none
Running a VB.Net over the network - tried work arounds but still having problems. RRS feed

  • Question

  • Hi,
     
    Like other people I am running into a Security problem when running an application over a network.

    First:
    I tried what this article described here http://weblogs.sqlteam.com/jhermiz/archive/2007/08/14/60284.aspx under the "The Right Way of doing it". It didnt work.

    Second:
    In the projects properties on the Signing tab I ticked "Sign the assembly" and I created a strong name key. I rebuilt the project but I still got an error regarding "AllowPartiallyTrustedCallers" so done some more searching and found I should of added this line <
    <Assembly: AllowPartiallyTrustedCallers()> 
    to the AssemblyInfo.vb, so I did and rebuilt. However I still got an error and I'm now stuck. Here's the error:

    System.Security.SecurityException was unhandled

      Message="Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."

      Source="mscorlib"

      StackTrace:

           at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)

           at System.Security.CodeAccessPermission.Demand()

           at Microsoft.VisualBasic.Interaction.Command()

           at CapitalMenus.My.MyApplication.MyApplication_Startup(Object sender, StartupEventArgs e)

           at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnStartup(StartupEventArgs eventArgs)

           at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()

           at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(String[] commandLine)

           at CapitalMenus.My.MyApplication.Main(String[] Args)

      InnerException

    Here is my code in the MyApplication_StartUp: 
    Dim WMACLEVX As New WMACLEVX_Wrapper  
    Dim WJOBEXTX As New WJOBEXTX_Wrapper  
     
                LogonText = Command()  <- I suspect its falling over here
     
                Validate_Logon()  
     
                SplashScreen2.lblProgress.Text = "Login on to the Capital Server " & DBMC & " - " & DBDSN & vbCrLf  
                DoEvents()  
     
                If gDEBUG = "1" Then 
                    MsgBox(LogonText)  
                    MsgBox("-DSN " & DBDSN & " -DBPWD " & DBPWD & " -DBUID " & DBUID & " -DBTYPE " & DBTYPE & " -DBLINKS " & DBLINKS & " -LCKMGR " & LCKMGR & " -LCK " & LCK & " -RDR " & RDR & " -USER " & DBUSER & " -DBENVI " & DBENVI & " -IPLCKSVR " & IPLCKSVR & " -EPLCKSVR " & EPLCKSVR & " -IPSCRN " & IPSCRN & " -EPSCRN " & EPSCRN)  
                End If 
     
                InitWrappers()  
     
                SplashScreen2.lblProgress.Text = SplashScreen2.lblProgress.Text & "Connected" & vbCrLf  
     
                sDetermineLang()  
                strDateFormat = GetDateFormatUsed()  
     
                gSetAppDataPath()  
     
                SplashScreen2.lblProgress.Text = SplashScreen2.lblProgress.Text & "Generating Menu" 
                DoEvents()  
     
                frmCapitalMenu.GenerateCapitalMenu() 
    Any help appriciated

    Cheers
    Darren

    Friday, October 31, 2008 11:18 AM

Answers

All replies

  • It's not the Right Way.  Running Caspol.exe is required, read the comments in the web page.
    Hans Passant.
    Friday, October 31, 2008 12:29 PM
    Moderator
  • Actually installing .Net 3.5 SP1 also fixes this issue see this for more information on it.
    Friday, October 31, 2008 4:17 PM
  • As nobugz said, use Caspol.

    I would think of using the following two approaches, FullTrust, or grant specific permissions which needed.

    1, On client machines to grand "Full Trust" permission to your assemblies lying on the server. The command line looks like this:
    caspol -m -ag LocalIntranet_Zone -url \\<ServerName>\<FolderName>\* FullTrust -n "<Name>" -d "<Description>"

    To successfully run this command, you must have admin rights (in Vista / 2008 should also run Elevated when UAC is on).

    This approach is straightforward, giving all permissions to your assemblies on the server. You can also use MMC to do the equal using UI.

    However, by doing this, you are saying that your assemblies are relatively safe, no security holes can be (at least easily) found by malicious users or some other programs to do bad things on the client machines.

    2. So if you have clear idea of what permissions your application needs, you can create your own group with these specific permissions granted, and then add your assemblies on the server to the group.

    Which way to go actually depends on what the app does and the specific environment (people, corp security policy, etc.).
    VSTO Rocks!
    Monday, November 3, 2008 8:09 AM
  • Thanks all for your suggestions.

    SP1 did infact solve the issue. I have SP1 installed and was not getting the error, another devoloper did not so SP is the answer here - Will let my network admin know.

    However I'm getting an error:

    System.IO.FileLoadException was unhandled

      Message="Could not load file or assembly 'Interop.cwbx, Version=1.1.0.0, Culture=neutral, PublicKeyToken=24dc217ad1c50c15' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)"

      Source="capital41dn"

      FileName="Interop.cwbx, Version=1.1.0.0, Culture=neutral, PublicKeyToken=24dc217ad1c50c15"

      FusionLog="WRN: Assembly binding logging is turned OFF.\r\nTo enable assembly bind failure logging, set the registry value [HKLM\\Software\\Microsoft\\Fusion!EnableLog] (DWORD) to 1.\r\nNote: There is some performance penalty associated with assembly bind failure logging.\r\nTo turn this feature off, remove the registry value [HKLM\\Software\\Microsoft\\Fusion!EnableLog].\r\n"

      StackTrace:

           at capital41dn.ServerCallIF.SetServerCallMechanism(Int16 rqdCallMechanism, String rqdURL, String rqdUID, String rqdPWD, String initPgm, String rqdDSN)

           at capital41dn.mCapital.InitWrappers()

           at CapitalMenus.My.MyApplication.MyApplication_Startup(Object sender, StartupEventArgs e)

           at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnStartup(StartupEventArgs eventArgs)

           at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()

           at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(String[] commandLine)

           at CapitalMenus.My.MyApplication.Main(String[] Args)

      InnerException:

    The file (Interop.cwbx) is a IBM CLient Access DLL which we use to call COBOL programs. The dll does exist in the path where the exe resides - Do I have to run caspol even though SP1 is installed? Do all Client PC's have to have the SDK installed to run caspol?

    Thanks again
    Darren

    Monday, November 3, 2008 10:34 AM
  • This is not a security problem.  Use Fuslogvw.exe to find out what version of the interop assembly it is looking for and what it found.
    Hans Passant.
    Monday, November 3, 2008 10:57 AM
    Moderator
  • Thanks,

    Couldn't figure out how to work Fuslogvw.exe however I rebuilt my own DLL which contains the Interop.cwbx.dll copied to netshare and it all works now.

    Thanks again for all your help

    Darren

    Monday, November 3, 2008 12:51 PM
  • Thanks,

    Couldn't figure out how to work Fuslogvw.exe however I rebuilt my own DLL which contains the Interop.cwbx.dll copied to netshare and it all works now.

    Thanks again for all your help

    Darren

    Hi Darren,

    Can you tell me how you did the following: "... rebuilt my own DLL which contains the Interop.cwbx.dll copied to netshare ..."

    I've created a C# program to read from the data queue.  When I run the program (on my PC) in debug mode, everything works fine.  But when I try to run the program from my network with a copy of cwbx in the same network location, I get the error code -2147467259.  I suspect that the problem is that the pc data queue is being populated and not the network one.  If that makes sense. 
    Thursday, June 4, 2009 5:05 AM
  • Thanks,

    Couldn't figure out how to work Fuslogvw.exe however I rebuilt my own DLL which contains the Interop.cwbx.dll copied to netshare and it all works now.

    Thanks again for all your help

    Darren

    Hi Darren,

    Can you tell me how you did the following: "... rebuilt my own DLL which contains the Interop.cwbx.dll copied to netshare ..."

    I've created a C# program to read from the data queue.  When I run the program (on my PC) in debug mode, everything works fine.  But when I try to run the program from my network with a copy of cwbx in the same network location, I get the error code -2147467259.  I suspect that the problem is that the pc data queue is being populated and not the network one.  If that makes sense. 


    Hi hanashiaru,

    Copy the Interop.cwbx.dll again from your PC to net share then run your exe again (over network).

    Everytime you "rebuild" the Interop.cwbx.dll gets recreated your better of just taking the "build" option the assembly otherwise you will have to copy not only the exe but also Interop.cwbx.dll.

    Hope this helps.
    Darren
    Thursday, June 4, 2009 8:13 AM
  • Thanks for your suggestions.

    Interestingly, what's hanging me up is this:

    When I run the exe as a call from iSeries CL command STRPCCMD, I get that error.  However, when I run the exe by double-clicking it, the exe reads the data queue, etc.

    Ever experience that?
    Thursday, June 4, 2009 7:49 PM