none
Adding CodeGroups to the CAS policy RRS feed

  • Question

  • Hi there,

    I'm trying to create some CodeGroups automitically by code, but can't get it to work.

    I'm executing some CasPol.exe commands which works perfectly when executed in the command promt, but doesn't when executed by code.
    I've also tried to use the SecorityManager but with no luck.

    Can anyone please givee me a hint?

    Thanks

    Casper


    1 private void button1_Click(object sender, EventArgs e)  
    2 {  
    3     string url = "http://mywebsite.com/*";  
    4     string name = "My Code Group";  
    5     if (CodeGroupExists(url))  
    6     {  
    7         textBox1.Text += name + " exists\r\n";  
    8         RemoveCodeGroup(name);  
    9         textBox1.Text += name + " removed\r\n";  
    10     }  
    11     AddCodeGroup(url, name);  
    12     textBox1.Text += name + " added!\r\n";  
    13 }  
    14  
    15 private static bool CodeGroupExists(string url)  
    16 {  
    17     return RunProcess("-lg").Contains(url);  
    18 }  
    19  
    20 private static void RemoveCodeGroup(string name)  
    21 {  
    22     RunProcess(String.Format("-rg \"{0}\"", name));  
    23 }  
    24  
    25 private static void AddCodeGroup(string url, string name)  
    26 {  
    27     RunProcess(String.Format("-pp off -machine -addgroup 1. -url {0} FullTrust -name \"{1}\"", url, name));  
    28 }  
    29  
    30 private static string RunProcess(string argument)  
    31 {  
    32     string rootpath = RuntimeEnvironment.GetRuntimeDirectory();  
    33     Process p = new Process();  
    34     p.StartInfo.CreateNoWindow = true;  
    35     p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;  
    36     p.StartInfo.FileName = rootpath + "CasPol.exe";  
    37     p.StartInfo.Arguments = argument;  
    38     p.StartInfo.RedirectStandardOutput = true;  
    39     p.StartInfo.UseShellExecute = false;  
    40     p.Start();  
    41     p.WaitForExit();  
    42     return p.StandardOutput.ReadToEnd();  
    43 }  
    44  


    Tuesday, November 11, 2008 1:46 PM

Answers

  • Hi

    I figured out what was "wrong". I've also tried with similar caose as you proposed but it gives me the same result.

    The catch is that I run Vista 64-bit. this means that whenever I run my code the changes were made in the 64-bit version of the CAS policy. Now, when I look in the mmc config tool only show data from the 32-bit version.

    Now when you run Internet Explorer (which is where my app lives) on Vista 64-bit it actually by default runs a 32-bit version. Therefore my changes to the 64-bit version of caspol has no effect.

    As soon as i changed the build target from Any CPU to x86, then everything worked!

    //Casper

    • Marked as answer by Casper Jensen Thursday, November 13, 2008 8:08 PM
    Thursday, November 13, 2008 8:07 PM

All replies

  • Ideally, you should be using the configuration classes to create your cas policy nodes. Here is some sketch code:

    PolicyLevel machineLevel = new PolicyLevel("Machine"); //create at machine level
    NamedPermissionSet ns = new NamedPermissionSet("name", enumtype);
    nps.Description = "description";
    nps.AddPermissions = new FileIOPermission(PermissionState.Unrestricted));

    //guard with exception handling for failure
    machineLevel.AddNamedPermissionSet(ns);

    I think the problem you are running into is that the CAS policy updates require admin privileges. Process start may not have the approproate permissions.
    • Proposed as answer by Vapordan Thursday, November 13, 2008 4:46 PM
    • Unproposed as answer by Casper Jensen Thursday, November 13, 2008 8:08 PM
    • Unproposed as answer by Casper Jensen Thursday, November 13, 2008 8:08 PM
    • Unproposed as answer by Casper Jensen Thursday, November 13, 2008 8:08 PM
    Thursday, November 13, 2008 4:45 PM
  • Hi

    I figured out what was "wrong". I've also tried with similar caose as you proposed but it gives me the same result.

    The catch is that I run Vista 64-bit. this means that whenever I run my code the changes were made in the 64-bit version of the CAS policy. Now, when I look in the mmc config tool only show data from the 32-bit version.

    Now when you run Internet Explorer (which is where my app lives) on Vista 64-bit it actually by default runs a 32-bit version. Therefore my changes to the 64-bit version of caspol has no effect.

    As soon as i changed the build target from Any CPU to x86, then everything worked!

    //Casper

    • Marked as answer by Casper Jensen Thursday, November 13, 2008 8:08 PM
    Thursday, November 13, 2008 8:07 PM