Thankyou - Re: Permissions needed for a Windows Forms Control to call a WebService
From: Danny Shisler (danny@NOSPAMshisler.com)
Date: 11/29/02
- Next message: Cenon Del Rosario: "Re: Design for ASP.Net w/ ComponentServices"
- Previous message: Michael van bonn: "Enveloped Signature with X509 Certificate"
- In reply to: Heath Stewart: "Re: Permissions needed for a Windows Forms Control to call a WebService"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Danny Shisler" <danny@NOSPAMshisler.com> Date: Fri, 29 Nov 2002 19:12:10 -0000
Thanks everyone for all your help.
I have things working now.
Danny
"Heath Stewart" <nospam.clubstew@hotmail.com> wrote in message
news:uVs0y3ElCHA.3752@tkmsftngp08...
> You're right, Dan, and it's not a difficult problem to solve. I spent a
lot
> of time on the phone and email with MSDN about the problem and it's being
> fixed in .NET 1.1. Currently, embedded controls have absolutely no
> permissions so your control will not run while embedded in Internet
Explorer
> without modification to your code groups. You also must not use any
> SystemColor enumeration members in your main control otherwise Internet
> Explorer won't display it either.
>
> You should read more about .NET security so that you can better customize
> your code group, but here are some tips:
>
> 1. Internet Explorer (or IEExec.exe, rather) only passes Host evidence, so
> things like X.509 certificates and StrongNames are not presented to the
> AppDomain that IEExec creates. Only Host, Url, and Zone are passed as
> evidence.
>
> 2. Caspol.exe and the "Microsoft .NET Framework Configuration" tool in the
> "Administrative Tools" folder are helpful. For information about
Caspol.exe,
> make sure the .NET framework SDK and runtime directories are in your path
> (something I hope they fix for .NET 1.1, too) and type caspol.exe -h at
the
> command line. For instance, to change the Intranet_Zone to full trust (not
> recommended, especially in larger companies), you would type:
>
> caspol.exe -m -cg "LocalIntranet_Zone" FullTrust
>
> To reset the Machine policy level (dictated by the -m above), you would
> type;
>
> caspol.exe -m -rs
>
> 3. Rather than opening your computer to attacks because the .NET security
> model is somewhat different from previous models (similar to Java, but
more
> advanced), granualize your permission sets and security zones and don't
> needlessly open things such as setting the Internet zone to FullTrust.
This
> is a common mistake among new .NET developers (heck, even more experienced
> ones).
>
> 4. Check out the entire System.Security namespaces if you'd like to look
at
> it from a developer perspective. That'll cover code groups, policy levels,
> permission sets, evidence, etc.
>
> --
> Heath Stewart
> Senior Software Architect
> Proplanner.NET: Web-based Production Planning Solutions
> http://www.proplanner.net
>
>
- Next message: Cenon Del Rosario: "Re: Design for ASP.Net w/ ComponentServices"
- Previous message: Michael van bonn: "Enveloped Signature with X509 Certificate"
- In reply to: Heath Stewart: "Re: Permissions needed for a Windows Forms Control to call a WebService"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
