Re: Locking down CAS policy
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 17 Nov 2006 08:44:32 +0000 (UTC)
Hi,
you shouldn't mock with the existing code groups - they grant the "ASP.Net" permission set to code running in you app dir and the temp assembly directory.
Without them your app won't be able to run...
thats the error you are seeing.
---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com
I'm trying to lock down our company's CAS policy by using only Strong
Name membership conditions.
I've copied over our intranet to a development server and removed all
code groups except for one. It is all code using the nothing
permission set. I have three child code groups, the two default
(ECMA_Strong_Name and Microsoft_Strong_Name) and a group for our
strong name key. All of the child groups are set for FullTrust.
I've used the Evaluate Assembly utility to check the assemblies in the
application's bin directory and all report "unrestricted". However,
when i try to run the application i get "Server Application
Unavailable". I check the application event logs on the server and it
reports "Request for the permission of type
'System.Web.AspNetHostingPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089' failed." suggesting
that there is still an assembly that hasn't been granted FullTrust.
Is there maybe another assembly that is getting generated at runtime
that doesn't fit into one of the three code groups i have set up? Is
there a way to find out which assembly is failing?
.
- Prev by Date: RE: WindowsIdentity, Memebrship/Role, or ???
- Next by Date: Re: WindowsIdentity, Memebrship/Role, or ???
- Previous by thread: RE: Locking down CAS policy
- Next by thread: Re: Locking down CAS policy
- Index(es):
Relevant Pages
|
|
