Problems with CASPOL

M

musosdev

Hi

I've written an app in C# (.net 2) that I need to put on a network share so
it's available from any computer in the building.

The app works, but obviously fails on the network share.

I've worked out that I need to use CASPOL, and that I should bea ble to use
a batch file to run caspol before the app, to make sure the permission is
granted.

The problem is I can't get CASPOL to work. Here is my command...

c:\windows\microsoft.net\framework\v2.0.50727\caspol -af "ArtifaxReport.exe"
"ArtifaxReport"

Unfortunately I get the error "the assembly is not strong name signed" - how
can I strong name my assembly, or get the command to work?

Thanks..


Dan
 
A

Alberto Poblacion

musosdev said:
[...]
I've worked out that I need to use CASPOL, and that I should bea ble to
use
a batch file to run caspol before the app, to make sure the permission is
granted.

This is not a good idea. CASPOL was only intended for testing and
development. And, anyway, you would not need to run it in a batch file
before your app, since its settings are persistent, so you would only need
to run it once.

Instead of CASPOL, use the .Net Framework Configuration Tool, which you
should find in the Administrative Tools section in Control Panel. This tool
comes with the Framework 2.0 SDK, and is also installed by Visual Studio
2005.

When you open it, you will see a "tree" where you can configure
security. There is a branch named "Runtime Security", followed by "Machine"
and then "Code Groups". Add a new Code Group below "All Code". You will need
to enter a condition for the code to belong to your new group. There are
many possible conditions. One of them is the "strong name" that you
mentioned, but since your code is not strongly named you can use some of the
alternatives, such as the URL, pointing to "file://yourserver/*". Then,
assign a permission group to your code group (you can create a new group if
none of the existing ones meets your requirements).

Once you have configured the permissions to your liking, you can
right-click on "Runtime Security Policy" and select the option to "Create
Deployment Package". This will create a .msi for Windows Installer which you
can distribute to the various computers in your network to reproduce the
permissions in all of them. In a corporate environment, this can be done
automatically by means of a Group Policy.
 
M

musosdev

Alberto,

Thanks for the detailed description - that sounds really useful! I actually
ended up doing a ClickOnce install for this project, but some projects might
require the CAS and not the Publish, so it's great to know how that works.

Alberto Poblacion said:
musosdev said:
[...]
I've worked out that I need to use CASPOL, and that I should bea ble to
use
a batch file to run caspol before the app, to make sure the permission is
granted.

This is not a good idea. CASPOL was only intended for testing and
development. And, anyway, you would not need to run it in a batch file
before your app, since its settings are persistent, so you would only need
to run it once.

Instead of CASPOL, use the .Net Framework Configuration Tool, which you
should find in the Administrative Tools section in Control Panel. This tool
comes with the Framework 2.0 SDK, and is also installed by Visual Studio
2005.

When you open it, you will see a "tree" where you can configure
security. There is a branch named "Runtime Security", followed by "Machine"
and then "Code Groups". Add a new Code Group below "All Code". You will need
to enter a condition for the code to belong to your new group. There are
many possible conditions. One of them is the "strong name" that you
mentioned, but since your code is not strongly named you can use some of the
alternatives, such as the URL, pointing to "file://yourserver/*". Then,
assign a permission group to your code group (you can create a new group if
none of the existing ones meets your requirements).

Once you have configured the permissions to your liking, you can
right-click on "Runtime Security Policy" and select the option to "Create
Deployment Package". This will create a .msi for Windows Installer which you
can distribute to the various computers in your network to reproduce the
permissions in all of them. In a corporate environment, this can be done
automatically by means of a Group Policy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top