Code Access Security issue

[ChidiB]

An application is being converted from Visual Basic 6.0 to Visual Basic .NET
using .NET Framework 2.0.
The .NET Framework lets the application run with Full Trust security on the
client but changes to Partial Trust when the application is copied to a
server, giving a permissions error when trying to open from the server.
Is there any easy way to code it up front within the application to change
the security to Full Trust when running on a network server (there are
approx. 25 different servers that it will be running from)?.
The administrator of these servers will not change the .NET Framework
Configuration on each of them.

I need your help

 

[Shekhar]

The security model of CAS (Code Access Security) depends on many more things
than just your application. Here in this case, the location of your
applicatino from where it is running is the culprit. By default, anything
that is running from network location IS NOT given fulltrust.

If you are running it from within intranet, then try .NET3.5 SP1 where they
changed the setting to make Intranet a fully trusted location.

If that is not an option, here are you other two options:
1. Sign the assemblies with a public key and give full trust to that public
key.
2. Give full trust to the network location from where you are running the
exe.

Both the above setting are per machine. To make your job easy, you can have
a Group Policy which will run a startup script at the time of user login.
This script will run the caspol command to do above setting.

Read more about it here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;897296

Thanks,
~Shekhar

 

[Bruce Sanderson]

The article you reference says it applies to .Net Framework v1 and v1.1. I
found the document at http://msdn.microsoft.com/en-us/library/13wcxx6y.aspx
that says it applies to version 3.5. It includes this statement:

"Policy installation affects only the version of the runtime that you
targeted when you created the installation file. For example, if you use the
..NET Framework Configuration tool version 2.0, your installation file
changes only .NET Framework version 2.0 policy."

From what I can determine, the latest version of mscorcfg.msc is delivered
with the SDK for .Net Framework 2 and this can be used to configure security
for .Net Framework version 2, 3 and 3.5.

On a computer that has .Net Framework 1.1, 2, 3 and 3.5 installed, I find
security.config, machine.config and enterprisesec.config in the following
folders under %systemroot%\Microsoft.NET\Framework

v1.1.4322\CONFIG
v2.0.50727\CONFIG

but there is no CONFIG folder (or security config files) in the v3.0 or v3.5
folders.

I can't find any documentation about deploying security configuration files
for .Net Framework 3 (or 3.5) specifically.

In the past, we deployed .Net v1.1 security files by copying the file
(security.config) updated by the .Net Configuration tool (mscorcfg.msc) to
the v1.1.4322\config folder on our server farm.

So, how does one deploy security configuration settings that apply to
version 3 or 3.5? Is there a Microsoft document that specifically addresses
this?

 

[Shekhar]

The answer is simple. .NET3.0 & .NET3.5 uses .NET2.0 CLR and hence it uses
the same security config as .NET2.0.
..NET3.0 and .NET3.5 are CLR2.0 in core.

~Shekhar

 

[Bruce Sanderson]

Thanks, Shekhar!

At the risk of sounding like a dummy (I'm not an experienced .Net developer,
just a server administrator type with elementary .Net knowledge), I take it
from this that deploying a security.config file into the v2.0.50727\CONFIG
folder will set the security for applications built for .Net Framework
Versions 2, 3 and 3.5 - there is nothing else needed - is this correct?

 

[Shekhar]

Yes, you can asssume so.

Please note that on 64 bit machines, CAS works seperately for 32 bit and 64
bit processes without intereference with each other.

Thanks,
~Shekhar

 

[Bruce Sanderson]

Super - thanks!