Digging deeper to find cause of System.Security.SecurityException in IEHost?

[Luther Miller]

I am working on a project where a Windows Forms (.NET) control is
hosted in a web page in IE.

The control has been in development for a while and is now being
tested again as an embedded control. A security exception is being
thrown (I turned on logging to find this out) and the control is not
being loaded.

Obviously, this means that some piece of code in the control violates
a security constraint imposed by the browser. I need to find out what
piece of code that is so that we can either remove it or work around
it.

Is there a tool I can use to analyze and assembly to find out what
IEExec will like or not like about it?

The exception thrown is:
System.Reflection.TargetInvocationException: Exception has been thrown
by the target of an invocation. --->
System.Security.SecurityException: Request for the permission of type
System.Security.Permissions.SecurityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
failed.


Here is the log file in its entirety:


***** IEHOST Error Log (Tuesday, 14 October 2003 10:40) *****



URL: http://localhost/MyCo/MyCoForms.dll
Zone: 1
Assembly Name: MyCoForms.dll
Type Name: MyCo.Forms.MyEmbeddedControl



----- Thrown Exception -----


System.Reflection.TargetInvocationException: Exception has been thrown
by the target of an invocation. --->
System.Security.SecurityException: Request for the permission of type
System.Security.Permissions.SecurityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
failed.
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.CheckSecurity(ParseRecord
pr)
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord
pr)
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord
pr)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped
record)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryHeaderEnum
binaryHeaderEnum)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler
handler, __BinaryParser serParser, Boolean fCheck, IMethodCallMessage
methodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream
serializationStream, HeaderHandler handler, Boolean fCheck,
IMethodCallMessage methodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream
serializationStream)
at System.Resources.ResourceReader.LoadObject(Int32 pos)
at System.Resources.RuntimeResourceSet.GetObject(String key,
Boolean ignoreCase)
at System.Resources.ResourceManager.GetObject(String name,
CultureInfo culture)
at System.Resources.ResourceManager.GetObject(String name)
at MyCo.Forms.MyEmbeddedControl.InitializeComponent()
at MyCo.Forms.MyEmbeddedControl..ctor()
--- End of inner exception stack trace ---

Server stack trace:
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr,
Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes)
at System.Activator.CreateInstance(Type type, BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture,
Object[] activationAttributes)
at System.Activator.CreateComInstanceFrom(String assemblyName,
String typeName, Byte[] hashValue, AssemblyHashAlgorithm
hashAlgorithm)
at System.AppDomain.CreateComInstanceFrom(String assemblyFile,
String typeName, Byte[] hashValue, AssemblyHashAlgorithm
hashAlgorithm)
at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(MethodBase
mb, Object[] args, Object server, Int32 methodPtr, Boolean
fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage
msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type)
at System.AppDomain.CreateComInstanceFrom(String assemblyFile,
String typeName, Byte[] hashValue, AssemblyHashAlgorithm
hashAlgorithm)
at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32
dwFlag, Int32 dwZone, String pURL, String uniqueIdString, String link,
String licenses)

 

[Ivan Medvedev [MS]]

Luther -
is it possible that the control was originally compiled with v1.0 of the
runtime and then v1.1 was installed on the machine and the control was not
re-compiled? If so, can you try and recomple it with v1.1 compiler and
libraries?
Currently there is no tool released that would point out what code path
would throw a security exception in a security restricted environment.
--Ivan
http://blogs.gotdotnet.com/ivanmed
This message is provided "AS IS" with no warranties, and confers no rights.

I am working on a project where a Windows Forms (.NET) control is
hosted in a web page in IE.

The control has been in development for a while and is now being
tested again as an embedded control. A security exception is being
thrown (I turned on logging to find this out) and the control is not
being loaded.

Obviously, this means that some piece of code in the control violates
a security constraint imposed by the browser. I need to find out what
piece of code that is so that we can either remove it or work around
it.

Is there a tool I can use to analyze and assembly to find out what
IEExec will like or not like about it?

The exception thrown is:
System.Reflection.TargetInvocationException: Exception has been thrown
by the target of an invocation. --->
System.Security.SecurityException: Request for the permission of type
System.Security.Permissions.SecurityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
failed.


Here is the log file in its entirety:


***** IEHOST Error Log (Tuesday, 14 October 2003 10:40) *****



URL: http://localhost/MyCo/MyCoForms.dll
Zone: 1
Assembly Name: MyCoForms.dll
Type Name: MyCo.Forms.MyEmbeddedControl



----- Thrown Exception -----


System.Reflection.TargetInvocationException: Exception has been thrown
by the target of an invocation. --->
System.Security.SecurityException: Request for the permission of type
System.Security.Permissions.SecurityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
failed.
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.CheckSecurity(Pa
rseRecord

pr)
at

System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(Pars
eRecord

pr)
at

System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecor
d

pr)
at

System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWith
MapTyped(BinaryObjectWithMapTyped

record)
at

System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWith
MapTyped(BinaryHeaderEnum
binaryHeaderEnum)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(Head
erHandler
handler, __BinaryParser serParser, Boolean fCheck, IMethodCallMessage
methodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(S
tream
serializationStream, HeaderHandler handler, Boolean fCheck,
IMethodCallMessage methodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(S
tream
serializationStream)
at System.Resources.ResourceReader.LoadObject(Int32 pos)
at System.Resources.RuntimeResourceSet.GetObject(String key,
Boolean ignoreCase)
at System.Resources.ResourceManager.GetObject(String name,
CultureInfo culture)
at System.Resources.ResourceManager.GetObject(String name)
at MyCo.Forms.MyEmbeddedControl.InitializeComponent()
at MyCo.Forms.MyEmbeddedControl..ctor()
--- End of inner exception stack trace ---

Server stack trace:
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr,
Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes)
at System.Activator.CreateInstance(Type type, BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture,
Object[] activationAttributes)
at System.Activator.CreateComInstanceFrom(String assemblyName,
String typeName, Byte[] hashValue, AssemblyHashAlgorithm
hashAlgorithm)
at System.AppDomain.CreateComInstanceFrom(String assemblyFile,
String typeName, Byte[] hashValue, AssemblyHashAlgorithm
hashAlgorithm)
at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(Met
hodBase
mb, Object[] args, Object server, Int32 methodPtr, Boolean
fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessa
ge
msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type)
at System.AppDomain.CreateComInstanceFrom(String assemblyFile,
String typeName, Byte[] hashValue, AssemblyHashAlgorithm
hashAlgorithm)
at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32
dwFlag, Int32 dwZone, String pURL, String uniqueIdString, String link,
String licenses)