Re: IE Hosts Windows Control

From: Tim Clamp (TClamp@welcom.com)
Date: 04/16/03


From: "Tim Clamp" <TClamp@welcom.com>
Date: Tue, 15 Apr 2003 15:27:00 -0700


Steven, I had stumbled across this article previously,
although it didn't seem to fix my issue. I downloaded the
latest release (v 1.1) of the framework today, due to a
statement in the "What's new in the .NET Framework 1.1"
article. The latest framework build works like a charm. I
felt that I should post my findings for others, as this
issue doesn't seem well documented. The article states...

<ms:snippet>
Assemblies originating from the Internet zone-for
example, Microsoft Windows® Forms controls embedded in an
Internet-based Web page or Windows Forms assemblies
hosted on an Internet Web server and loaded either
through the Web browser or programmatically using the
System.Reflection.Assembly.LoadFrom() method-now receive
sufficient permission to execute in a semi-trusted
manner. Default security policy has been changed so that
assemblies assigned by the common language runtime (CLR)
to the Internet zone code group now receive the
constrained permissions associated with the Internet
permission set. In the .NET Framework 1.0 Service Pack 1
and Service Pack 2, such applications received the
permissions associated with the Nothing permission set
and could not execute.

Note: While we are re-enabling code from the Internet
zone, the defaults do not give this code full access to
the user's machine. By default, thanks to code access
security, this code runs in a restricted manner and is
allowed access only to a limited set of resources that
are safe to use. This code cannot damage your data or
system, and it cannot steal private information that you
do not explicitly give it.
</ms:snippet>

The latest version did solve my execution issue. Quite
contrary to the article, however, was the fact that I
could get my control to execute on a framework v1 sp1
configuration with default policy configurations.

>-----Original Message-----
>Hi Tim - You're running into this issue because your
control doesn't have
>the AllowPartiallyTrustedCallers (APTCA) attribute on
it. There are a few
>routes you can take to fix this:
>
>1 - Give either the entire site or the url of the page
and control FullTrust
>2 - Put the APTCA on your assembly. There are several
ramifications of
>doing so however. The full scoop on APTCA can be found
at:
>http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnnetsec/ht
>ml/seccodeguide.asp
>
>"Tim Clamp" <TClamp@Welcom.com> wrote in message
>news:075001c2fe1f$fb1e6670$a001280a@phx.gbl...
>> Hi all,
>>
>> The problem i have is my windows form controls, which
are
>> embedded in IE fail to load
>> up when they are strongly named. After giving "full
>> trust" to the client
>> control, i still failed to load up the control in IE.
The
>> error log in
>> FUSLOGVW.exe shows:
>>
>> URL:
http://localhost/WinControls/WinControls.dll
>> Zone: 1
>> Assembly Name: WinControls.dll
>> Type Name: WinControls.GridControl
>>
>> ----- Thrown Exception -----
>>
>> System.Security.SecurityException: Request failed.
>>
>> Server stack trace:
>> at System.RuntimeType.CreateInstanceImpl(Boolean
>> publicOnly)
>> at System.Activator.CreateInstance(Type type, Boolean
>> nonPublic)
>> at System.RuntimeType.CreateInstanceImpl(BindingFlags
>> bindingAttr, Binder
>> binder, Object[] args, CultureInfo culture, Object[]
>> activationAttributes)
>> at System.Activator.CreateInstance(Type type,
>> BindingFlags bindingAttr,
>> Binder binder, Object[] args, CultureInfo culture,
Object
>> []
>> activationAttributes)
>> at System.Activator.CreateComInstanceFrom(String
>> assemblyName, String
>> typeName)
>> at System.AppDomain.CreateComInstanceFrom(String
>> assemblyName, String
>> typeName)
>> at
>>
System.Runtime.Remoting.Messaging.StackBuilderSink.Private
>> ProcessMessage(Met
>> hodBase mb, Object[] args, Object server, Int32
>> methodPtr, Boolean
>> fExecuteInContext, Object[]& outArgs)
>> at
>>
System.Runtime.Remoting.Messaging.StackBuilderSink.SyncPro
>> cessMessage(IMessa
>> ge msg, Int32 methodPtr, Boolean fExecuteInContext)
>>
>> Exception rethrown at [0]:
>> at
>>
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMess
>> age(IMessage
>> reqMsg, IMessage retMsg)
>> at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke
>> (MessageData&
>> msgData, Int32 type)
>> at System.AppDomain.CreateComInstanceFrom(String
>> assemblyName, String
>> typeName)
>> at
Microsoft.IE.SecureFactory.CreateInstanceWithSecurity
>> (Int32 dwFlag,
>> Int32 dwZone, String pURL, String uniqueIdString,
String
>> link, String
>> licenses)
>>
>> What do I need to do in order to solve this security
>> issue?
>>
>
>
>.
>