RE: Trying to run in partial trust (getting a PolicyException)

---

• From: David Thielen <thielen@xxxxxxxxxxxxx>
• Date: Wed, 15 Nov 2006 08:43:02 -0800

---

Hi;

Ok, that makes sense. To keep this simple, can you help me figure out this
one and then I think I can take it from there. It says I need:
<IPermission version="1"
class="System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />

The library does have file calls - but no where do I say that it must be
able to read/write anywhere. And it is easy to use the library with no file
I/O. How do I set it so that it does not require this permission?

I thought by not setting any requirements all permissions were optional, not
demanded by my dll.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




"Steven Cheng[MSFT]" wrote:

Thanks for your reply Dave,

This policy file is very informative for analyzie the CAS permission issue
here.

From the policy file ,you can get that the main ASP.NET specific
permissions are defined in the following permissionSet:

==========================
<PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net">
<IPermission class="AspNetHostingPermission" version="1"
Level="Medium" />
<IPermission class="ConfigurationPermission" version="1"
Unrestricted="true" />
<IPermission class="DnsPermission" version="1" Unrestricted="true" />
<IPermission class="EnvironmentPermission" version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
<IPermission class="FileIOPermission" version="1" Read="$AppDir$"
Write="$AppDir$" Append="$AppDir$"
PathDiscovery="$AppDir$" />
<IPermission class="IsolatedStorageFilePermission" version="1"
Allowed="AssemblyIsolationByUser"
UserQuota="9223372036854775807" />
<IPermission class="OleDbPermission" version="1" Unrestricted="true"
/>
<IPermission class="PrintingPermission" version="1"
Level="DefaultPrinting" />
<IPermission class="ReflectionPermission" version="1"
Flags="ReflectionEmit, TypeInformation,
MemberAccess" />
<IPermission class="SecurityPermission" version="1"
Flags="Assertion, Execution,
ControlThread, ControlPrincipal, RemotingConfiguration" />
<IPermission class="SmtpPermission" version="1" Access="Connect" />
<IPermission class="SqlClientPermission" version="1"
Unrestricted="true" />
<IPermission class="WebPermission" version="1" Unrestricted="true" />
</PermissionSet>
==========================

you can find that there are serveral permission that is quite restricted,
e.g.

==============
<IPermission class="EnvironmentPermission" version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
<IPermission class="FileIOPermission" version="1" Read="$AppDir$"
Write="$AppDir$" Append="$AppDir$"
PathDiscovery="$AppDir$" />

<IPermission class="SecurityPermission" version="1" Flags="Assertion,
Execution,
ControlThread, ControlPrincipal, RemotingConfiguration" />
==================

However, from the minmal permission set you checked through the
PermCalc.exe in former reply(as below), there have some items violate the
policy's permission set:

=====================
<Sandbox>
<PermissionSet version="1" class="System.Security.PermissionSet">
<IPermission version="1"
class="System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.ReflectionPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="MemberAccess" />
<IPermission version="1"
class="System.Security.Permissions.RegistryPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.SecurityPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
<IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
version="1" class="System.Security.Permissions.UIPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<IPermission version="1"
class="System.Security.Permissions.KeyContainerPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1" class="System.Net.SocketPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1" class="System.Net.DnsPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
</PermissionSet>
</Sandbox>
=================================

I think this should be the problem here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

.

---

• Follow-Ups:
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: David Thielen

• References:
  • Trying to run in partial trust (getting a PolicyException)
    • From: David Thielen
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: Steven Cheng[MSFT]
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: David Thielen
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: Dominick Baier
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: David Thielen
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: Dominick Baier
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: David Thielen
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: Steven Cheng[MSFT]
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: David Thielen
  • RE: Trying to run in partial trust (getting a PolicyException)
    • From: Steven Cheng[MSFT]

• Prev by Date: Apply Recursive ACL Safely?
• Next by Date: WindowsPrincipal is incorrect after AD account rename
• Previous by thread: RE: Trying to run in partial trust (getting a PolicyException)
• Next by thread: RE: Trying to run in partial trust (getting a PolicyException)
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Trying to run in partial trust (getting a PolicyException) ... How do I set it so that it does not require this permission? ... class="System.Security.Permissions.EnvironmentPermission, mscorlib, ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ... (microsoft.public.dotnet.framework.aspnet.security) RE: Trying to run in partial trust (getting a PolicyException) ... RequestMinimum and the two items below were the only uses in all of my code. ... class="System.Security.Permissions.EnvironmentPermission, mscorlib, ... I think you can check the permission ... Microsoft MSDN Online Support Lead ... (microsoft.public.dotnet.framework.aspnet.security) RE: Trying to run in partial trust (getting a PolicyException) ... Dominick Baier, DevelopMentor ... class="System.Security.Permissions.EnvironmentPermission, mscorlib, ... I think you can check the permission ... Microsoft MSDN Online Support Lead ... (microsoft.public.dotnet.framework.aspnet.security) RE: WinXP -> W2K3 Share Access ... I can find "Change Access" permission at file share ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... (microsoft.public.platformsdk.security) RE: Trying to run in partial trust (getting a PolicyException) ... you have changed the trust level of your ASP.NET web ... I think you can check the permission through the following two ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-11