Security Exception when I use IsolatedStorageFilePermissionAttribu

[Guest]

I have a simple windows application that I wish to be able to run on
machines that don't trust it. The application is simply a sort of calculator
that needs to be able to export and import results to files of the user's
choosing. The application should also be able to save user preferences like
control sizing.
None of that is relevant because the application throws a security
exception before it even gets to any of the file saving code. I have the
following lines at the bottom of my AssemblyInfo.cs file:
[assembly:FileDialogPermissionAttribute(SecurityAction.RequestMinimum,
Unrestricted=true)]
[assembly:FileIOPermissionAttribute(SecurityAction.RequestOptional,
Unrestricted=true)
[assembly:IsolatedStorageFilePermissionAttribute(SecurityAction.RequestOptional, Unrestricted=true)]

I get a the following exception message when I run it in debug in visual
studio:
An unhandled exception of type 'System.Security.SecurityException' occurred
in mscorlib.dll
Additional information: Request for the permission of type
System.Security.Permissions.UIPermission ...

Commenting out either the second or the third line still leads to the
exception, however, if I comment out BOTH the second and the third line
everything is OK. What I really don't understand is why do I get a
UIPermission exception when those lines have nothing to do with
UIPermissions. Can anyone tell me why I am getting this error and how to fix
the problem.
I believe this should be reproducible on any windows forms .NET 2003
application. Simply paste the three "[assembly:..." lines above into the
bottom of your AssemblyInfo.cs file.

Thanks,

 

[Richard Blewett [DevelopMentor]]

OK, the RequestMinimum and RequestOptional don't work *exactly* as you'd expect. Once you understand what they are doing it makes snese, its just not necessarily what you would expect.

RequestMinimum says if I don't have these permissions please fail to load me (this ones fairly straightforward). Its a way to make sure you get a load time failure rather than during execution if you don't have a permission that your assembly cannot do without.

RequestOptional is more tricky. It is always used in conjunction with RequestMinimum and says: RequestMinimum says we need these permissions but I also happy to run with these other ones too. Anything outside of the union of these permissions *I don't want to be granted*. So if you have any RequestOptional permissions anything outside of the union of RequestMinimum and RequestOptional will not be granted to your assembly.

In your case you have essentially stated that apart from access to File Dialogs, File IO and Isolated Storage *you don't want any other permissions granted to you* and so you will fail to get the UIPermission.

What are you trying to achieve with the RequestOptional permissions?

Regards

Richard Blewett - DevelopMentor
http://staff.develop.com/richardb/weblog


I have a simple windows application that I wish to be able to run on
machines that don't trust it. The application is simply a sort of calculator
that needs to be able to export and import results to files of the user's
choosing. The application should also be able to save user preferences like
control sizing.
None of that is relevant because the application throws a security
exception before it even gets to any of the file saving code. I have the
following lines at the bottom of my AssemblyInfo.cs file:
[assembly:FileDialogPermissionAttribute(SecurityAction.RequestMinimum,
Unrestricted=true)]
[assembly:FileIOPermissionAttribute(SecurityAction.RequestOptional,
Unrestricted=true)] [assembly:IsolatedStorageFilePermissionAttribute(SecurityAction.RequestOptional, Unrestricted=true)]

I get a the following exception message when I run it in debug in visual
studio:
An unhandled exception of type 'System.Security.SecurityException' occurred
in mscorlib.dll
Additional information: Request for the permission of type
System.Security.Permissions.UIPermission ...

Commenting out either the second or the third line still leads to the
exception, however, if I comment out BOTH the second and the third line
everything is OK. What I really don't understand is why do I get a
UIPermission exception when those lines have nothing to do with
UIPermissions. Can anyone tell me why I am getting this error and how to fix
the problem.
I believe this should be reproducible on any windows forms .NET 2003
application. Simply paste the three "[assembly:..." lines above into the
bottom of your AssemblyInfo.cs file.

 

[Guest]

You are right! It does make sense now that I know that optional not only
requests optional permissions but also requests a refusal of everything else.
I am just try to make an application that will be usable with the default
"internet" permission set. This way my application can be run by users even
if they don't trust it very much. I needed the optional permissions in case
they decide they do trust my application and want the extra functionality
"Save results to file" using SaveFileDialog.

Thanks,

-Chris

OK, the RequestMinimum and RequestOptional don't work *exactly* as you'd expect. Once you understand what they are doing it makes snese, its just not necessarily what you would expect.

RequestMinimum says if I don't have these permissions please fail to load me (this ones fairly straightforward). Its a way to make sure you get a load time failure rather than during execution if you don't have a permission that your assembly cannot do without.

RequestOptional is more tricky. It is always used in conjunction with RequestMinimum and says: RequestMinimum says we need these permissions but I also happy to run with these other ones too. Anything outside of the union of these permissions *I don't want to be granted*. So if you have any RequestOptional permissions anything outside of the union of RequestMinimum and RequestOptional will not be granted to your assembly.

In your case you have essentially stated that apart from access to File Dialogs, File IO and Isolated Storage *you don't want any other permissions granted to you* and so you will fail to get the UIPermission.

What are you trying to achieve with the RequestOptional permissions?

Regards

Richard Blewett - DevelopMentor
http://staff.develop.com/richardb/weblog


I have a simple windows application that I wish to be able to run on
machines that don't trust it. The application is simply a sort of calculator
that needs to be able to export and import results to files of the user's
choosing. The application should also be able to save user preferences like
control sizing.
None of that is relevant because the application throws a security
exception before it even gets to any of the file saving code. I have the
following lines at the bottom of my AssemblyInfo.cs file:
[assembly:FileDialogPermissionAttribute(SecurityAction.RequestMinimum,
Unrestricted=true)]
[assembly:FileIOPermissionAttribute(SecurityAction.RequestOptional,
Unrestricted=true)] [assembly:IsolatedStorageFilePermissionAttribute(SecurityAction.RequestOptional, Unrestricted=true)]

I get a the following exception message when I run it in debug in visual
studio:
An unhandled exception of type 'System.Security.SecurityException' occurred
in mscorlib.dll
Additional information: Request for the permission of type
System.Security.Permissions.UIPermission ...

Commenting out either the second or the third line still leads to the
exception, however, if I comment out BOTH the second and the third line
everything is OK. What I really don't understand is why do I get a
UIPermission exception when those lines have nothing to do with
UIPermissions. Can anyone tell me why I am getting this error and how to fix
the problem.
I believe this should be reproducible on any windows forms .NET 2003
application. Simply paste the three "[assembly:..." lines above into the
bottom of your AssemblyInfo.cs file.

 

[Peter Huang]

Hi

If you still have any concern on this issue, please feel free to post here
thanks

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Thank-you, but I believe that Richard has helped me to "see the light" on
this issue.

-Chris