Local Machine policy exceptions

  • Thread starter Thread starter Michael
  • Start date Start date
M

Michael

I am running an application that requires "Full Trust" which is declared in
the assembly.

How do I trap for the System.Security.Policy.PolicyException that is raised
by a local machines CAS if its current policy will not allow "Full Trust",
ie its running in the Intranet Zone.

I am trying to trap the error to advise users to have adm revise policy to
permit running the program otherwise a cryptic debug screen is raised.

Thanks

Mike
 
Hi,

In the unlikely event that your question is not answered satisfactorily in
this group, there is another group you might try posting to -
"microsoft.public.dotnet.security."

Regards,

Cerebrus.
 
Michael said:
I am running an application that requires "Full Trust" which is declared in
the assembly.

How do I trap for the System.Security.Policy.PolicyException that is
raised by a local machines CAS if its current policy will not allow "Full
Trust", ie its running in the Intranet Zone.

I am trying to trap the error to advise users to have adm revise policy to
permit running the program otherwise a cryptic debug screen is raised.

Thanks

Mike
Click to expand...

A code snippet of the offending calls would be helpful. Have you tried:

Try
'instantiate full trust objects, invoke full trust methods,
' or access full trust properties
Catch (pe As System.Security.Policy.PolicyException)
Dim message As String = pe.Message
'or
Dim message As String = "Talk to your Admin."
Throw New Exception(message)
Finally
'if appropriate
fullTrustObjects.Dispose
End Try

Let me know how that works or if you need more help.

carl
 
Carl

Thanks for the reply

Following is a code snippet from my main sub. The policy ecxception error
which is picked up by the local machine arises at the first call to to get
system and environment information.

The CAS then throws up the debug screen locally before the "catch" can
activate

code follows:

Public Sub Main()
'
'Allow XP style Forms to be viewed on User screen
Application.EnableVisualStyles()
Application.DoEvents()
'
'Get the user and machine environment data
'
Try
Get_UserSystemInfo(USER_PROCESSOR_TYPE)
Get_UserEnvironment(USER_NAME, USER_OSVersion, USER_MACHINE_NAME)

Try
'Windows 2000, XP
Get_UserMemoryStatusEX(USER_SYSTEM_MEMORYEX,
USER_AVAILABLE_SYSTEM_MEMORYEX)

Catch ex As Exception
' Do Nothing if API call fails
End Try
'
Catch ex As System.Security.Policy.PolicyException
'
'if the user has installed the program on one computer within a network
'environment and attempts to run the program from a different machine
within
'the network then the system.permissions exception will be caught here.
'
MessageBox.Show(Get_Msg("50019", "", "", "", ""), _
"Name", MessageBoxButtons.OK, MessageBoxIcon.Error)
'
'terminate the program
End
'

Catch ex As Exception
'
'if the user has installed the program on one computer within a network
'environment and attempts to run the program from a different machine
within
'the network then the system.permissions exception will be caught here.
'
MessageBox.Show(Get_Msg("50019", "", "", "", ""), _
"Name", MessageBoxButtons.OK, MessageBoxIcon.Error)
'
'terminate the program
End
'
End Try

etc
etc

end sub
 
Mike C said:
Carl

Thanks for the reply

Following is a code snippet from my main sub. The policy ecxception error
which is picked up by the local machine arises at the first call to to
get
system and environment information.

The CAS then throws up the debug screen locally before the "catch" can
activate

code follows:

Public Sub Main()
'
'Allow XP style Forms to be viewed on User screen
Application.EnableVisualStyles()
Application.DoEvents()
'
'Get the user and machine environment data
'
Try
Get_UserSystemInfo(USER_PROCESSOR_TYPE)
Get_UserEnvironment(USER_NAME, USER_OSVersion, USER_MACHINE_NAME)

Try
'Windows 2000, XP
Get_UserMemoryStatusEX(USER_SYSTEM_MEMORYEX,
USER_AVAILABLE_SYSTEM_MEMORYEX)

Catch ex As Exception
' Do Nothing if API call fails
End Try
'
Catch ex As System.Security.Policy.PolicyException
'
'if the user has installed the program on one computer within a
network
'environment and attempts to run the program from a different machine
within
'the network then the system.permissions exception will be caught
here.
'
MessageBox.Show(Get_Msg("50019", "", "", "", ""), _
"Name", MessageBoxButtons.OK, MessageBoxIcon.Error)
'
'terminate the program
End
'

Catch ex As Exception
'
'if the user has installed the program on one computer within a
network
'environment and attempts to run the program from a different machine
within
'the network then the system.permissions exception will be caught
here.
'
MessageBox.Show(Get_Msg("50019", "", "", "", ""), _
"Name", MessageBoxButtons.OK, MessageBoxIcon.Error)
'
'terminate the program
End
'
End Try

etc
etc

end sub
Click to expand...

Mike,

That code looks like it should be working. Are your Get methods making
calls into another assembly? Is your .NET security configured correctly for
that application?

http://www.code-magazine.com/article.aspx?quickid=0405031&page=1

carl
 
Carl

Once again thanks - working on this for several days and getting nowhere

Here's the info you asked for. Note that I included the both GET subs in
their entirety even though this program only extracts limited info needed.

Also note
a) if I set the local machine Intranet zone permissions to "Full Trust"
program works without generating a policy exception
b)if I create a new zone with "Full Trust" and import the program "key" the
program works without generating a policy exception

Assembly - Security and Signing Follows:

'Sign the Assembly
'strong name key [MyProgram.snk] created with sn.exe. Key must reside
'in the same folder as the Visual Studio Project.
<Assembly: AssemblyKeyFileAttribute("MyProgram.snk")>
'
'Deploy the Assembly requesting FullTrust Permissions
'<Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum,
Name:="FullTrust")>

The two Get subs Follow:

1)Get System Info

'Use Windows API to get User System Memory Status
Public Declare Sub GetSystemInfo Lib "kernel32.dll" (ByRef lpSystemInfo As
SYSTEM_INFO)

Public Sub Get_UserSystemInfo(ByRef ProcessorType As String)

Dim SysInfo As SYSTEM_INFO
GetSystemInfo(SysInfo)

Dim UserProcessorType As String = SysInfo.dwProcessorType.ToString

ProcessorType = UserProcessorType

End Sub

2)Get User Environment

Public Sub Get_UserEnvironment(ByRef Name As String, ByRef OSversion As
String, ByRef MachineName As String)

'PROCESS
Dim UserProcess As Process = Process.GetCurrentProcess

Dim UserProgramName As String = UserProcess.ProcessName
Dim UserPagednoMem As Long = UserProcess.NonpagedSystemMemorySize
Dim UserPagedMem As Long = UserProcess.PagedMemorySize
Dim UserPagedpeakMem As Long = UserProcess.PeakPagedMemorySize
Dim UserPagedsysMem As Long = UserProcess.PagedSystemMemorySize
Dim UserPeakMem As Long = UserProcess.PeakWorkingSet
Dim UserPrivateMem As Long = UserProcess.PrivateMemorySize

'PROCESS MODULE
'The following retrieves the name of the Program
'base module and all dll's loaded with the process
'along with their physical size and other properties.
Dim UserProcessModule As ProcessModule
Dim UserProcessModuleCollection As ProcessModuleCollection =
UserProcess.Modules
'example - get memory used by loaded dll modules
'ModuleMemorySize does not include any additional
'memory allocations that the module makes once
'it is running; it includes only the size of the
'static code and data in the module file.
'The Base Module represents the static program code.
Dim i As Integer
Dim total As Integer
For i = 0 To UserProcessModuleCollection.Count - 1
UserProcessModule = UserProcessModuleCollection(i)
total = total + UserProcessModule.ModuleMemorySize
Next

'ENVIRONMENT
'Gets the amount of physical memory mapped to
'the process context.
Dim UserMemory As Long
UserMemory = Environment.WorkingSet

'Gets the NetBIOS name of this local computer.
Dim UserMachineName As String
UserMachineName = Environment.MachineName

'Gets an OperatingSystem object that contains the
'current platform identifier and version number.
Dim UserOSVersion As String
UserOSVersion = Environment.OSVersion.ToString

'Gets the fully qualified path of the system directory
Dim UserSysDirectory As String = Environment.SystemDirectory

'Gets the user name of the person who started the
'current thread
Dim UserName As String
UserName = Environment.UserName

'Returns an array of string containing the names of
'the logical drives on the current computer, i.e.,
'"A:\", "C:\" etc
Dim UserLogicalDrives As String()
UserLogicalDrives = Environment.GetLogicalDrives

'The system special folders are folders such as Program Files,
'Programs, System, or Startup, which contain common
'information. Special folders are set by default by the
'system, or explicitly by the user, when installing a version
'of Windows.
'The GetFolderPath method uses these enumerated constants
'to designate the special folder path to retrieve
Dim UserFolder As String
UserFolder =
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)
'etc, etc.

'The following statement accesses network, logon
'and other user type data. Iterate as needed to
'look at the variables - 36 Total
Dim UserEnvironmentVariables As System.Collections.IDictionary
UserEnvironmentVariables = Environment.GetEnvironmentVariables()
'
'Dim de As DictionaryEntry
'For Each de In environmentVariables
' Console.WriteLine(" {0} = {1}", de.Key, de.Value)
'Next de

'return the desired data
Name = UserName
OSversion = UserOSVersion
MachineName = UserMachineName

End Sub

Regards and thanks

Mike
 
Carl
ignore the " ' " in front of the assembly in the info below ie line should
read
<Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum,
Name:="FullTrust")> Had commented it out trying to solve issue with no luck
Mike

Michael said:
Carl

Once again thanks - working on this for several days and getting nowhere

Here's the info you asked for. Note that I included the both GET subs in
their entirety even though this program only extracts limited info needed.

Also note
a) if I set the local machine Intranet zone permissions to "Full Trust"
program works without generating a policy exception
b)if I create a new zone with "Full Trust" and import the program "key"
the program works without generating a policy exception

Assembly - Security and Signing Follows:

'Sign the Assembly
'strong name key [MyProgram.snk] created with sn.exe. Key must reside
'in the same folder as the Visual Studio Project.
<Assembly: AssemblyKeyFileAttribute("MyProgram.snk")>
'
'Deploy the Assembly requesting FullTrust Permissions
'<Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum,
Name:="FullTrust")>

The two Get subs Follow:

1)Get System Info

'Use Windows API to get User System Memory Status
Public Declare Sub GetSystemInfo Lib "kernel32.dll" (ByRef lpSystemInfo
As SYSTEM_INFO)

Public Sub Get_UserSystemInfo(ByRef ProcessorType As String)

Dim SysInfo As SYSTEM_INFO
GetSystemInfo(SysInfo)

Dim UserProcessorType As String = SysInfo.dwProcessorType.ToString

ProcessorType = UserProcessorType

End Sub

2)Get User Environment

Public Sub Get_UserEnvironment(ByRef Name As String, ByRef OSversion As
String, ByRef MachineName As String)

'PROCESS
Dim UserProcess As Process = Process.GetCurrentProcess

Dim UserProgramName As String = UserProcess.ProcessName
Dim UserPagednoMem As Long = UserProcess.NonpagedSystemMemorySize
Dim UserPagedMem As Long = UserProcess.PagedMemorySize
Dim UserPagedpeakMem As Long = UserProcess.PeakPagedMemorySize
Dim UserPagedsysMem As Long = UserProcess.PagedSystemMemorySize
Dim UserPeakMem As Long = UserProcess.PeakWorkingSet
Dim UserPrivateMem As Long = UserProcess.PrivateMemorySize

'PROCESS MODULE
'The following retrieves the name of the Program
'base module and all dll's loaded with the process
'along with their physical size and other properties.
Dim UserProcessModule As ProcessModule
Dim UserProcessModuleCollection As ProcessModuleCollection =
UserProcess.Modules
'example - get memory used by loaded dll modules
'ModuleMemorySize does not include any additional
'memory allocations that the module makes once
'it is running; it includes only the size of the
'static code and data in the module file.
'The Base Module represents the static program code.
Dim i As Integer
Dim total As Integer
For i = 0 To UserProcessModuleCollection.Count - 1
UserProcessModule = UserProcessModuleCollection(i)
total = total + UserProcessModule.ModuleMemorySize
Next

'ENVIRONMENT
'Gets the amount of physical memory mapped to
'the process context.
Dim UserMemory As Long
UserMemory = Environment.WorkingSet

'Gets the NetBIOS name of this local computer.
Dim UserMachineName As String
UserMachineName = Environment.MachineName

'Gets an OperatingSystem object that contains the
'current platform identifier and version number.
Dim UserOSVersion As String
UserOSVersion = Environment.OSVersion.ToString

'Gets the fully qualified path of the system directory
Dim UserSysDirectory As String = Environment.SystemDirectory

'Gets the user name of the person who started the
'current thread
Dim UserName As String
UserName = Environment.UserName

'Returns an array of string containing the names of
'the logical drives on the current computer, i.e.,
'"A:\", "C:\" etc
Dim UserLogicalDrives As String()
UserLogicalDrives = Environment.GetLogicalDrives

'The system special folders are folders such as Program Files,
'Programs, System, or Startup, which contain common
'information. Special folders are set by default by the
'system, or explicitly by the user, when installing a version
'of Windows.
'The GetFolderPath method uses these enumerated constants
'to designate the special folder path to retrieve
Dim UserFolder As String
UserFolder =
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)
'etc, etc.

'The following statement accesses network, logon
'and other user type data. Iterate as needed to
'look at the variables - 36 Total
Dim UserEnvironmentVariables As System.Collections.IDictionary
UserEnvironmentVariables = Environment.GetEnvironmentVariables()
'
'Dim de As DictionaryEntry
'For Each de In environmentVariables
' Console.WriteLine(" {0} = {1}", de.Key, de.Value)
'Next de

'return the desired data
Name = UserName
OSversion = UserOSVersion
MachineName = UserMachineName

End Sub

Regards and thanks

Mike



Vagabond Software said:
Mike,

That code looks like it should be working. Are your Get methods making
calls into another assembly? Is your .NET security configured correctly
for that application?

http://www.code-magazine.com/article.aspx?quickid=0405031&page=1

carl
Click to expand...
Click to expand...
 
Back
Top