Re: Code Access Security Enforcement anamoly - - Thx in advance.
From: Krishna Moturi (moturi@hotmail.com)
Date: 02/17/03
- Next message: Krishna Moturi: "Re: Code Access Security Enforcement anamoly - - Thx in advance."
- Previous message: Michel Gallant (MVP): "VS.net generated key containers?"
- In reply to: Shawn Farkas [MS]: "Re: Code Access Security Enforcement anamoly - - Thx in advance."
- Next in thread: Krishna Moturi: "Re: Code Access Security Enforcement anamoly - - Thx in advance."
- Reply: Krishna Moturi: "Re: Code Access Security Enforcement anamoly - - Thx in advance."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Krishna Moturi" <moturi@hotmail.com> Date: Mon, 17 Feb 2003 14:54:13 -0800
Hi Shawn,
Thanks for swift response.
What would be the best-practices approach to tackle this most commonly
anticipated situation for any enterprise ?
Do we have any guidance from MSFT dictating any authoritative policy ?
we would really appreciate your response to this as we're totally
sincere/serious in providing 'total secure computing envionment' promise to
our customers on .NET platform.
Thanks
"Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in message
news:OZXziqs1CHA.2576@TK2MSFTNGP11.phx.gbl...
> Hi Krishna,
>
> You are probably running into a situation with dynamic compilation.
> ASP.Net will dynamically compile its web pages into an assembly. This
> assembly will not be signed by your certificate, and as such will not have
> execution permissions.
>
> -Shawn
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Please do not send email directly to this alias, this alias is for
newsgroup
> purposes only.
>
>
> "Krishna Moturi" <moturi@hotmail.com> wrote in message
> news:e29Sk4r1CHA.1616@TK2MSFTNGP11.phx.gbl...
> > Hi,
> >
> > We have role-based security, strong naming and publisher-signature(SPC)
in
> > place for our 75k c# codebase (23 assemblies).
> > We are trying to enforce CAS so that only our SPC trusted assemblies
could
> > be granted 'FullTrust' permisson set.
> >
> > 1) we changed 'Machine' level security policy so that 'My_Computer_Zone'
> no
> > longer would be carrying 'FullTrust' permission set.
> > ( we don't want any malignant code installed to have fullTrust
> > permission set.).
> > 2) We created a new child code group and granted 'FullTrust' to our
> > certificate signed assemblies with appropriate code membership
condition.
> >
> > Our custom windows services with all 23 assemblies are working
fine...but
> > ASP.NET process no longer works.. (every aspx page just hit deadlock
> timeout
> > threshold)..........
> > we are looking for guidance on this enforcement policy.
> >
> >
> > Thanks in advance
> > Krishna
> >
> >
>
>
- Next message: Krishna Moturi: "Re: Code Access Security Enforcement anamoly - - Thx in advance."
- Previous message: Michel Gallant (MVP): "VS.net generated key containers?"
- In reply to: Shawn Farkas [MS]: "Re: Code Access Security Enforcement anamoly - - Thx in advance."
- Next in thread: Krishna Moturi: "Re: Code Access Security Enforcement anamoly - - Thx in advance."
- Reply: Krishna Moturi: "Re: Code Access Security Enforcement anamoly - - Thx in advance."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
