IO-statements do not execute on network-drive ???

[cmrchs]

Hi,

executing the following on a local drive works fine :

FileStream wLog;
wLog=File.OpenRead(@"d:\Log.txt");

but executing the same code on a network drive creates a FileIOPermission-exception.
although the user has full control on the drive where the application is running.
Actually, any IO-statement creates an exception ???

Is it some kind of .NET permission that must be set or something else ?

any help greatly appreciated !!

thanks
Chris

**********************************************************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

 

[Olaf Baeyens]

executing the following on a local drive works fine :

FileStream wLog;
wLog=File.OpenRead(@"d:\Log.txt");

but executing the same code on a network drive creates a FileIOPermission-exception.
although the user has full control on the drive where the application is running.
Actually, any IO-statement creates an exception ???

Is it some kind of .NET permission that must be set or something else ?

Yes, the .NET have built in security by default that disabled
LAN/Internet/... access by default decreasing the risk that if a program is
taken over by a worm/trojan/virus/bug that it accidently access the
Internet.

Two things must happen in order to access the LAN network drive.
1. You as programmer must tell the program compiler in the assembly for
example that this program is allowed to access the LAN drives. If you just
create a silly clock that does not need LAN or Internet access, then this
program should not access the LAN or Internet.

2. The person that installs this program on his computer must give rights
for that program to access the LAN/Internet/... It is not because that the
programmer wants LAN access that a administrator likes a unknown program so
browser through the LAN folders. It might be a Trojan.

You will also note that the program, by default refuses to execute when
double clicked on a shared drive. It must be copied to a local, folder.
Unless it is fully trusted and designed by the programmer to run from a
network drive.

Configuring the rights are done through Control panel, administrative
tools/... but is very complicated for simple users in my opinion. So an
alternative way is creating a setup, that installs the program and also
configures the correct rights. This setup can be launched form network
folder since it is a conventional executable, and has by default enough
rights. It also have rights to run parts of the .NET code that configures
the this program with enough rights automatically. A .NET program has no
rights to configure it's own rights, but when it is done by the setup it
can.

I think that you have a lot of reading to do before you understand it all.
;-)

 

[cmrchs]

Hi Olaf,

thanks for your comments but when you say

"... You as programmer must tell the program compiler in the assembly for example that this program is allowed to access the LAN drives... "

how is this done then ?

thanks.
Chris

**********************************************************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

 

[Olaf Baeyens]

thanks for your comments but when you say

"... You as programmer must tell the program compiler in the assembly for

example that this program is allowed to access the LAN drives... "

how is this done then ?

Multiple possible ways, statically in the AssemblyInfo.cs, but alos dynamic
only for those functions that you need to access LAN, and the rest should
default not access LAN.

This is one way when you put this in the AssemblyInfo.cs (emulating a
conventional exe):

[assembly:SecurityPermission(SecurityAction.RequestMinimum, Execution =
true)]
[assembly:SecurityPermission(SecurityAction.RequestMinimum,
UnmanagedCode=true)]
[assembly:FileIOPermission(SecurityAction.RequestMinimum,
Unrestricted=true)]
[assembly:RegistryPermission(SecurityAction.RequestMinimum, All="*")]
[assembly:ZoneIdentityPermission(SecurityAction.RequestMinimum,Zone=Security
Zone.NoZone)]

Note I have provided most functions, you should activate only those that you
really need.

This is the one that you might want to activate:
[assembly:FileIOPermission(SecurityAction.RequestMinimum,
Unrestricted=true)]

You should at least try to read about that .NET security model, complicated
stuff, but you have to understand it.

 

[Olaf Baeyens]

This is the one that you might want to activate:

[assembly:FileIOPermission(SecurityAction.RequestMinimum,
Unrestricted=true)]

I believe that this link explains how to create a installer that
automatically configures for the neccesary rights so that the program gets
full LAN and Internet access, without need of the user to be a administrator
expert.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnforms/html/winforms11122002.asp

Basically is this, you create a class from
System.Configuration.Install.Installer that has [RunInstaller(true)] as
attribute telling that the installer can be executed remotely (by the
setup). Then in your steup project you tell it to execute that one method
defined in that class. Since the Setup is not a .NET program and the user
must decide for themselves that this setup is a reliable program (since you
downloaded it form a reliable source), the setup gets enough permission to
actually execute and configure the administrative rights.

.......
PermissionSet permSet1 = new NamedPermissionSet("FullTrust");
StrongNamePublicKeyBlob key = new StrongNamePublicKeyBlob(publicKey);
IMembershipCondition membership1 = new StrongNameMembershipCondition(key,
null, null);

// Create the code group
PolicyStatement policy1 = new PolicyStatement(permSet1);
CodeGroup codeGroup1 = new UnionCodeGroup(membership1, policy1);
codeGroup1.Description = "Full trust permissions for my product!";
codeGroup1.Name = "Skyscan full trust";

..... see the link but you get the idea..

machinePolicyLevel.RootCodeGroup.AddChild(codeGroup1);
SecurityManager.SavePolicy();
.......