Using remoting features inside a .NET applet loaded in a tag object

[Lambuz]

First of all, is it possible usign .NET remoting feature inside a .NET
applet loaded into a tag object inside an HTML page ?

<OBJECT id="myID" height="150" width="300"
classid="http:applet.dll#test.applet"> </OBJECT>

If not please can anyone explain why ?

I think yes and so I'd written a small example immediately I've met a
problem.

I'm using .NET Framework v. 1.1.4322 and it's the only version
installed both client side and server side.

My test applet is correctly loaded into IE client but when I try to
setting programmatically the remoting I aways obtain a
SecurityException even if the assembly is strong name signed and client
side fully trusted.

The exception is the following:
System.Security.SecurityException: Request for the permission of type
System.Security.Permissions.SecurityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
failed.
at
System.Security.CodeAccessSecurityEngine.CheckTokenBasedSetHelper(Boolean
ignoreGrants, TokenBasedSet grants, TokenBasedSet denied, TokenBasedSet
demands)
at
System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet
grants, PermissionSet denied, PermissionSet demands)
at
System.Runtime.Remoting.Channels.ChannelServices.RegisterChannel(IChannel
chnl) at test.applet.Check()

Could anyone help me please ?

Best regards

 

[Dmytro Lapshyn [MVP]]

Hi,

..NET controls, when loaded inside IE, are given pretty restricted security
permissions. In particular, they are not allowed to access the network. You
can change this permission set by using the .NET Framework configuration
tools, but this will have to be done on every machine where your code is
going to be used.

Consider using an AJAX-like approach when JavaScript code on the page uses
the XMLHttpRequest object to talk to the server and then feeds the received
data to the .NET object hosted within the OBJECT tag.

 

[Lambuz]

.NET controls, when loaded inside IE, are given pretty restricted security

permissions. In particular, they are not allowed to access the network. You
can change this permission set by using the .NET Framework configuration
tools, but this will have to be done on every machine where your code is
going to be used.

While I was waiting an answer from somebody I've solved my problem, but
now I've got another one.

The code I'm using is the following:

PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new SecurityPermission(PermissionState.Unrestricted));

ps.AddPermission(new SocketPermission(PermissionState.Unrestricted));
ps.Assert();

TcpClientChannel _channel = new TcpClientChannel();
ChannelServices.RegisterChannel(_channel);
RemotingConfiguration.RegisterActivatedClientType(typeof(DataProvider),"tcp://localhost:8081");

//DataProvider dp = (DataProvider)
(Activator.CreateInstance(typeof(DataProvider)));
DataProvider dp = new DataProvider();


As you can see even if my assembly is strong name signed and fully
trusted by strong nome reference I must create to permission and it's
very strange for me...can you explain to me ?

My real problem is that if I create my remote object by Activatar
object I always obtain the following exception:

System.Security.SecurityException: Request failed.
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at System.Activator.CreateInstance(Type type)
at IBM.Cipros.Refinery.CPRSWebClient.Check()

The granted set of the failing assembly was:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission
class="System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Read="USERNAME"/>
<IPermission
class="System.Security.Permissions.FileDialogPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
<IPermission
class="System.Security.Permissions.IsolatedStorageFilePermission,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Allowed="AssemblyIsolationByUser"
UserQuota="9223372036854775807"
Expiry="9223372036854775807"
Permanent="True"/>
<IPermission
class="System.Security.Permissions.ReflectionPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="ReflectionEmit"/>
<IPermission class="System.Security.Permissions.SecurityPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Assertion, Execution, BindingRedirects"/>
<IPermission class="System.Security.Permissions.UIPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
<IPermission class="System.Net.DnsPermission, System,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
<IPermission class="System.Drawing.Printing.PrintingPermission,
System.Drawing, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
version="1"
Level="DefaultPrinting"/>
<IPermission class="System.Diagnostics.EventLogPermission, System,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
<Machine name="."
access="Instrument"/>
</IPermission>
<IPermission class="System.Net.WebPermission, System,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
<ConnectAccess>
<URI uri="(https|http)://localhost/.*"/>
</ConnectAccess>
</IPermission>
<IPermission
class="System.Security.Permissions.SiteIdentityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Site="localhost"/>
<IPermission
class="System.Security.Permissions.UrlIdentityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Url="http://localhost/"/>
<IPermission
class="System.Security.Permissions.ZoneIdentityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Zone="Intranet"/>
</PermissionSet>

If I use directly the contructor of my remote object it takes a couple
of minute to create it, it is very strange because if I use the
prevoius code inside a console application the remote creation is very
quickly, quite immediat. Do you know the reason ?

Consider using an AJAX-like approach when JavaScript code on the page uses
the XMLHttpRequest object to talk to the server and then feeds the received
data to the .NET object hosted within the OBJECT tag.

it is already the first alternative if my initial solution is
impossible to realize.

 

[Dmytro Lapshyn [MVP]]

As you can see even if my assembly is strong name signed and fully

trusted by strong nome reference I must create to permission and it's
very strange for me...can you explain to me ?

I wish I could remember all the intricacies of .NET Framework security...
especially when it comes to hosting .NET objects in IE. As I understand,
you've already created a code group with the FullTrust permission set and
the membership condition for this group is matching a certain assembly
strong name. Have you tested that the membership condition works properly?
You can do so by launching the .NET Configuration MMC console, then clicking
on the "Runtime Security Policy" node in the left pane and then clicking on
the "Evaluate Assembly" task link in the right pane.

Another thing you can try is trying the "Adjust Zone Security" wizard, a
link to which is available on the same page in the right pane. However, be
careful and don't loosen the security too much. I'd rather consider
loosening the security restrictions for the "Trusted Sites" zone (given you
have the ability and willingness to consider the site hosting the
DataProvider as a trusted site).

 

[Lambuz]

You can do so by launching the .NET Configuration MMC console, then clicking

on the "Runtime Security Policy" node in the left pane and then clicking on
the "Evaluate Assembly" task link in the right pane.

I've already tested it and everything is ok.

What about my other problem:

-----------------------
If I use directly the contructor of my remote object it takes a couple
of minute to create it, it is very strange because if I use the
prevoius code inside a console application the remote creation is very
quickly, quite immediat. Do you know the reason ?
---------------------------------

Another thing you can try is trying the "Adjust Zone Security" wizard, a
link to which is available on the same page in the right pane. However, be
careful and don't loosen the security too much. I'd rather consider
loosening the security restrictions for the "Trusted Sites" zone (given you
have the ability and willingness to consider the site hosting the
DataProvider as a trusted site).

I'll try...but please take a look at my other problem described above.

thanks

 

[mabra]

Hi !

I remembered just, that in my own controls using remoting - I never
found the time to develop them to it's end - I had the same problem.

Once upon a time in this group, someone posted a workaround, which
helped me. Use simply the following statement, before you initialize the
remoting layer:

System.Configuration.ConfigurationSettings.GetConfig("DNS");

May be, that is helpful for you too.
Best regards,
Manfred


The original thread was:

http://groups.google.de/group/micro...38909a2?lnk=gst&q=IE&rnum=17#24e4d4c8638909a2


One of the posters links to the solution:

http://www.genuinechannels.com/Content.aspx?id=20&type=1