none
Grant FullTrust to network share and the assemblies in the subdirectories RRS feed

  • Question

  • Hello dear community,

    we developed a Windows-Forms application (lets call it "winClient") in .net 3.5.

    The application and configuration

    The winClient.exe-file is located in a network share (y:/temp/winClient) for the distribution in the intranet.

    The winClient.exe.config-file also includes assemblies in the subdirectory bin:

      <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
          <probing privatePath="bin;"/>
        </assemblyBinding>
      </runtime>

    In the bin-directory there is a dll called "Utils.Webservice.DLL". It provides a little rest-ws-api. So the webservices will be called from the code in this dll.

    With caspol we grant FullTrust to the application:

    @%windir%\Microsoft.NET\Framework\v2.0.50727\caspol -m -ag LocalIntranet_Zone -url  %CD%\* FullTrust -n "WinClient" -d  "WinClient"

    The problem

    But this (using caspol like described) doesn't include the assemblies in the subdirectory. So we aren't allowed to create a webrequest in the Utils.Webservice.DLL

    WebRequest.Create(uri);

    This leads to a security-exception:

    System.Exception: Unerwarteter Fehler beim Verwenden der URL 'http://{server}:8080/'. WS-Typ: 'JbossConfigRestWs' ---> System.Security.SecurityException: Fehler bei der Anforderung des Berechtigungstyps "System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089". bei System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) bei System.Security.CodeAccessPermission.Demand() bei System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint) bei System.Net.HttpRequestCreator.Create(Uri Uri) bei System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase) bei System.Net.WebRequest.Create(String requestUriString) bei Utils.Webservice.Rest.AbstractRestWsClient.CreateWebRequest(... Die Aktion, bei der ein Fehler aufgetreten ist: Demand Der Typ der ersten Berechtigung, bei der ein Fehler aufgetreten ist: System.Net.WebPermission Die erste Berechtigung, bei der ein Fehler aufgetreten ist: <IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"> <ConnectAccess> <URI uri="http://{server}:8080/portal-rest/config/jboss/"/> </ConnectAccess> </IPermission> Folgendes wurde angefordert: <IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"> <ConnectAccess> <URI uri="http://{server}:8080/portal-rest/config/jboss/"/> </ConnectAccess> </IPermission> Gewährter Berechtigungssatz der fehlgeschlagenen Assembly war: <PermissionSet class="System.Security.PermissionSet" version="1"> <IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="USERNAME"/> <IPermission class="System....

    ...

    ... <IPermission class="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Level="DefaultPrinting"/> </PermissionSet>

    This hole thing works for XP-clients but not with win8-clients.

    The current workaround

    When we move the Utils.Webservice.DLL from bin to the root-directory "y:\temp\winClient" next to the exe-file then no exception is thrown and all works fine. (https://msdn.microsoft.com/en-us/library/cc713717(v=vs.90).aspx)

    But this isn't a solution for us because we have dozen of assemblies in multiple subdirectories.

    The question

    Is there a way to grant FullTrust to all of this subdirectories? Maybe a configuration change or some other options in caspol?

    I didn't find anything useful that worked.

    So can you please help us?

    Thanks

    Thursday, February 19, 2015 3:56 PM

Answers

All replies