Re: Issue with SecurityPermission
From: Shel Blauman [MSFT] (sheldonb@online.microsoft.com)
Date: 02/06/03
- Next message: Guogang Hu: "Client Certificate for .Net Remoting"
- Previous message: Trevor Lawrence: "Re: Altering .NET Security policy across domain"
- In reply to: John Bristowe: "Re: Issue with SecurityPermission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Shel Blauman [MSFT]" <sheldonb@online.microsoft.com> Date: Wed, 5 Feb 2003 16:44:07 -0800
The following sample shows how to create a user control which can be
downloaded and executed with specific permissions.
// The following HTML code can be used to call the user control in this
sample.
//
//<HTML>
// <BODY>
// <OBJECT id="usercontrol"
classid="usercontrol.dll#UserControl.UserControl1" width="800"
// height="300" style="font-size:12;">
// </OBJECT>
// <p>
// </BODY>
//</HTML>
// To run this test control you must create a strong name key, snkey.snk,
and
// a code group that gives full trust to assemblies signed with snkey.snk.
// The user control displays an OpenFileDialog box, then displays a text box
containing the name of
// the file selected and a list box that displays the contents of the file.
The selected file must
// contain text in order for the control to display the data properly.
// Caution This sample demonstrates the use of the Assert method. Calling
Assert removes the
// requirement that all code in the call chain must be granted permission to
access the specified
// resource, it can open up security vulnerabilities if used incorrectly or
inappropriately. Therefore,
// it should be used with great caution. Assert should always be followed
with a RevertAssert
// command to restore the security settings.
using System;
using System.Collections;
using System.ComponentModel;
using System.Drawing;
using System.Data;
using System.Windows.Forms;
using System.IO;
using System.Security;
using System.Security.Permissions;
using System.Reflection;
using System.Runtime.CompilerServices;
// This strong name key is used to create a code group that gives
permissions to this assembly.
[assembly: AssemblyKeyFile("snKey.snk")]
[assembly: AssemblyVersion("1.0.0.0")]
// The AllowPartiallyTrustedCallersAttribute requires the assembly to be
signed with a strong name key.
// This attribute is necessary since the control is called by either an
intranet or Internet
// Web page that should be running under restricted permissions.
[assembly:AllowPartiallyTrustedCallers]
namespace UserControl
{
// The userControl1 displays an OpenFileDialog box, then displays a text
box containing the name of
// the file selected and a list box that displays the contents of the file.
The selected file must
// contain text in order for the control to display the data properly.
public class UserControl1 : System.Windows.Forms.UserControl
{
private System.Windows.Forms.TextBox textBox1;
private System.Windows.Forms.ListBox listBox1;
// Required designer variable.
private System.ComponentModel.Container components = null;
public UserControl1()
{
// This call is required by the Windows.Forms Form Designer.
InitializeComponent();
// The OpenFileDialog box should not require any special permissions.
OpenFileDialog fileDialog = new OpenFileDialog();
if(fileDialog.ShowDialog() == DialogResult.OK)
{
// Reading the name of the selected file from the OpenFileDialog box
// and reading the file requires FileIOPermission. The user control
should
// have this permission granted through its code group; the Web page
that calls the
// control should not have this permission. The Assert command prevents
a stack walk
// that would fail because the caller does not have the required
FileIOPermission.
// The use of Assert can open up security vulnerabilities if used
incorrectly or
// inappropriately. Therefore, it should be used with great caution.
// The Assert command should be followed by a RevertAssert as soon as
the file operation
// is completed.
new FileIOPermission(PermissionState.Unrestricted).Assert();
textBox1.Text = fileDialog.FileName;
// Display the contents of the file in the text box.
FileStream fsIn = new FileStream(textBox1.Text, FileMode.Open,
FileAccess.Read,
FileShare.Read);
StreamReader sr = new StreamReader(fsIn);
// Process every line in the file
for (String Line = sr.ReadLine(); Line != null; Line = sr.ReadLine())
{
listBox1.Items.Add(Line);
}
// It is very important to call RevertAssert to restore the stack walk
for
// file operations.
FileIOPermission.RevertAssert();
}
}
// Clean up any resources being used.
protected override void Dispose( bool disposing )
{
if( disposing )
{
if( components != null )
components.Dispose();
}
base.Dispose( disposing );
}
#region Component Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.textBox1 = new System.Windows.Forms.TextBox();
this.listBox1 = new System.Windows.Forms.ListBox();
this.SuspendLayout();
//
// textBox1
//
this.textBox1.Location = new System.Drawing.Point(208, 112);
this.textBox1.Name = "textBox1";
this.textBox1.Size = new System.Drawing.Size(320, 20);
this.textBox1.TabIndex = 0;
this.textBox1.Text = "textBox1";
this.textBox1.TextChanged += new
System.EventHandler(this.textBox1_TextChanged);
//
// listBox1
//
this.listBox1.Location = new System.Drawing.Point(200, 184);
this.listBox1.Name = "listBox1";
this.listBox1.Size = new System.Drawing.Size(336, 108);
this.listBox1.TabIndex = 1;
//
// UserControl1
//
this.Controls.Add(this.listBox1);
this.Controls.Add(this.textBox1);
this.Name = "UserControl1";
this.Size = new System.Drawing.Size(592, 400);
this.Load += new System.EventHandler(this.UserControl1_Load);
this.ResumeLayout(false);
}
#endregion
private void UserControl1_Load(object sender, System.EventArgs e)
{
}
private void textBox1_TextChanged(object sender, System.EventArgs e)
{
}
}
}
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "John Bristowe" <john.bristowe@empowered.com> wrote in message news:#qrZEJCuCHA.2496@TK2MSFTNGP10... > Francisco, > > The default security policy for assemblies downloaded from an intranet-based > URI (AKA, a share) is different than that of the local system. In > particular, the policy restricts running unmanaged code. > > You may alter the security policy for intranet-based applications but I > would not recommend doing so; rather, I would sign the assembly with a > strong name and create policy around its signature. > > Cheers, > > John > http://radio.weblogs.com/0112381/ > > > "Francisco C" <franciscojanes@hotmail.com> wrote in > > message news:OtOglZ9tCHA.2352@TK2MSFTNGP09... > > Hi, > > > > I am trying to run a VB App. that processes Excel files. > > > > When I run the Executable from the \bin directory using the command line, > it > > will tell me that the file \\share\file.xls cannot be found (which is ok, > > since I donīt want it to access the files yet) > > > > However, if I share the Executable and then run it from the shared > location > > (again using the command line) I get a completely new Exception: > > > > -------------------------------------------------------------------------- > -- > > ------------------------------- > > Unhandled Exception: System.Security.SecurityException: > > System.Security.Permissions.SecurityPermission > > at VBXL.module1.Main() in D:\Visual Studio .NET\VBXL\Module1.vb:line 12 > > > > Here is Line 12: Dim app As New Excel.Application() > > > > The state of the failed permission was: > > <IPermission class="System.Security.Permissions.SecurityPermission, > > mscorlib, Ve > > rsion=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > > version="1" > > Flags="UnmanagedCode"/> > > > > -------------------------------------------------------------------------- > -- > > -------------------------------- > > > > This results in no one being able to execute the application from that > > shared location....not even myself. > > > > Help is appreciated. > > > > Fran C > >
- Next message: Guogang Hu: "Client Certificate for .Net Remoting"
- Previous message: Trevor Lawrence: "Re: Altering .NET Security policy across domain"
- In reply to: John Bristowe: "Re: Issue with SecurityPermission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
