RE: Asp.Net 1.1 and High trust error....
From: Kevin (Kevin_at_discussions.microsoft.com)
Date: 02/04/05
- Next message: WJ: "Re: AD and Asp.Net ?"
- Previous message: Daniel Fisher\(lennybacon\): "Re: Problem with asp.net application on Domain controller"
- In reply to: Kevin: "Asp.Net 1.1 and High trust error...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Feb 2005 11:09:05 -0800
Well.... upon further study I have learned a bit more but I am still not 100%
sure why this is an issue....
I commented out all of my assemblyinfo security statements and left the
trust tag in the web.config and everything loaded up and acted as expected.
So if I comment out the trust tag in the web.config and use my statements in
the assemblyinfo file it works also.
I can only assume then that
The Assemblyinfo file is first in line for security (makes sense to be
first) and that it was more restrictive than the trust = High or Medium in
the web.config and thus somehow clobering the load????
I have for the moment ditched the idea of setting trust in the web.config
because my assemblyinfo statements are as secure if not more secure the
High/Medium trust and have exactly the permissions I need.
I wish I could explain with 100% understanding why my first post occurs...
Kevin
"Kevin" wrote:
> have been scouring the internet and reading several .Net security books
> trying to get a handle on CAS and how we could easily implement it. Our shop
> is small (7 programmers) and we are mainly writing ASP.Net apps. We are in
> control of our own intranet and internet servers. Since, we control our own
> servers I felt we could create some "templated" assemblyinfo files with only
> the permissions we need (declaritive CAS). I believe this is easier than
> creating our own permission sets in the .net security configurator because
> each app may have a small variation to the template. All a programmer would
> have to do is uncomment/add/remove the specific rights they need for that
> app. I started by modifying the assemblyinfo.vb file to remove all default
> CAS rights and then only adding back what I needed. This seems to be easy,
> straight forward and it works in all my tests.
>
> I then wanted to set the trust level to high or medium in the web.config
> even if this is a little redundant since I am explicity telling what rights I
> want in the assemblyinfo file. However, I am running into a problem that I
> don't truly understand how to correct.
>
> If I set the trust to high in the web.config I get an error about
> permissions ( of course) but on the machine.config line 198 which is <add
> assembly="*"/>. Now I know this section of the machine.config is for
> compiling dynamic content and it tells what assemblies to use. I also
> realize that "*" in High/medium trust wouldn't be allowed. However, I am not
> sure how to correct this? I removed the line and the web app's won't run
> even if fully trusted so I know that there are some assemblies I need but I
> don't know which ones and if adding them explicity to the machine.config is
> good. My thought is no, but I do not know how to fix it?
>
> Have you ran into this? Is setting the trust level any safer since I
> explicity tell in the assemblyinfo file what permissions I need/want?
>
> I have been learning the .Net Security model for the past several weeks. I
> admit I am probably missing something. Any help would be appreciated.
>
> Thanks!
>
> Kevin
>
>
- Next message: WJ: "Re: AD and Asp.Net ?"
- Previous message: Daniel Fisher\(lennybacon\): "Re: Problem with asp.net application on Domain controller"
- In reply to: Kevin: "Asp.Net 1.1 and High trust error...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
