.NET Framework Developer Center >
.NET Development Forums
>
Common Language Runtime
>
How to Run .NET Executable on a Network Drive?
How to Run .NET Executable on a Network Drive?
I'm sure this is very basic.
I have an application, a very basic C# Windows Form test application that runs when I execute locally. However, when I copy it to a mapped network drive, such as S: I see this:
Unhandled Exception: System.Security.Policy.PolicyException: Unverifiable assemb
ly 'S:\Andrew\test.exe' failed policy check.OK. How do I make the assembly verifiable? Does each user need a public key or to have Test.exe added to a security policy?
Once I clear that hurdle, what libraries do I need to install on S: (or on the user's local machine?) to get .NET 2.0 Framework to work?
Thank you,
Answers
- Do you have unsafe code in your assembly? If so, you'll either need to remove it so that the assembly becomes verifiable or modify the code access security policy on the client machine(s) so that your assembly is granted SecurityPermission\SkipVerification. Unless it's very extensive, removing the unsafe code would probably be the simpler of the two approaches (assuming, of course, that a verifiable code implementation can be substituted without compromising functionality).
Thank you. Part of the problem was I had network drives (intranet) as untrusted in .NET.
The other problem was miximg STL code in C++ (unsafe) with C# (safe).
- It seems that I have found a solution to my problem statement (i.e. How does one make the .NET Framework trust one's application when started from a Network Share with minimal user interaction?), and I might as well share it with you all.
The .NET Framework comes with a utility called CasPol.exe that can be used to tweak trust policies that result in the above-mentioned security exceptions.
The primary command line towards achieving this is -CasPol.exe -m -ag 1.2 -url file://Network_PC_Name/Share_Name/* FullTrust
For minimal user-interaction, one needs to also disable the prompt, which is ON by default, and the commands to be executed are -- CasPol.exe -pp off (assuming that prompting was on - default case. Caller needs administrative privileges).
- CasPol.exe -m -ag 1.2 -url file://Network_PC_Name/Share_Name/* FullTrust (the command of interest)
- Caspol.exe -pp on (restoring it to default value)
- http://blogs.msdn.com/shawnfa/archive/2004/12/30/344554.aspx
- http://blogs.msdn.com/shawnfa/archive/2005/07/27/443975.aspx
- CasPol.exe -pp off (assuming that prompting was on - default case. Caller needs administrative privileges).
All Replies
- Do you have unsafe code in your assembly? If so, you'll either need to remove it so that the assembly becomes verifiable or modify the code access security policy on the client machine(s) so that your assembly is granted SecurityPermission\SkipVerification. Unless it's very extensive, removing the unsafe code would probably be the simpler of the two approaches (assuming, of course, that a verifiable code implementation can be substituted without compromising functionality).
- You can get the .NET 2.0 Redistributable at http://www.microsoft.com/downloads/details.aspx?familyid=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en
Thank you. Part of the problem was I had network drives (intranet) as untrusted in .NET.
The other problem was miximg STL code in C++ (unsafe) with C# (safe).
I am having this same problem with a small application and it's driving me crazy. The program works fine on ANY local drive, but not on any network drives.
How do you make network drives trusted? When I do, is this only for MY computer or for the application when it is run from ANY computer?
Also, what IS unsafe code and how do I identify it?
Control Panel->Administrative Tools->.NET Framework Configuration ?.?->Runtime Security Policy->Adjust Zone Security
This will only change the policy for the client machine.
Unsafe code generally refers to unmanged code, even though my unmanaged code is always safe, lol.
- Actually, I am facing a very similar problem - my C-Sharp application does use unmanaged code (C++ COM Components) - and it isn't feasible to throw them away and write all of it over in C-Sharp.
Additionally, it is also difficult for me to convince our users to navigate to that wizard in Control Panel and make .NET trust my application.
So, is there a programmatic solution to this issue given the constraints?
It'll be nice to have some ideas...
Thanks,
Sid! - It seems that I have found a solution to my problem statement (i.e. How does one make the .NET Framework trust one's application when started from a Network Share with minimal user interaction?), and I might as well share it with you all.
The .NET Framework comes with a utility called CasPol.exe that can be used to tweak trust policies that result in the above-mentioned security exceptions.
The primary command line towards achieving this is -CasPol.exe -m -ag 1.2 -url file://Network_PC_Name/Share_Name/* FullTrust
For minimal user-interaction, one needs to also disable the prompt, which is ON by default, and the commands to be executed are -- CasPol.exe -pp off (assuming that prompting was on - default case. Caller needs administrative privileges).
- CasPol.exe -m -ag 1.2 -url file://Network_PC_Name/Share_Name/* FullTrust (the command of interest)
- Caspol.exe -pp on (restoring it to default value)
- CasPol.exe -pp off (assuming that prompting was on - default case. Caller needs administrative privileges).
- It seems that I have found a solution to my problem statement (i.e. How does one make the .NET Framework trust one's application when started from a Network Share with minimal user interaction?), and I might as well share it with you all.
The .NET Framework comes with a utility called CasPol.exe that can be used to tweak trust policies that result in the above-mentioned security exceptions.
The primary command line towards achieving this is -CasPol.exe -m -ag 1.2 -url file://Network_PC_Name/Share_Name/* FullTrust
For minimal user-interaction, one needs to also disable the prompt, which is ON by default, and the commands to be executed are -- CasPol.exe -pp off (assuming that prompting was on - default case. Caller needs administrative privileges).
- CasPol.exe -m -ag 1.2 -url file://Network_PC_Name/Share_Name/* FullTrust (the command of interest)
- Caspol.exe -pp on (restoring it to default value)
- http://blogs.msdn.com/shawnfa/archive/2004/12/30/344554.aspx
- http://blogs.msdn.com/shawnfa/archive/2005/07/27/443975.aspx
- CasPol.exe -pp off (assuming that prompting was on - default case. Caller needs administrative privileges).
- I know this post is 2 years old, and it should have solved all the problem, right? Unfortunately, when I try Siddhartha's suggestion faithfully, as: Caspol.exe -pp off -m -ag 1.2 -url file://\\Indra/Share/* FullTrust, and it seems OK, as it replied with success, I still can't run my program, even to pass the standard Splash screen provided by VB2005. It comes up with error:
"Application attempted to perform an operation not allowed by security policy. To grant this application the required permission, contact your system administrator, or use the Microsoft .NET Framework Configuration tool.
If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.
Request for the permission of type
'System.Security.Permission.FileIOPermission, mscorlib, version=2.0.0.0, Culture=neutral, PublicKeyToken= b77a5c561934e089'"
This is the first time I am trying anything over intranet, there should be a way out of this, right? Help, please?
- Had the same problem while trying to launch a program over the network, here is the line that worked for me:
caspol -machine -addgroup 1 -url "file:///\\path\to\executable\dir\*" FullTrust
As I have experimented a lot with adding rights, I first listed and removed all the previously added records by usingandcaspol -lg
caspol -rg
Hope this helps - Hello,
I'm having problems also running a small .net app from a network drive. Getting errors about fileIOpermission. Where in the application does this code: caspol -machine -addgroup 1 -url "file:///\\path\to\executable\dir\*" FullTrust go? Thanks in advance. - I know this is a very old post, but...
i tried the caspol command in one of our users' machine, it does require the user to login as an administrator to execute he command. maybe i can do that for this user, how can i make this happen to all other 100 users?...
