Re: Assigning a Permission Set to an Assembly
From: Lee Gillie (ANTISPAMIFICATION_lee@odp.com)
Date: 01/21/03
- Next message: Shawn Farkas [MS]: "Re: Assigning a Permission Set to an Assembly"
- Previous message: Peter Heggie: "ASPNET userid can't use rsh.exe well"
- In reply to: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- Next in thread: Shawn Farkas [MS]: "Re: Assigning a Permission Set to an Assembly"
- Reply: Shawn Farkas [MS]: "Re: Assigning a Permission Set to an Assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> Date: Tue, 21 Jan 2003 10:45:05 -0800
It would seem fuslogvw would be the tool I should use at the server to
find out why the binding is not working as expected. All of the
assemblies are in the GAC, configured, and the first one with COM
interface is registered. But this is installed as a developer tool,
not an administrative tool along with the framework runtime. Also,
you can simply copy fuslogvw to the server and run it. There does not
seem to be any setup kit which provides fuslogvw except the
development environment. It would seem to do this kind of analysis you
have to put compilers on every server box? I hope there is a better
way.
It would seem permview would also be needed at every server. I have
not yet checked to see if this was installed with the runtime.
- Lee
"Lee Gillie" <DESPAMlee@odp.comMAPSED> wrote in message
news:#jEnV7NwCHA.2904@TK2MSFTNGP09...
> Shawn -
>
> I appreciate your patience.
>
> Did all that and now the first level component (invoked via COM) can
not
> find the second level component (invoked via CLR), but at least the
security
> exceptions have stopped (that's a joke of course). I checked and
everything
> is in the GAC, so I am back to square one, and a few steps further
behind.
>
> Tomorrow I am going to unregister the COM interface, move ALL of the
pieces
> to the GAC. I opened my Intranet zone wide, just wanting to blow a
hole so
> wide, and then start closing it up. I'd like to see the code run
ONCE at
> least.
>
> This has to be the most frustrating experience with any security
related
> issue I have had for some time. Mostly because I can't see what is
going on.
> The thing that scares me most is that I won't feel terribly
comfortable with
> the new security, even if it is better, simply because I don't have
the
> visibility needed to give me feedback. Is it secure, or is it not?
Way too
> much time feeling around in the dark. If things behaved in a
predictable
> manner, that would help also, but so far, nothing seems to be
working quite
> like the documentation tells me it should.
>
> - Lee
>
> "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in message
> news:eAvFOuMwCHA.2532@TK2MSFTNGP10...
> > MMC.exe is not a managed application, so it is not affected by the
.Net
> > security policy. You need to make sure the snap-in is fully
trusted. If
> > you mean to be running with the default policy, the easiest way to
make
> sure
> > that you indeed have the default policy is to just run:
> >
> > caspol -all -reset
> >
> > Then try to add the custom code group again.
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers
no
> rights.
> > Please do not send email directly to this alias, this alias is for
> newsgroup
> > purposes only.
> >
> >
> > "Lee Gillie" <DESPAMlee@odp.comMAPSED> wrote in message
> > news:ONYFOEMwCHA.2288@TK2MSFTNGP09...
> > > I am running with installation defaults, what ever they are.
How can I
> > > tell?
> > >
> > > I see this is an MMC snap-in, so do I need to boost MMC.EXE or
the
> > SNAP-IN?
> > >
> > > Can I turn on some kind of auditing so I can see specifically
what is
> > > failing, or do we need to discover by trial and error?
> > >
> > > - Lee Gillie
> > >
> > > "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in
message
> > > news:OgHEhlLwCHA.1644@TK2MSFTNGP12...
> > > > Is it possible that the .Net Configuration tool is not running
with
> > > > FullTrust? This error might occur if the tool does not have
enough
> > > > permissions to load your assembly off the disk into an
AppDomain.
> > > >
> > > > -Shawn
> > > >
> > > > --
> > > > This posting is provided "AS IS" with no warranties, and
confers no
> > > rights.
> > > > Please do not send email directly to this alias, this alias is
for
> > > newsgroup
> > > > purposes only.
> > > >
> > > >
> > > > "Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> wrote in message
> > > > news:uBUiHoJwCHA.2292@TK2MSFTNGP10...
> > > > > Hi Shawn -
> > > > >
> > > > > "The Import Failed. The assembly does not appear to be
valid."
> > > > >
> > > > > It has a dependency of another library, which I was able to
> > > > > import on this computer, first.
> > > > >
> > > > >
> > > > > I did try this on my development machine, and it worked
there.
> > > > >
> > > > > Thanks for any light you can shed on what this means.
> > > > >
> > > > > Best regards - Lee Gillie
> > > > >
> > > > >
> > > > > "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in
message
> > > > > news:#jedEynvCHA.2492@TK2MSFTNGP10...
> > > > > > Hi Lee,
> > > > > >
> > > > > > The tool to generate the key pairs is sn.exe, you can
invoke
> > > > > "sn -k
> > > > > > mykey.snk" to create a keypair for your assembly. The
attribute
> you
> > > > > are
> > > > > > looking for is called AssemblyKeyFile. It is not required
that
> you
> > > > > place
> > > > > > your assemblies in the GAC in order for the strong name
membership
> > > > > condition
> > > > > > to work.
> > > > > > Can you provide more details on the error you are
> encountering?
> > > > > Thanks.
> > > > > >
> > > > > > -Shawn
> > > > > >
> > > > > > --
> > > > > > This posting is provided "AS IS" with no warranties, and
confers
> no
> > > > > rights.
> > > > > > Please do not send email directly to this alias, this
alias is for
> > > > > newsgroup
> > > > > > purposes only.
> > > > > >
> > > > > >
> > > > > > "Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> wrote in
message
> > > > > > news:#mcYQLmvCHA.2596@TK2MSFTNGP11...
> > > > > > > Peter -
> > > > > > >
> > > > > > > I still don't have it working myself, but I think I know
what is
> > > > > > > SUPPOSED to happen, so will share that much. If you use
> > > > > VSVARS32.BAT
> > > > > > > to assign your command line environment variables. Set
default
> > > > > folder
> > > > > > > to where your sources are. Then use the tool to generate
public
> > > > > and
> > > > > > > private keys (.key file as I recall). I beleive this is
a
> one-time
> > > > > > > thing, somewhat like making guids. Then there is an
ASSEMBLY
> > > > > attribute
> > > > > > > you can include in one of the sources for the assembly,
which
> > > > > > > references the key file. Once you do this, then you can
use the
> > > > > STRONG
> > > > > > > NAME as the EVIDENCE for your code, which is the
assembly. You
> > > > > browse
> > > > > > > the assembly. The .NET Framework Configuration tool
will then
> > > > > fill in
> > > > > > > the public part of the key for you, and offer to also
optionally
> > > > > > > (additionally) verify by the assembly name, and even the
version
> > > > > if
> > > > > > > you like. I have dependent assemblies, as well, and
these ALSO
> > > > > need
> > > > > > > the keys, before the calling assembly can be configured.
I moved
> > > > > them
> > > > > > > both to the GAC (before configuring), but I don't know
that is
> > > > > > > required. I'm not sure what happens after this, because
when I
> do
> > > > > this
> > > > > > > it will either NOT LOAD the assembly, or else it WILL
LOAD, but
> > > > > > > corrupt the configuration database. Sorry I can't help
you
> more.
> > > > > > > Maybe someone who has been successful can add or correct
> anything
> > > > > I
> > > > > > > have here.
> > > > > > >
> > > > > > > Best regards -
> > > > > > > Lee Gillie
> > > > > > > Spokane, WA
> > > > > > >
> > > > > > > "Peter Singer" <petes@knorrassociates.com> wrote in
message
> > > > > > > news:u27iH6jvCHA.1244@TK2MSFTNGP12...
> > > > > > > > Is there a way to assign a permission set to a
particular
> > > > > assembly?
> > > > > > > I know I
> > > > > > > > can configure an assembly via the Microsoft.NET
Framework
> > > > > > > Configuration. But
> > > > > > > > this lets me define the binding policy and a codebase,
not
> > > > > assign it
> > > > > > > a
> > > > > > > > permission set. There doesn't seem to be a Membership
> Condition
> > > > > for
> > > > > > > an
> > > > > > > > assembly. Can something be done with
> > > > > > > > the "Custom" condition type? I guess giving it a
Strong Name
> is
> > > > > > > another
> > > > > > > > option?
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Shawn Farkas [MS]: "Re: Assigning a Permission Set to an Assembly"
- Previous message: Peter Heggie: "ASPNET userid can't use rsh.exe well"
- In reply to: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- Next in thread: Shawn Farkas [MS]: "Re: Assigning a Permission Set to an Assembly"
- Reply: Shawn Farkas [MS]: "Re: Assigning a Permission Set to an Assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
