Re: Assigning a Permission Set to an Assembly
From: Shawn Farkas [MS] (shawnfa@online.microsoft.com)
Date: 01/21/03
- Next message: Andy Babiec: ".net security vs. windows security"
- Previous message: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- In reply to: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- Next in thread: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- Reply: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> Date: Tue, 21 Jan 2003 12:00:10 -0800
Yes, fuslogvw.exe is the tool to see what is going on with fusion. So, yes,
to use it you'll need to install the SDK. Just as a tiny point of fact
however, the compilers ship with the .Net runtime as well as the SDK, so any
server with any form of .Net on it will have the compilers.
-- This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send email directly to this alias, this alias is for newsgroup purposes only. "Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> wrote in message news:uOLas0XwCHA.2504@TK2MSFTNGP10... > It would seem fuslogvw would be the tool I should use at the server to > find out why the binding is not working as expected. All of the > assemblies are in the GAC, configured, and the first one with COM > interface is registered. But this is installed as a developer tool, > not an administrative tool along with the framework runtime. Also, > you can simply copy fuslogvw to the server and run it. There does not > seem to be any setup kit which provides fuslogvw except the > development environment. It would seem to do this kind of analysis you > have to put compilers on every server box? I hope there is a better > way. > > It would seem permview would also be needed at every server. I have > not yet checked to see if this was installed with the runtime. > > - Lee > > "Lee Gillie" <DESPAMlee@odp.comMAPSED> wrote in message > news:#jEnV7NwCHA.2904@TK2MSFTNGP09... > > Shawn - > > > > I appreciate your patience. > > > > Did all that and now the first level component (invoked via COM) can > not > > find the second level component (invoked via CLR), but at least the > security > > exceptions have stopped (that's a joke of course). I checked and > everything > > is in the GAC, so I am back to square one, and a few steps further > behind. > > > > Tomorrow I am going to unregister the COM interface, move ALL of the > pieces > > to the GAC. I opened my Intranet zone wide, just wanting to blow a > hole so > > wide, and then start closing it up. I'd like to see the code run > ONCE at > > least. > > > > This has to be the most frustrating experience with any security > related > > issue I have had for some time. Mostly because I can't see what is > going on. > > The thing that scares me most is that I won't feel terribly > comfortable with > > the new security, even if it is better, simply because I don't have > the > > visibility needed to give me feedback. Is it secure, or is it not? > Way too > > much time feeling around in the dark. If things behaved in a > predictable > > manner, that would help also, but so far, nothing seems to be > working quite > > like the documentation tells me it should. > > > > - Lee > > > > "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in message > > news:eAvFOuMwCHA.2532@TK2MSFTNGP10... > > > MMC.exe is not a managed application, so it is not affected by the > .Net > > > security policy. You need to make sure the snap-in is fully > trusted. If > > > you mean to be running with the default policy, the easiest way to > make > > sure > > > that you indeed have the default policy is to just run: > > > > > > caspol -all -reset > > > > > > Then try to add the custom code group again. > > > > > > -- > > > This posting is provided "AS IS" with no warranties, and confers > no > > rights. > > > Please do not send email directly to this alias, this alias is for > > newsgroup > > > purposes only. > > > > > > > > > "Lee Gillie" <DESPAMlee@odp.comMAPSED> wrote in message > > > news:ONYFOEMwCHA.2288@TK2MSFTNGP09... > > > > I am running with installation defaults, what ever they are. > How can I > > > > tell? > > > > > > > > I see this is an MMC snap-in, so do I need to boost MMC.EXE or > the > > > SNAP-IN? > > > > > > > > Can I turn on some kind of auditing so I can see specifically > what is > > > > failing, or do we need to discover by trial and error? > > > > > > > > - Lee Gillie > > > > > > > > "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in > message > > > > news:OgHEhlLwCHA.1644@TK2MSFTNGP12... > > > > > Is it possible that the .Net Configuration tool is not running > with > > > > > FullTrust? This error might occur if the tool does not have > enough > > > > > permissions to load your assembly off the disk into an > AppDomain. > > > > > > > > > > -Shawn > > > > > > > > > > -- > > > > > This posting is provided "AS IS" with no warranties, and > confers no > > > > rights. > > > > > Please do not send email directly to this alias, this alias is > for > > > > newsgroup > > > > > purposes only. > > > > > > > > > > > > > > > "Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> wrote in message > > > > > news:uBUiHoJwCHA.2292@TK2MSFTNGP10... > > > > > > Hi Shawn - > > > > > > > > > > > > "The Import Failed. The assembly does not appear to be > valid." > > > > > > > > > > > > It has a dependency of another library, which I was able to > > > > > > import on this computer, first. > > > > > > > > > > > > > > > > > > I did try this on my development machine, and it worked > there. > > > > > > > > > > > > Thanks for any light you can shed on what this means. > > > > > > > > > > > > Best regards - Lee Gillie > > > > > > > > > > > > > > > > > > "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in > message > > > > > > news:#jedEynvCHA.2492@TK2MSFTNGP10... > > > > > > > Hi Lee, > > > > > > > > > > > > > > The tool to generate the key pairs is sn.exe, you can > invoke > > > > > > "sn -k > > > > > > > mykey.snk" to create a keypair for your assembly. The > attribute > > you > > > > > > are > > > > > > > looking for is called AssemblyKeyFile. It is not required > that > > you > > > > > > place > > > > > > > your assemblies in the GAC in order for the strong name > membership > > > > > > condition > > > > > > > to work. > > > > > > > Can you provide more details on the error you are > > encountering? > > > > > > Thanks. > > > > > > > > > > > > > > -Shawn > > > > > > > > > > > > > > -- > > > > > > > This posting is provided "AS IS" with no warranties, and > confers > > no > > > > > > rights. > > > > > > > Please do not send email directly to this alias, this > alias is for > > > > > > newsgroup > > > > > > > purposes only. > > > > > > > > > > > > > > > > > > > > > "Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> wrote in > message > > > > > > > news:#mcYQLmvCHA.2596@TK2MSFTNGP11... > > > > > > > > Peter - > > > > > > > > > > > > > > > > I still don't have it working myself, but I think I know > what is > > > > > > > > SUPPOSED to happen, so will share that much. If you use > > > > > > VSVARS32.BAT > > > > > > > > to assign your command line environment variables. Set > default > > > > > > folder > > > > > > > > to where your sources are. Then use the tool to generate > public > > > > > > and > > > > > > > > private keys (.key file as I recall). I beleive this is > a > > one-time > > > > > > > > thing, somewhat like making guids. Then there is an > ASSEMBLY > > > > > > attribute > > > > > > > > you can include in one of the sources for the assembly, > which > > > > > > > > references the key file. Once you do this, then you can > use the > > > > > > STRONG > > > > > > > > NAME as the EVIDENCE for your code, which is the > assembly. You > > > > > > browse > > > > > > > > the assembly. The .NET Framework Configuration tool > will then > > > > > > fill in > > > > > > > > the public part of the key for you, and offer to also > optionally > > > > > > > > (additionally) verify by the assembly name, and even the > version > > > > > > if > > > > > > > > you like. I have dependent assemblies, as well, and > these ALSO > > > > > > need > > > > > > > > the keys, before the calling assembly can be configured. > I moved > > > > > > them > > > > > > > > both to the GAC (before configuring), but I don't know > that is > > > > > > > > required. I'm not sure what happens after this, because > when I > > do > > > > > > this > > > > > > > > it will either NOT LOAD the assembly, or else it WILL > LOAD, but > > > > > > > > corrupt the configuration database. Sorry I can't help > you > > more. > > > > > > > > Maybe someone who has been successful can add or correct > > anything > > > > > > I > > > > > > > > have here. > > > > > > > > > > > > > > > > Best regards - > > > > > > > > Lee Gillie > > > > > > > > Spokane, WA > > > > > > > > > > > > > > > > "Peter Singer" <petes@knorrassociates.com> wrote in > message > > > > > > > > news:u27iH6jvCHA.1244@TK2MSFTNGP12... > > > > > > > > > Is there a way to assign a permission set to a > particular > > > > > > assembly? > > > > > > > > I know I > > > > > > > > > can configure an assembly via the Microsoft.NET > Framework > > > > > > > > Configuration. But > > > > > > > > > this lets me define the binding policy and a codebase, > not > > > > > > assign it > > > > > > > > a > > > > > > > > > permission set. There doesn't seem to be a Membership > > Condition > > > > > > for > > > > > > > > an > > > > > > > > > assembly. Can something be done with > > > > > > > > > the "Custom" condition type? I guess giving it a > Strong Name > > is > > > > > > > > another > > > > > > > > > option? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Andy Babiec: ".net security vs. windows security"
- Previous message: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- In reply to: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- Next in thread: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- Reply: Lee Gillie: "Re: Assigning a Permission Set to an Assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
