Re: Assigning a Permission Set to an Assembly
From: Lee Gillie (DESPAMlee@odp.comMAPSED)
Date: 01/22/03
- Next message: Arno Nass: "Client Certificates and ASP.NET"
- Previous message: Phil Wilson: "Re: Security exception"
- In reply to: Shawn Farkas [MS]: "Re: Assigning a Permission Set to an Assembly"
- Next in thread: Michel Gallant (MVP): "Re: Assigning a Permission Set to an Assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Lee Gillie" <DESPAMlee@odp.comMAPSED> Date: Tue, 21 Jan 2003 15:01:55 -0800
Thanks, Shawn, for your help. I am going to let my people here who setup and
administer our server systems know this.
The loading problem was found to stem from the fact, I think, that this
project was ported from VC6, and it needed 3 runtime support files. Once
those were in place, then I could get a number of things to work. Also, the
tools like the one library better, and also, the security settings I thought
I should be making began working as I felt they should.
Best regards - Lee Gillie
"Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in message
news:uF1lpeYwCHA.2288@TK2MSFTNGP09...
> Yes, fuslogvw.exe is the tool to see what is going on with fusion. So,
yes,
> to use it you'll need to install the SDK. Just as a tiny point of fact
> however, the compilers ship with the .Net runtime as well as the SDK, so
any
> server with any form of .Net on it will have the compilers.
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Please do not send email directly to this alias, this alias is for
newsgroup
> purposes only.
>
>
> "Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> wrote in message
> news:uOLas0XwCHA.2504@TK2MSFTNGP10...
> > It would seem fuslogvw would be the tool I should use at the server to
> > find out why the binding is not working as expected. All of the
> > assemblies are in the GAC, configured, and the first one with COM
> > interface is registered. But this is installed as a developer tool,
> > not an administrative tool along with the framework runtime. Also,
> > you can simply copy fuslogvw to the server and run it. There does not
> > seem to be any setup kit which provides fuslogvw except the
> > development environment. It would seem to do this kind of analysis you
> > have to put compilers on every server box? I hope there is a better
> > way.
> >
> > It would seem permview would also be needed at every server. I have
> > not yet checked to see if this was installed with the runtime.
> >
> > - Lee
> >
> > "Lee Gillie" <DESPAMlee@odp.comMAPSED> wrote in message
> > news:#jEnV7NwCHA.2904@TK2MSFTNGP09...
> > > Shawn -
> > >
> > > I appreciate your patience.
> > >
> > > Did all that and now the first level component (invoked via COM) can
> > not
> > > find the second level component (invoked via CLR), but at least the
> > security
> > > exceptions have stopped (that's a joke of course). I checked and
> > everything
> > > is in the GAC, so I am back to square one, and a few steps further
> > behind.
> > >
> > > Tomorrow I am going to unregister the COM interface, move ALL of the
> > pieces
> > > to the GAC. I opened my Intranet zone wide, just wanting to blow a
> > hole so
> > > wide, and then start closing it up. I'd like to see the code run
> > ONCE at
> > > least.
> > >
> > > This has to be the most frustrating experience with any security
> > related
> > > issue I have had for some time. Mostly because I can't see what is
> > going on.
> > > The thing that scares me most is that I won't feel terribly
> > comfortable with
> > > the new security, even if it is better, simply because I don't have
> > the
> > > visibility needed to give me feedback. Is it secure, or is it not?
> > Way too
> > > much time feeling around in the dark. If things behaved in a
> > predictable
> > > manner, that would help also, but so far, nothing seems to be
> > working quite
> > > like the documentation tells me it should.
> > >
> > > - Lee
> > >
> > > "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in message
> > > news:eAvFOuMwCHA.2532@TK2MSFTNGP10...
> > > > MMC.exe is not a managed application, so it is not affected by the
> > .Net
> > > > security policy. You need to make sure the snap-in is fully
> > trusted. If
> > > > you mean to be running with the default policy, the easiest way to
> > make
> > > sure
> > > > that you indeed have the default policy is to just run:
> > > >
> > > > caspol -all -reset
> > > >
> > > > Then try to add the custom code group again.
> > > >
> > > > --
> > > > This posting is provided "AS IS" with no warranties, and confers
> > no
> > > rights.
> > > > Please do not send email directly to this alias, this alias is for
> > > newsgroup
> > > > purposes only.
> > > >
> > > >
> > > > "Lee Gillie" <DESPAMlee@odp.comMAPSED> wrote in message
> > > > news:ONYFOEMwCHA.2288@TK2MSFTNGP09...
> > > > > I am running with installation defaults, what ever they are.
> > How can I
> > > > > tell?
> > > > >
> > > > > I see this is an MMC snap-in, so do I need to boost MMC.EXE or
> > the
> > > > SNAP-IN?
> > > > >
> > > > > Can I turn on some kind of auditing so I can see specifically
> > what is
> > > > > failing, or do we need to discover by trial and error?
> > > > >
> > > > > - Lee Gillie
> > > > >
> > > > > "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in
> > message
> > > > > news:OgHEhlLwCHA.1644@TK2MSFTNGP12...
> > > > > > Is it possible that the .Net Configuration tool is not running
> > with
> > > > > > FullTrust? This error might occur if the tool does not have
> > enough
> > > > > > permissions to load your assembly off the disk into an
> > AppDomain.
> > > > > >
> > > > > > -Shawn
> > > > > >
> > > > > > --
> > > > > > This posting is provided "AS IS" with no warranties, and
> > confers no
> > > > > rights.
> > > > > > Please do not send email directly to this alias, this alias is
> > for
> > > > > newsgroup
> > > > > > purposes only.
> > > > > >
> > > > > >
> > > > > > "Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> wrote in message
> > > > > > news:uBUiHoJwCHA.2292@TK2MSFTNGP10...
> > > > > > > Hi Shawn -
> > > > > > >
> > > > > > > "The Import Failed. The assembly does not appear to be
> > valid."
> > > > > > >
> > > > > > > It has a dependency of another library, which I was able to
> > > > > > > import on this computer, first.
> > > > > > >
> > > > > > >
> > > > > > > I did try this on my development machine, and it worked
> > there.
> > > > > > >
> > > > > > > Thanks for any light you can shed on what this means.
> > > > > > >
> > > > > > > Best regards - Lee Gillie
> > > > > > >
> > > > > > >
> > > > > > > "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in
> > message
> > > > > > > news:#jedEynvCHA.2492@TK2MSFTNGP10...
> > > > > > > > Hi Lee,
> > > > > > > >
> > > > > > > > The tool to generate the key pairs is sn.exe, you can
> > invoke
> > > > > > > "sn -k
> > > > > > > > mykey.snk" to create a keypair for your assembly. The
> > attribute
> > > you
> > > > > > > are
> > > > > > > > looking for is called AssemblyKeyFile. It is not required
> > that
> > > you
> > > > > > > place
> > > > > > > > your assemblies in the GAC in order for the strong name
> > membership
> > > > > > > condition
> > > > > > > > to work.
> > > > > > > > Can you provide more details on the error you are
> > > encountering?
> > > > > > > Thanks.
> > > > > > > >
> > > > > > > > -Shawn
> > > > > > > >
> > > > > > > > --
> > > > > > > > This posting is provided "AS IS" with no warranties, and
> > confers
> > > no
> > > > > > > rights.
> > > > > > > > Please do not send email directly to this alias, this
> > alias is for
> > > > > > > newsgroup
> > > > > > > > purposes only.
> > > > > > > >
> > > > > > > >
> > > > > > > > "Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> wrote in
> > message
> > > > > > > > news:#mcYQLmvCHA.2596@TK2MSFTNGP11...
> > > > > > > > > Peter -
> > > > > > > > >
> > > > > > > > > I still don't have it working myself, but I think I know
> > what is
> > > > > > > > > SUPPOSED to happen, so will share that much. If you use
> > > > > > > VSVARS32.BAT
> > > > > > > > > to assign your command line environment variables. Set
> > default
> > > > > > > folder
> > > > > > > > > to where your sources are. Then use the tool to generate
> > public
> > > > > > > and
> > > > > > > > > private keys (.key file as I recall). I beleive this is
> > a
> > > one-time
> > > > > > > > > thing, somewhat like making guids. Then there is an
> > ASSEMBLY
> > > > > > > attribute
> > > > > > > > > you can include in one of the sources for the assembly,
> > which
> > > > > > > > > references the key file. Once you do this, then you can
> > use the
> > > > > > > STRONG
> > > > > > > > > NAME as the EVIDENCE for your code, which is the
> > assembly. You
> > > > > > > browse
> > > > > > > > > the assembly. The .NET Framework Configuration tool
> > will then
> > > > > > > fill in
> > > > > > > > > the public part of the key for you, and offer to also
> > optionally
> > > > > > > > > (additionally) verify by the assembly name, and even the
> > version
> > > > > > > if
> > > > > > > > > you like. I have dependent assemblies, as well, and
> > these ALSO
> > > > > > > need
> > > > > > > > > the keys, before the calling assembly can be configured.
> > I moved
> > > > > > > them
> > > > > > > > > both to the GAC (before configuring), but I don't know
> > that is
> > > > > > > > > required. I'm not sure what happens after this, because
> > when I
> > > do
> > > > > > > this
> > > > > > > > > it will either NOT LOAD the assembly, or else it WILL
> > LOAD, but
> > > > > > > > > corrupt the configuration database. Sorry I can't help
> > you
> > > more.
> > > > > > > > > Maybe someone who has been successful can add or correct
> > > anything
> > > > > > > I
> > > > > > > > > have here.
> > > > > > > > >
> > > > > > > > > Best regards -
> > > > > > > > > Lee Gillie
> > > > > > > > > Spokane, WA
> > > > > > > > >
> > > > > > > > > "Peter Singer" <petes@knorrassociates.com> wrote in
> > message
> > > > > > > > > news:u27iH6jvCHA.1244@TK2MSFTNGP12...
> > > > > > > > > > Is there a way to assign a permission set to a
> > particular
> > > > > > > assembly?
> > > > > > > > > I know I
> > > > > > > > > > can configure an assembly via the Microsoft.NET
> > Framework
> > > > > > > > > Configuration. But
> > > > > > > > > > this lets me define the binding policy and a codebase,
> > not
> > > > > > > assign it
> > > > > > > > > a
> > > > > > > > > > permission set. There doesn't seem to be a Membership
> > > Condition
> > > > > > > for
> > > > > > > > > an
> > > > > > > > > > assembly. Can something be done with
> > > > > > > > > > the "Custom" condition type? I guess giving it a
> > Strong Name
> > > is
> > > > > > > > > another
> > > > > > > > > > option?
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Arno Nass: "Client Certificates and ASP.NET"
- Previous message: Phil Wilson: "Re: Security exception"
- In reply to: Shawn Farkas [MS]: "Re: Assigning a Permission Set to an Assembly"
- Next in thread: Michel Gallant (MVP): "Re: Assigning a Permission Set to an Assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
