Re: FileIOPermission
From: Ivan Medvedev [MS] (ivanmed@online.microsoft.com)
Date: 01/24/03
- Next message: Ivan Medvedev [MS]: "Re: Rijndael class, Padding bug?, Ivan Medvedev"
- Previous message: Ivan Medvedev [MS]: "Re: Stong named Managed C++ Assembly still needs Full trust?"
- In reply to: Lee Gillie: "FileIOPermission"
- Next in thread: Lee Gillie: "Re: FileIOPermission"
- Reply: Lee Gillie: "Re: FileIOPermission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ivan Medvedev [MS]" <ivanmed@online.microsoft.com> Date: Thu, 23 Jan 2003 15:00:24 -0800
Lee -
CLR security model is called "Code Acess Security", which means the
permissions are granted to code based on the properties of the code, so
basically you can not grant a specific permission to a user, rather, you can
grant a permission to a piece of code. You are probably getting the security
exception because somewhere on the call stack there is a piece of managed
code that does not have a FileIOPermission granted to it. You have two ways
to deal wit this. First, if you can identify that lower-trusted code, you
can change the security policy to grant the necessary permissions to it.
Alternatively, if you know that the code that calls directly into file i/o
functionality does have the permission, you can use something called "stack
walk modifier Assert()" to stop the security stack walk and make sure the
file i/o operation works. The code that you will need to insert in the
method that calls file i/o just before the call is going to look somewhat
like this:
(new FileIOPermission(<describe the access you need>)).Assert();
and then after the call into the i/o operation, unless your method
immedeately returns, insert this:
FileIOPermission.ReverAssert();
Let's see if it fixes your problem.
You can find a lot of useful resources on .net security at
http://msdn.microsoft.com/net/security
--Ivan
This posting is provided "AS IS" with no warranties, and confers no rights
"Lee Gillie" <ANTISPAMIFICATION_lee@odp.com> wrote in message
news:OwQhdvjvCHA.2492@TK2MSFTNGP10...
> An unmanaged EXE runs as an NT Service, fires up WSH scripts which
> utilize a COM component written in .NET. This component, in turn,
> utilizes other .NET components via CLR. Those other components fail
> when attempting to open a log file on a share, and we see: "Can't open
> log file \\SomeNode\sharename\folder\BANF01_2485_LOG.txt, Request for
> the permission of type System.Security.Permissions.FileIOPermission,
> mscorlib, Version=1.0.3300.0, Culture=neutral,
> PublicKeyToken=b77a5c561934xxx". The domain username under which the
> service runs has access to network, and can do everything an
> administrator can.
>
> Can I use some utility to grant the special domain username for this
> service this File I/O Permission?
>
> If not, and I need to grant permission to some software, then:
> 1) What tool do I use
> 2) Which of the software needs the permission
> 3) Do I have to repeat this for each new build
>
> The software is all tested, and runs great interactively, but chokes
> when run as a service. I am reading as much as I can, as quickly as I
> can. But there seem to be a tremendous amount of new knowledge
> required to deal with security in .NET. It is very different. It is
> like thinking you are out the door, and then having suddenly, and
> unexpectedly stepped in an EXTREMELY deep pile of doo-doo.
>
> Thanks for ANY help.
> Best regards - Lee Gillie
> Spokane, WA
>
>
- Next message: Ivan Medvedev [MS]: "Re: Rijndael class, Padding bug?, Ivan Medvedev"
- Previous message: Ivan Medvedev [MS]: "Re: Stong named Managed C++ Assembly still needs Full trust?"
- In reply to: Lee Gillie: "FileIOPermission"
- Next in thread: Lee Gillie: "Re: FileIOPermission"
- Reply: Lee Gillie: "Re: FileIOPermission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
