Re: Okay.. what is going on here .. Security error?
From: Shawn Farkas [MS] (shawnfa@online.microsoft.com)
Date: 02/13/03
- Next message: Shawn Farkas [MS]: "Re: Was able to add new code group"
- Previous message: Shawn Farkas [MS]: "Re: Multiple authentication"
- In reply to: Mark Orsted: "Okay.. what is going on here .. Security error?"
- Next in thread: Mark Orsted: "Re: Okay.. what is going on here .. Security error?"
- Reply: Mark Orsted: "Re: Okay.. what is going on here .. Security error?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> Date: Wed, 12 Feb 2003 17:24:43 -0800
Mark,
Programs that run on the CLR use something called code access security
(CAS). CAS assigns trust not based upon user credentials, but based upon
evidence it can gather from the code itself. This evidence is then compared
against the security policy, and a permission grant is generated. A good
reference for this system can be found here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/ht
ml/gngrfauthenticationsection.asp
One of the pieces of evidence is the security zone where the code is
located. When you run the code from your local machine, this will be the
MyComputer zone, but when you run it off of a server (or even a server share
mapped to a drive on your machine), it will be LocalIntranet. By default
any code that is run from the MyComputer zone will get a permission set of
FullTrust (unrestricted permission to do anything it pleases). However,
there is a more restrictive policy placed on LocalIntranet assemblies.
There are three ways to solve your problem. The first way is to
determine what permissions are being granted, and try to modify your
application to not require these permissions any more. The
SecurityException that is being thrown should tell you which demand failed.
Assuming this is not possible, you'll need to modify your security
policy. The recommended way to do this is to sign all your assemblies with
a strong name key pair that you generate using the sn.exe tool. Then you
can modify the security policy to give FullTrust to all assemblies signed
with your key. The .Net Framework Configuration control panel applet will
allow you to make these changes and to create an .MSI file that contains the
security policy so you can easily distribute it to people in your
organization. Whenever you create new assemblies, all you'll need to do is
to sign them with your key, and everyone who has the modified policy will
automatically fully trust them.
The other (less preferable) method is to simply give the LocalIntranet
zone more trust. This can also be done in the .Net Framework Configuration
control panel applet. This change can also be sent to all your users as
above in an .MSI file. However, be aware that this means that any code
anyone in your organization gets placed on the intranet will run fully
trusted on anyone else's machine -- generally not a good idea.
Another alternative, since you said your goal was to have updates pushed
automatically to your clients is to investigate Smart Client applications
and No Touch Deployment:
http://msdn.microsoft.com/netframework/techinfo/articles/smartclient/default
.asp
-Shawn
-- This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send email directly to this alias, this alias is for newsgroup purposes only. "Mark Orsted" <orsted@uillinois.edu> wrote in message news:u94zDus0CHA.2552@TK2MSFTNGP12... > I have just put VS.Net on my system, and am attempting to upgrade some > *very* basic VB programs (VB6). > > I have one that is working fine, as long as the code, the exe, etc, are on > my local machine. If I copy the EXE to a server, which is generally how we > do things here - so that we don't have to update 40 machine's whenever an > update occurs - I get this instead: > > An unhandled exception of type 'System.Security.SecurityException' occurred > in Unknown Module. > Additional information: Security error. > > I looked at MS's site, with nothing really - their search engine has got to > be one of the most ignorant I've ever run across. I have time and time > again put an error message, from their OS or programs, into the search > engine, only to return garbage or "not found" messages. If they are making > the error messages occur, shouldn't they have the messages indexed and > found > by their site search engine??? > > Anyways - anyone that can point me at a succinct document on how to repair > this problem, it would be greatly appreciated. Searching at MS gave me all > kinds of nice "white paper" style info on this whole security thing, but > nothing that simply explains how you get the application to run from a > server! > > > Marko > > > >
- Next message: Shawn Farkas [MS]: "Re: Was able to add new code group"
- Previous message: Shawn Farkas [MS]: "Re: Multiple authentication"
- In reply to: Mark Orsted: "Okay.. what is going on here .. Security error?"
- Next in thread: Mark Orsted: "Re: Okay.. what is going on here .. Security error?"
- Reply: Mark Orsted: "Re: Okay.. what is going on here .. Security error?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
