none
Framework 2 security policy RRS feed

  • Question

  • What do I need to do for a program written in VB.net using Framework v2 full trust/permissions to run and do what needs to do?  Is there a script that exists that will set all permissions so that any .net program run from this folder/drive is fully trusted and can do whatever it wants?

    I am constantly battling with LinkDemand or I/O permission errors.  We wrote the programs it's on our servers, how can we use them without policy errors?

    Our environment is different and it can't change,we need to be consistent with some older programs.

    Users connects to server using remote desktop, when the logon, they get user mapped drives to run software from and their data.

    Run .net application from mapped drive E:\MYPROGRAM\APP.EXE

    E: is mapped to \\%computername%\users\%username%

    .Net application tries to open a file for read/write on J:

    J: is mapped to \\%computername%\data1


    An example of an error where we are trying to load an assembly using reflection.  We have assemblies with classes that inherit PrintDocument so we can add new reports and run them without recompiling our application.  The main app, checks for DLL files in a folder, opens the DLL files using reflection and checks for classes that inherit PrintDocument and presents those as available reports.  when we try to run one of those reports, we get the following error.  when using reflection to load an instance to run it, we get the following error:


    [3060] ERROR MyApp.FormMain - An error occured trying to load the report.System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: That assembly does not allow partially trusted callers. 
    [3060]    at MyApp.CustomReports.CustomReport1..ctor() 
    [3060] The action that failed was: 
    [3060] LinkDemand 
    [3060] The assembly or AppDomain that failed was: 
    [3060] MyApp.CustomReports, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null 
    [3060] The Zone of the assembly that failed was: 
    [3060] Trusted 
    [3060] The Url of the assembly that failed was: 
    [3060] file:///E:/MyApp/REPORT/REPORTS/Report.AS0004.dll 
    [3060]    --- End of inner exception stack trace --- 
    [3060]    at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) 
    [3060]    at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) 
    [3060]    at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) 
    [3060]    at System.Activator.CreateInstance(Type type, Boolean nonPublic) 
    [3060]    at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) 
    [3060]    at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) 
    [3060]    at System.Activator.CreateInstanceFrom(String assemblyFile, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo) 
    [3060]    at System.Activator.CreateInstanceFrom(String assemblyFile, String typeName, Object[] activationAttributes) 
    [3060]    at System.Activator.CreateInstanceFrom(String assemblyFile, String typeName) 
    [3060]    at MyApp.Reporting.ReportUpdate.GetReportPrintDocument(String assembyPath, String typeName) 
    [3060]    at MyApp.FormMain.PrintReport(Int32 rowIndex) 
    


    • Edited by Korazy Friday, June 8, 2012 5:20 PM
    Friday, June 8, 2012 4:35 PM

All replies

  • Hi, 

    As exception explains clearly, 

    System.Security.SecurityException: That assembly does not allow partially trusted callers

    I think you should do 

    • Give library MyApp.CustomReports a strong name 

    or



    If this post answers your question, please click "Mark As Answer". If this post is helpful please click "Mark as Helpful".

    Saturday, June 9, 2012 2:50 PM
  • Thanks for the response.  It has gotten me further, but now I am hung up because it needs access to unmanagedcode.  I have done a bunch of reading, but I am not finding an answer that works for me.  I have read and I have tried numerous things, but I can't get past this error.

    My app and my assembly have strong names, digitally signed using verisign code signing cert and in a trusted zone.

    Added to AssemblyInfo.vb to my app and assemblies:

    <Assembly: System.Security.AllowPartiallyTrustedCallers()>

    How can I fix this error?

     ERROR ASCREPORT.FormMain - An error occured trying to load the report.System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. 
        at MyAssembly.Common.ApgFile.AVBinit(Int16 Startup)
        at MyAssembly.Common.ApgFile.Init()
        at MyAssembly.Common.ApgFile..ctor()
        at MyAssembly.Reports.AS0004.CustomReport1..ctor()
     The action that failed was:
     Demand
     The type of the first permission that failed was:
     System.Security.Permissions.SecurityPermission
     The first permission that failed was:
     <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     Flags="UnmanagedCode"/>
     
     The demand was for:
     <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     Flags="UnmanagedCode"/>
     
     The granted set of the failing assembly was:
     <PermissionSet class="System.Security.PermissionSet"
     version="1">
     <IPermission class="System.Security.Permissions.FileDialogPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     Access="Open"/>
     <IPermission class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     Allowed="ApplicationIsolationByUser"
     UserQuota="512000"/>
     <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     Flags="Execution"/>
     <IPermission class="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     Window="SafeTopLevelWindows"
     Clipboard="OwnClipboard"/>
     <IPermission class="System.Security.Permissions.PublisherIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     X509v3Certificate="3082057F30820467A003020102021004290530B4CC3717D1F4F043DF5C8DA5300D06092A864886F70D01010505003081B4310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313B3039060355040B13325465726D73206F66207573652061742068747470733A2F2F7777772E766572697369676E2E636F6D2F727061202863293130312E302C06035504031325566572695369676E20436C617373203320436F6465205369676E696E672032303130204341301E170D3130313132393030303030305A170D3132313231383233353935395A3081C2310B3009060355040613025553311530130603550408130C50656E6E73796C76616E6961311730150603550407130E57657374204D6964646C6573657831163014060355040A140D4175746F536F667420496E632E313E303C060355040B13354469676974616C20494420436C6173732033202D204D6963726F736F667420536F6674776172652056616C69646174696F6E20763231133011060355040B140A50726F64756374696F6E311630140603550403140D4175746F536F667420496E632E30820122300D06092A864886F70D01010105000382010F003082010A0282010100BFA0DF1341891317E15BD9F18686FF87F2C45E9509579D6D6E8B60A3838D86FD2AC1FF9B1864B8D89FCF09B6F52B4C45647559171B72013C558483FC2346B82CBACE37BB670CF6816AF7163B92F054542185BC45A1DCA81D896A8EA34582B8FA797D0DBF4D59E998550E348CC64959D00E9372893D41D720B8FA9287F7BC51118D8E0BA92F622D9AD151B8728ECD7B78C849290B50D0B50F9B3CF57657D624F09CCC09BAC80FD751A6A473A56A8B1E1451EE0A199C6978845BF27AF90C05198124584BBF6C079319252F47FD8326A602D3B69B8924192411FFD74B93AE1D63DC33A360932E9D03A6187ACBB593B4FE1DBDBD280FDCEFDC6F4BE8E20C8504E6030203010001A382017B3082017730090603551D1304023000300E0603551D0F0101FF04040302078030400603551D1F043930373035A033A031862F687474703A2F2F637363332D323031302D63726C2E766572697369676E2E636F6D2F435343332D323031302E63726C30440603551D20043D303B3039060B6086480186F84501071703302A302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F7270613013060355
     1D25040C300A06082B06010505070303307106082B0601050507010104653063302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D303B06082B06010505073002862F687474703A2F2F637363332D323031302D6169612E766572697369676E2E636F6D2F435343332D323031302E636572301F0603551D23041830168014CF99A9EA7B26F44BC98E8FD7F00526EFE3D2A79D301106096086480186F84201010404030204103016060A2B06010401823702011B040830060101000101FF300D06092A864886F70D010105050003820101000EBC07333F617EA801375ADCDF5CCEB14261DEFB2A5154F98DCD01850C184ED6925378B8B4595F445EB06ADDB4957F33D7FF61532BBE768D028699C65F94D4163A4AF396D076DB01FB42D5098C48EA5065A21CBDC1CF685CA59E0C8E6E0578B667D2FFD69EFCC8EF8D7382E1206BFB758CC6AAB9EFDF709B01FB278B0730FFA1BC16AB46F084434F2E271509569B94214B2B5F629C1A8C3910503100481BAB4F0B90027B5864D5EB05EC4D135F33A0A09324A197E2A584B2A74424A1A329B7A641BA2F7D790B3BFEC83C81871035E97C81C63AD07B426663BB778B5260713D27A6B3FAA12EEF484266D16EFB7FB1F1BA21C96A9398A228958B099EC6E181E08E"/>
     <IPermission class="System.Security.Permissions.StrongNameIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010049FD5883581EC02763ED621F6C8D368EB85206F9FC658855EF3EA8348A797F6C65429A27F1D8EA6DBB0CED43D2D5ED7D50B192FB912EAB687A0CA311E21B2BFB38EEFB71320D0899A29DE6171E224DD04017BE14E980D412BB3CA76FAD645464C895F5BC7C8C2F9203613AF1B1CCE000BA92BC38B994F22A79E941BF2CD5B3B5"
     Name="MyAssembly.Reports.AS0004"
     AssemblyVersion="1.0.0.0"/>
     <IPermission class="System.Security.Permissions.UrlIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     Url="file:///C:/MyFolder/ASCREPORT/ASCREPORTS/MyAssembly.Reports.AS0004.dll"/>
     <IPermission class="System.Security.Permissions.ZoneIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
     version="1"
     Zone="Trusted"/>
     <IPermission class="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
     version="1"
     Level="SafePrinting"/>
     </PermissionSet>
     
     The assembly or AppDomain that failed was:
     MyAssembly.Reports.AS0004, Version=1.0.0.0, Culture=neutral, PublicKeyToken=3b529ec037eb96fe
     The Zone of the assembly that failed was:
     Trusted
     The Url of the assembly that failed was:
     file:///C:/MyFolder/ASCREPORT/ASCREPORTS/MyAssembly.Reports.AS0004.dll
        --- End of inner exception stack trace ---
        at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
        at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
        at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
        at System.Activator.CreateInstance(Type type, Boolean nonPublic)
        at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
        at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
        at System.Activator.CreateInstanceFrom(String assemblyFile, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo)
        at System.Activator.CreateInstanceFrom(String assemblyFile, String typeName, Object[] activationAttributes)
        at System.Activator.CreateInstanceFrom(String assemblyFile, String typeName)
        at MyAssembly.Canada.Report.ReportUpdate.GetReportPrintDocument(String assembyPath, String typeName)
        at ASCREPORT.FormMain.PrintReport(Int32 rowIndex)


    • Edited by Korazy Monday, June 11, 2012 3:41 AM
    Monday, June 11, 2012 3:39 AM
  • Korazy,

    Based on your description, this application can work on your local machine, right?

    Just failed on a remote machine in RD.

    Right?


    Ghost,
    Call me ghost for short, Thanks
    To get the better answer, it should be a better question.

    Wednesday, June 13, 2012 8:22 AM
  • Yes, when run on a local machine everything works.  When put on a remote desktop server and run from a user's mapped drive, we get the error above.

    I need to figure out how to allow it access to unmanaged code.  It's being run from a trusted location, I just don't get why the security policy still fails.

    These are internal applications run on internal systems.  Ideally, how can I turn off the .net security policy checks.

    Wednesday, June 13, 2012 2:40 PM