none
Permissions for dll's in subfolder (using probing)

    Question

  • Hi,

    I have a .NET 3.5 application that consists of two assemblies:
    foo.exe and bar.dll

    foo.exe calls a method in bar.dll that tries to get the temp folder path using Path.GetTempPath()

    If I place both the .exe and the dll in a unc folder (\\netdrive\app\), there is no problem, the Path.GetTempPath() in bar.dll works as expected.

    But: If I place the exe file in \\netdrive\app\ and the dll in \\netdrive\app\bin\ the Path.GetTempPath() throws an exception: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

    I have added probing for /bin in the app.config.

    Why does bar.dll get lower permissions when it is placed in the \bin subfolder? And how can I correct this?

     

    Tuesday, March 15, 2011 2:32 PM

Answers

  • You may put following code in both the exe assembly and the dll assembly, to print the security zone they belong to:

     

                Evidence evi = Assembly.GetExecutingAssembly().Evidence;

                IEnumerator e = evi.GetEnumerator();

                while (e.MoveNext())

                {

                    Zone zone = e.Current as Zone;

                    if (zone != null)

                    {

                        Console.WriteLine(zone.SecurityZone.ToString());

                    }

                }

     

    My test result shows that:

     

    1. If the exe and dll locate in same folder, both of them output "MyComputer" which refers to "My_Computer_Zone".

    2. If the dll is putted in the bin folder, the exe output "MyComputer", but the dll shows "Intranet" (which means "LocalIntranet_Zone".

     

    I haven't find out why, but, to fixed this issue, you may grant Unrestricted permission of System.Security.Permissions.EnvironmentPermission to LocalInternet_Zone; or, create a sub-group under LocalInternet_Zone, give URL: file://netdrive/app/bin/mylib.dll a FullTrust permission set.

     

    For how to set security policy of .NET, you may want to read: Understanding .NET Code Access Security


    Eric Yang [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by eryang Monday, March 21, 2011 8:34 AM
    Wednesday, March 16, 2011 4:07 AM