serial port and securityexception

[Jason]

I have written a VB app using the RS323.vb code from the VB resource kit.
When I try to run the code from a network drive I get a securityexception
error. If I copy the file to the local c drive it works perfectly. I have
seen posts that say the best thing to do is change the runtime security
policys on the PCs. I would rather code the program so I don't have to
change the security policy at all. I have seen a few examples of permission
code but none are dealing with a serial port. Below is a partial copy of
the code I am trying to make work. I think I doing this correctly, but it
still gives the SecurityException when run on the network drive. Part of
the problem, I think, is which permission do I need to use in the Dim
compermission line? The ultimate goal is to put this application on a
network drive and let people use it without making any changes to the PC.
Can this be done? Thank you for your time.

Jason Dravet

'Imports System.Security
Imports System.Security.Permissions

Public Class Form1
Inherits System.Windows.Forms.Form
Private msCommPort As New Rs232
Dim setmute As Boolean = True
Dim volumelevel As Integer = 24
Dim compermission As FileIOPermission

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
compermission = New FileIOPermission(PermissionState.Unrestricted)
compermission.PermitOnly()
msCommPort.Open(1, 9600, 8, Rs232.DataParity.Parity_None,
Rs232.DataStopBit.StopBit_1, 4096)
msCommPort.Write("PON")
System.Threading.Thread.Sleep(5000)
msCommPort.Write("AVL:000")
msCommPort.Close()
End Sub

Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button2.Click
msCommPort.Open(1, 9600, 8, Rs232.DataParity.Parity_None,
Rs232.DataStopBit.StopBit_1, 4096)
msCommPort.Write("POF")
msCommPort.Close()
Button4.FlatStyle = Windows.Forms.FlatStyle.Flat
Button4.BackColor = Color.Gray
Button4.Text = "Muted"
End Sub

 

[Anand Balasubramanian]

Hi,
When you run a program of a network share, you will need to give full
trust permission to the network share by modifying the security setting.
You can do it using the following steps on the client machine

1.Open the Microsoft .NET Framework Configuration from
Administrative Tools.

2. Expand Runtime Security Policy->Machine->Code Groups.

3. Right-Click on All_Code and select new.

4. Choose "Create a new code group", and give it a relevant name such as the
name of the applications share then select Next.

5. On the next dialog choose URL from the drop-down list

6. In the URL dialog put the path to the share in this exact format
"file:////\\computername\sharename\*" where computername is the name of
the
computer hosting the remote share, and sharename is the name of the
share.

7. Click Next, and on the next page choose "Use an existing permission set,
and
choose Fulltrust from the drop-down list.

8. Click Next and then Finish.

B/ Use Caspol with the following syntax in a .NET command prompt

Caspol -machine -addgroup 1 -url "file:////\\computername\share\*" FullTrust


But you would have to do this from every machine. If you want the new
security policy to take effect from a single point, then you would have to
do the following

1. Configure the desired security policy on a machine (i.e. change the
trust for
the intranet zone, grant full trust to a specific assembly, etc. see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
l/cpcons
ecuritypolicybestpractices.asp for .NET framework security best practices.

2. Open the .NET Framework Configuration Wizard, select "Runtime Security
Policy"
3. Run the "Create Deployment Package" wizard, select the security policy
you
would like to package, and create the package.
4. Deploy the msi package to the targeted machines via ACTIVE DIRECTORY
(group
policies), startup scripts, or by placing the msi package on a network
share for
users to run.

5. Once the msi package has been installed users should be able to use the
updated
security policy.



Anand Balasubramanian
Microsoft, Visual Basic .NET

This posting is provided "AS IS" with no warranties, and confers no rights.
Please reply to newsgroups only. Thanks

 

[Jason]

Thank you for the reply. The goal is to code the program so that I don't
have to make any changes to the PCs. I have seen what you posted in several
replies in this newsgroup, but this is not the solution I am looking for.
If this is the ONLY way to do this, that is fine, but again the goal of this
project is to not make ANY changes to the PC. If I do end up making changes
to the PCs why can't this be done via group policy? Again thank you for the
response and I am looking forward to your comments.

Jason

 

[Anand Balasubramanian]

Hi ,
The basic idea is that the .Net runtime comes with a security policy which
is restrictive. So we need this new security policy to take effect for you
to be able to run an application of the network share. As far as using
group policy to modify the settings, i am not sure if it can be done. At
this point the only way I know of is to use the msi and deploy it which
wold make the necessary changes in each system or manually chanaging it on
each system. Either way the new security policy has to be in effect to make
your app work.

Thanks

Anand Balasubramanian
Microsoft, Visual Basic .NET

This posting is provided "AS IS" with no warranties, and confers no rights.
Please reply to newsgroups only. Thanks

 

[Jason]

Thank you for the response. I am trying to get this straight in my head, so
please bear with me. Are you saying if I wrote a VB application and sold it
to a company and that company put the application I wrote on their server,
the company would have to change the security policy on the PCs that wanted
to use it? If this is the case then how can anyone develop software using
VB? Please bear in mind the last version of Visual Basic I used before now
was version 3.

Jason

 

[Anand Balasubramanian]

Hi Jason,
Its not a problem if you want me to explain things. Basically when you
write a VB,net aplication, you would create an MSI which is the setup
project for the application. You woudl then install this on every pc it is
going to run. So when the user executes, everything will work fine, because
the exe is from the local box. So the .Net security will not complain. But
if you install it on a server and the users click it and run it, then you
will have to give the necessary permissions on each machine to trust the
network share. The reason why people deploy apps in a network share is
because then you always update it only on the server and dont have to
update it on every client machine. Although this process looks like it
would save a lot of work, we generally do not recommend it. The reason is
when the user clicks the app on the network share, it will still run on the
local machine, and it has to download the depenedent dlls to the local
machine before executing it. This will work in many cases, but there can be
problems too. I just had a customer who did the same thing and he had
problems with his application because some of the dls were not downloaded
to the client machine. To circumvent this problem there is a new way of
deploying applications called no-touch deployment. Basically in this case,
you would put you application in a web folder in a web server and then the
client can browse to the app vie IE and that will take care of downloading
the dependent dlls. Here is a link about this topic
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechar
t/html/vbtchNo-TouchDeploymentInNETFramework.asp

If you still have questions please do post back to the news group and I
will answer it as best as I could.

Anand Balasubramanian
Microsoft, Visual Basic .NET

This posting is provided "AS IS" with no warranties, and confers no rights.
Please reply to newsgroups only. Thanks