locked
Security Code Snafu RRS feed

  • Question

  • CodeAccessPermission fiop = new FileIOPermission(PermissionState.Unrestricted);
    CodeAccessPermission ep = new EnvironmentPermission
        (EnvironmentPermissionAccess.Read, "USERNAME"));
    CodeAccessPermission fdp = new FileDialogPermission(FileDialogPermissionAccess.Open));
    CodeAccessPermission isfp = new IsolatedStorageFilePermission(PermissionState.Unrestricted));
    CodeAccessPermission rp = new ReflectionPermission(ReflectionPermissionFlag.MemberAccess));
    CodeAccessPermission uip = new UIPermission(UIPermissionWindow.SafeTopLevelWindows));
    CodeAccessPermission pp = new PrintingPermission(PrintingPermissionLevel.SafePrinting));
    Console.WriteLine(fiop.GetType().ToString() + ": " + SecurityManager.IsGranted(fiop));
    Console.WriteLine(ep.GetType().ToString() + ": " + SecurityManager.IsGranted(ep));
    Console.WriteLine(fdp.GetType().ToString() + ": " + SecurityManager.IsGranted(fdp));
    Console.WriteLine(isfp.GetType().ToString() + ": " + SecurityManager.IsGranted(isfp));
    Console.WriteLine(rp.GetType().ToString() + ": " + SecurityManager.IsGranted(rp));
    Console.WriteLine(uip.GetType().ToString() + ": " + SecurityManager.IsGranted(uip));
    Console.WriteLine(pp.GetType().ToString() + ": " + SecurityManager.IsGranted(pp));

     

    If the above code is ran from a command prompt from C:\ and with administrator privileges, it produces ‘true’ to all permissions (C:\Permissions.exe) since My_Computer_Zone (C:\) has the Full Trust permission set.
    If the above code is ran from a command prompt through a loopback with administrator privileges, it should NOT produce ‘true’ for several permissions (\\127.0.0.1\C$\Permissions.exe). Permissions.exe is now running from a shared folder and hence under the Internet Zone. Specifically IsolatedStorageFilePermission. Yet in my case it does!

    .NET Configuration Tool shows everything as normal. Zones and their respective trusts are as follows. My Computer: Full Trust; Local Intranet: Medium Trust; Internet: Low Trust; Trusted Sites: Low Trust; Untrusted Sites: No Trust.
    Runtime Security Policy –> Machine –> Code Groups –> All_Code –> Internet_Zone –> Internet_Same_Site_Access also reset to normal settings.

    I’m baffled! Any help is welcomed.

    * Code, although modified, is courtesy of Tony Northrup’s book “Microsoft .NET Framework – Application Development Foundation”.

    Tuesday, February 2, 2010 9:06 PM

Answers

  • Problem solved: "Starting with the .NET Framework version 3.5 Service Pack 1 (SP1), applications and their library assemblies can be run as full-trust assemblies from a network share." Basically if you have .NET 3.5 SP1 installed then your app runs with full trust even from a network share. And there's this too: http://msdn.microsoft.com/en-us/library/cc713717(VS.100).aspx
    • Marked as answer by Goode4U Wednesday, February 3, 2010 10:34 PM
    Wednesday, February 3, 2010 10:24 PM