Re: Security exception

From: Marcelo J. Birnbach (mbirnbac@online.microsoft.com)
Date: 02/13/03 

From: "Marcelo J. Birnbach" <mbirnbac@online.microsoft.com>
Date: Thu, 13 Feb 2003 13:37:14 -0800

Hi Crirus,

I think I know what's going on with your control. The problem is that your
assembly is requesting a Permission that is not given by default to the zone
your control is loaded from.

So, the best way to give it to your assembly is by modifying the security
policy. You can sign your control with some strong name key and update the
policy to give it the required permission.

Unfortunately this is not enough... When IE hosts managed controls creates
an AppDomain that receives the permission given by policy to the zone the
page comes from. So, even if you give FullTrust to your control, the
security engine will begin a stack walk for every demand and it will fail
because the IE AppDomain doesn't have the demanded permission. Here is a
checklist to avoid that problem (and mostly anyone related to IE and
security):

The following applies to a managed user control intended to execute with
greater permissions than would normally be granted to the zone the assembly
belongs to, most likely either Internet, Local Intranet or Trusted Sites.

Check list:

  1.. The user control assembly is identifiable in a manner that can be used
to set the membership condition in a code group either using the .NET
Configuration Tool (Mscorcfg.msc) or caspol.exe. Signing using a strong
name or a certificate is preferable, but other sources of identity such as a
URL or site can also be used.
  2.. If strong named, the user control has the
AllowedPartiallyTrustedCallers attribute.
  3.. The user control asserts permissions it requires which the zone in
which it is running would not normally be granted.
  4.. The user control RevertAsserts immediately after performing asserted
actions.
  5.. The user control is hosted in an IIS folder on the server that has an
"execute permission" of either "none" or "scripts only".
  6.. The client has a code group that the assembly resolves to that grants
the permissions the assembly requires.
  7.. In Internet Explorer, Internet Options, Advanced Security settings,
the "Do not save encrypted pages to disk" should be unchecked if hardening
is in effect on server. By default, hardening will be enabled on Windows
Server 2003. The hardening functionality is found in Control Panel, Add or
Remove Programs, Add/Remove Windows Components, Internet Explorer Enhanced
Security Configuration.
  8.. The client machine has a runtime version compatible with the version
the assembly was compiled with.
  9.. The code group created for the user control is in the runtime the
control uses.
If problems occur, the Fusionbinderror log in "C:\Documents and
Settings\<username>\Local Settings\Temporary Internet Files" may indicate
what did not work. However, the log will need to be copied to another
folder to be opened.

"Crirus" <Crirus@datagroup.ro> wrote in message
news:Ocjgo9dwCHA.1928@TK2MSFTNGP10...
> That's why I post here, because I have no ideea what is all this
> PermisionsAttribute about
>
>
>
> "Phil Wilson" <phil.wilson@unisys.spamcom> wrote in message
> news:#HevykZwCHA.2516@TK2MSFTNGP09...
> > The documentation implies that a .NET ActiveX control needs to set the
> UnmanagedCode property:
> > Quote:
> >
> > "Running an ActiveX control requires unmanaged code permission, which is
> set with the
> > SecurityPermissionAttribute.UnmanagedCode property. For more information
> about security and
> > unmanaged code permission, see SecurityPermissionAttribute class. "
> >
> > "Crirus" <Crirus@datagroup.ro> wrote in message
> news:eCvnYkIwCHA.1636@TK2MSFTNGP12...
> > > Hello again.
> > >
> > > Noone have some suggestions on this topic, please...?
> > >
> > > How can I use some pictures in an assemly inder IE.
> > > I have a userControl embeded in html page and I wand to use some
> pictures to
> > > be draw in it.
> > >
> > > Crirus
> > >
> > >
> > > "Crirus" <Crirus@datagroup.ro> wrote in message
> > > news:#63VLXUvCHA.1656@TK2MSFTNGP09...
> > > > I isolated somehow the code that generate the error:
> > > >
> > > > ' Dim bitmapID As Bitmap
> > > >
> > > > ' Dim resourceManager = New resourceManager("Crirus.Gamer.terrain",
> > > > Me.GetType.Assembly)
> > > >
> > > > There is another way on use resources, instead embedding it in
> assambly? I
> > > > use the assambly under IE from a server, just like an applet!
> > > >
> > > > Crirus
> > > >
> > > >
> > > > "Crirus" <Crirus@datagroup.ro> wrote in message
> > > > news:OBIRwUTvCHA.1776@TK2MSFTNGP09...
> > > > > ok!
> > > > > This is the behaviour:
> > > > > I browse with IE a server. I got the page from the server with my
> > > control
> > > > > embeded.
> > > > > When is initialised, I got that security exception:
> > > > >
> > > > > If my NET Framework trust zone is set to full trust for my site
> address,
> > > > > this error is not raised:
> > > > > I can push Continue butto, but it's anoing because I really dont
> need
> > > > right
> > > > > on client mashine, just an applet behaviour is what I need
> > > > >
> > > > >
> > > > >
> > > > > See the end of this message for details on invoking
> > > > > just-in-time (JIT) debugging instead of this dialog box.
> > > > >
> > > > > ************** Exception Text **************
> > > > > System.Security.SecurityException: Request for the permission of
> type
> > > > > System.Security.Permissions.ReflectionPermission, mscorlib,
> > > > > Version=1.0.3300.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089
> > > > failed.
> > > > > at
> System.Security.CodeAccessSecurityEngine.CheckHelper(PermissionSet
> > > > > grantedSet, PermissionSet deniedSet, CodeAccessPermission demand,
> > > > > PermissionToken permToken)
> > > > > at System.Reflection.RuntimeMethodInfo.InternalInvoke(Object
obj,
> > > > > BindingFlags invokeAttr, Binder binder, Object[] parameters,
> CultureInfo
> > > > > culture, Boolean isBinderDefault, Assembly caller, Boolean
> verifyAccess)
> > > > > at System.Reflection.RuntimeMethodInfo.InternalInvoke(Object
obj,
> > > > > BindingFlags invokeAttr, Binder binder, Object[] parameters,
> CultureInfo
> > > > > culture, Boolean verifyAccess)
> > > > > at System.Reflection.RuntimeMethodInfo.Invoke(Object obj,
> > > BindingFlags
> > > > > invokeAttr, Binder binder, Object[] parameters, CultureInfo
culture)
> > > > > at
> > > Microsoft.VisualBasic.CompilerServices.VBBinder.InvokeMember(String
> > > > > name, BindingFlags invokeAttr, Type objType, Object target,
Object[]
> > > args,
> > > > > ParameterModifier[] modifiers, CultureInfo culture, String[]
> > > > > namedParameters)
> > > > > at
> Microsoft.VisualBasic.CompilerServices.LateBinding.LateGet(Object
> > > o,
> > > > > Type objType, String name, Object[] args, String[] paramnames,
> Boolean[]
> > > > > CopyBack)
> > > > > at Crirus.Gamer.Assault.getPicture(String ImgResName)
> > > > > at Crirus.Gamer.Assault.Initialize()
> > > > > at Crirus.Gamer.Assault.HexMap_Load(Object sender, EventArgs e)
> > > > > at System.Windows.Forms.UserControl.OnLoad(EventArgs e)
> > > > > at System.Windows.Forms.UserControl.OnCreateControl()
> > > > > at System.Windows.Forms.Control.CreateControl(Boolean
> fIgnoreVisible)
> > > > > at System.Windows.Forms.Control.CreateControl()
> > > > > at System.Windows.Forms.Control.WmShowWindow(Message& m)
> > > > > at System.Windows.Forms.Control.WndProc(Message& m)
> > > > > at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
> > > > > at System.Windows.Forms.ContainerControl.WndProc(Message& m)
> > > > > at System.Windows.Forms.UserControl.WndProc(Message& m)
> > > > > at System.Windows.Forms.ControlNativeWindow.OnMessage(Message&
m)
> > > > > at
> > > > >
> > > >
> > >
>
System.Windows.Forms.ActiveXImpl.System.Windows.Forms.IWindowTarget.OnMessag
> > > > > e(Message& m)
> > > > > at
> > > > >
> > > >
> > >
>
System.Windows.Forms.ActiveXImpl.System.Windows.Forms.IWindowTarget.OnMessag
> > > > > e(Message& m)
> > > > > at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
> > > > > at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd,
Int32
> msg,
> > > > > IntPtr wparam, IntPtr lparam)
> > > > >
> > > > >
> > > > > ************** Loaded Assemblies **************
> > > > > mscorlib
> > > > > Assembly Version: 1.0.3300.0
> > > > > Win32 Version: 1.0.3705.288
> > > > > CodeBase:
> > > > > file:///c:/windows/microsoft.net/framework/v1.0.3705/mscorlib.dll
> > > > > ----------------------------------------
> > > > > System
> > > > > Assembly Version: 1.0.3300.0
> > > > > Win32 Version: 1.0.3705.288
> > > > > CodeBase:
> > > > >
> > > >
> > >
>
file:///c:/windows/assembly/gac/system/1.0.3300.0__b77a5c561934e089/system.d
> > > > > ll
> > > > > ----------------------------------------
> > > > > System.Drawing
> > > > > Assembly Version: 1.0.3300.0
> > > > > Win32 Version: 1.0.3705.288
> > > > > CodeBase:
> > > > >
> > > >
> > >
>
file:///c:/windows/assembly/gac/system.drawing/1.0.3300.0__b03f5f7f11d50a3a/
> > > > > system.drawing.dll
> > > > > ----------------------------------------
> > > > > RegexAssembly82_0
> > > > > Assembly Version: 0.0.0.0
> > > > > Win32 Version: n/a
> > > > > CodeBase:
> > > > > ----------------------------------------
> > > > > Assault
> > > > > Assembly Version: 1.0.0.0
> > > > > Win32 Version: n/a
> > > > > CodeBase: http://assault/Assault.DLL
> > > > > ----------------------------------------
> > > > > System.Windows.Forms
> > > > > Assembly Version: 1.0.3300.0
> > > > > Win32 Version: 1.0.3705.288
> > > > > CodeBase:
> > > > >
> > > >
> > >
>
file:///c:/windows/assembly/gac/system.windows.forms/1.0.3300.0__b77a5c56193
> > > > > 4e089/system.windows.forms.dll
> > > > > ----------------------------------------
> > > > > Microsoft.VisualBasic
> > > > > Assembly Version: 7.0.3300.0
> > > > > Win32 Version: 7.00.9502
> > > > > CodeBase:
> > > > >
> > > >
> > >
>
file:///c:/windows/assembly/gac/microsoft.visualbasic/7.0.3300.0__b03f5f7f11
> > > > > d50a3a/microsoft.visualbasic.dll
> > > > > ----------------------------------------
> > > > > System.Xml
> > > > > Assembly Version: 1.0.3300.0
> > > > > Win32 Version: 1.0.3705.288
> > > > > CodeBase:
> > > > >
> > > >
> > >
>
file:///c:/windows/assembly/gac/system.xml/1.0.3300.0__b77a5c561934e089/syst
> > > > > em.xml.dll
> > > > > ----------------------------------------
> > > > > Accessibility
> > > > > Assembly Version: 1.0.3300.0
> > > > > Win32 Version: 1.0.3705.0
> > > > > CodeBase:
> > > > >
> > > >
> > >
>
file:///c:/windows/assembly/gac/accessibility/1.0.3300.0__b03f5f7f11d50a3a/a
> > > > > ccessibility.dll
> > > > > ----------------------------------------
> > > > >
> > > > > ************** JIT Debugging **************
> > > > > To enable just in time (JIT) debugging, the config file for this
> > > > > application or machine (machine.config) must have the
> > > > > jitDebugging value set in the system.windows.forms section.
> > > > > The application must also be compiled with debugging
> > > > > enabled.
> > > > >
> > > > > For example:
> > > > >
> > > > > <configuration>
> > > > > <system.windows.forms jitDebugging="true" />
> > > > > </configuration>
> > > > >
> > > > > When JIT debugging is enabled, any unhandled exception
> > > > > will be sent to the JIT debugger registered on the machine
> > > > > rather than being handled by this dialog.
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>