none
Grant FullTrust to network share and the assemblies in the subdirectories RRS feed

  • Question

  • Hello dear community,

    we developed a Windows-Forms application (lets call it "winClient") in .net 3.5.

    The application and configuration

    The winClient.exe-file is located in a network share (y:/temp/winClient) for the distribution in the intranet.

    The winClient.exe.config-file also includes assemblies in the subdirectory bin:

      <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
          <probing privatePath="bin;"/>
        </assemblyBinding>
      </runtime>

    In the bin-directory there is a dll called "Utils.Webservice.DLL". It provides a little rest-ws-api. So the webservices will be called from the code in this dll.

    With caspol we grant FullTrust to the application:

    @%windir%\Microsoft.NET\Framework\v2.0.50727\caspol -m -ag LocalIntranet_Zone -url  %CD%\* FullTrust -n "WinClient" -d  "WinClient"


    The problem

    But this (using caspol like described) doesn't include the assemblies in the subdirectory. So we aren't allowed to create a webrequest in the Utils.Webservice.DLL

    WebRequest.Create(uri);

    This leads to a security-exception:

    System.Exception: Unerwarteter Fehler beim Verwenden der URL 'http://{server}:8080/'. WS-Typ: 'JbossConfigRestWs' ---> System.Security.SecurityException: Fehler bei der Anforderung des Berechtigungstyps "System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089".
       bei System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
       bei System.Security.CodeAccessPermission.Demand()
       bei System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
       bei System.Net.HttpRequestCreator.Create(Uri Uri)
       bei System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
       bei System.Net.WebRequest.Create(String requestUriString)
       bei Utils.Webservice.Rest.AbstractRestWsClient.CreateWebRequest(...
    Die Aktion, bei der ein Fehler aufgetreten ist:
    Demand
    Der Typ der ersten Berechtigung, bei der ein Fehler aufgetreten ist:
    System.Net.WebPermission
    Die erste Berechtigung, bei der ein Fehler aufgetreten ist:
    <IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1">
    <ConnectAccess>
    <URI uri="http://{server}:8080/portal-rest/config/jboss/"/>
    </ConnectAccess>
    </IPermission>
    
    Folgendes wurde angefordert:
    <IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1">
    <ConnectAccess>
    <URI uri="http://{server}:8080/portal-rest/config/jboss/"/>
    </ConnectAccess>
    </IPermission>
    
    Gewährter Berechtigungssatz der fehlgeschlagenen Assembly war:
    <PermissionSet class="System.Security.PermissionSet"
    version="1">
    <IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Read="USERNAME"/>
    <IPermission class="System.Security.Permissions.FileDialogPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Unrestricted="true"/>
    <IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Read="Y:\temp\winClient\bin\"
    PathDiscovery="Y:\temp\winClient\bin\"/>
    <IPermission class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Allowed="AssemblyIsolationByUser"
    UserQuota="9223372036854775807"
    Expiry="9223372036854775807"
    Permanent="True"/>
    <IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Flags="ReflectionEmit"/>
    <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Flags="Assertion, Execution, BindingRedirects"/>
    <IPermission class="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Unrestricted="true"/>
    <IPermission class="System.Security.Permissions.UrlIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Url="file:///Y:/temp/winClient/bin/Utils.Webservice.DLL"/>
    <IPermission class="System.Security.Permissions.ZoneIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Zone="Intranet"/>
    <IPermission class="System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Unrestricted="true"/>
    <IPermission class="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    version="1"
    Level="DefaultPrinting"/>
    </PermissionSet>
    

    This hole thing works for XP-clients but not with win8-clients.

    The current workaround

    When we move the Utils.Webservice.DLL from bin to the root-directory "y:\temp\winClient" next to the exe-file then no exception is thrown and all works fine. (https://msdn.microsoft.com/en-us/library/cc713717(v=vs.90).aspx)

    But this isn't a solution for us because we have dozen of assemblies in multiple subdirectories.

    The question

    Is there a way to grant FullTrust to all of this subdirectories? Maybe a configuration change or some other options in caspol?

    I didn't find anything useful that worked.

    So can you please help us?

    Thanks

     

    Wednesday, February 4, 2015 3:40 PM

Answers

All replies