool, just right click
the Runtime Security Policy node, then use "Evaluate Assembly" to select
your assembly. Then you may find out which code group(s) a particular
assembly belongs to, or which permissions it has.

Also, for a correct steps of using "strong name" in code access security,
please refer to the article below, there is a step-by-step in this article
using strong name:
"Understanding .NET Code Access Security"
http://www.codeproject.com/dotnet/UB_CAS_NET.asp

I will wait for your further feedback, thanks

Thank you for your patience and cooperation. If you have any questions or
concerns, please feel free to post it in the group. I am standing by to be
of assistance.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Guest]

I couldn't figure out.. Everything seems correct.. Let me know if you figured
it out.

 

[Guest]

Jeffrey,

Thanks for your cooperation.. Until now I tried all the possible solutions
without any luck. I didn't read only the article you gave me, but I heave
read so many articles about policy.. The problem is just out of my hand.

- "Evaluate Assembly" says there is "Unrestricted" access to the assembly
(http://localhost/.../NetAppletCtrl.dll)
- I tried using NetAppletCtrl.dll in a test form application and it works
fine as expected. Also, tried playing with permissions and everything was
reflected as expected.
- It's just when opening the page in IE, the control is shown as empty box.
- Once again the control will work when I set the code group to be site
(localhost) instead of the strong name.

I wonder if IE has some restrictions in the case of strong name assemblies?

Thanks,

 

[fowad]

When I evaluate my assembly, I get the following code group list

Code groups that apply to this assembly

- Enterprise Policy
- All_Code

- Machine Policy
- All_Code
- My_Computer_Zone

- User Policy
- All_Code


I added a new group 'MyCodeGroup' under Machine Policy and set the
member condition as 'Site=<IpAddress>'. This works. I can see my
controls downloaded on the browser. I change it to 'Strong Name' and
import my dll to get the public key. That does'nt work. I tried Hash
code and that does'nt work either.

note: My assembly has references to other assemblies but all of them
use the same public key.

 

[Jeffrey Tan[MSFT]]

Hi,

Thanks very much for your feedback!

Oh, I think you may did not add AllowPartiallyTrustedCallersAttribute to
your assembly. This will result in such problem. For more information,
please refer to the KB below:
"PRB: Strong Named User Controls Do Not render in Internet Explorer"
http://support.microsoft.com/default.aspx?scid=814669

Thank you for your patience and cooperation. If you have any questions or
concerns, please feel free to post it in the group. I am standing by to be
of assistance.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Guest]

Thanks Jeffrey,

It works now. The article helped alot but it's missing something ....

After I applied the attribute [AllowPartiallyTrustedCallersAttribute] to my
assembly, the control rendered fine but it didn't get Full Trust as expected.
In my control, i need full access to the file system.

After I give it a little thought, actually this is also by design. .NET
security engine will check each function in the stack if it has the required
permission. Since sites opened in IE don't have full right access to the file
system, I get a permission exception.

The solution for this was to add an Assert action on my class like the
following:
[FileIOPermission(SecurityAction.Assert, Unrestricted=true)]
public class MyUserControl : System.Windows.Forms.UserControl
{ ... }

You need to explicitly specify an assert of each requested permission on
your user control.

Now my control works as expected ..

Thanks for your help ^^;

 

[Jeffrey Tan[MSFT]]

Hi hani,

I am glad your problem resolved and thanks very much for you sharing
information and experience with the community! Anyway, if you need further
help, please feel free to post, I will try my best to help you. Thanks!


Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.