Re: IE Hosts Windows Control

From: Tim Clamp (TClamp@welcom.com)
Date: 04/16/03


From: "Tim Clamp" <TClamp@welcom.com>
Date: Tue, 15 Apr 2003 15:27:00 -0700


Steven, I had stumbled across this article previously,
although it didn't seem to fix my issue. I downloaded the
latest release (v 1.1) of the framework today, due to a
statement in the "What's new in the .NET Framework 1.1"
article. The latest framework build works like a charm. I
felt that I should post my findings for others, as this
issue doesn't seem well documented. The article states...

<ms:snippet>
Assemblies originating from the Internet zone-for
example, Microsoft Windows® Forms controls embedded in an
Internet-based Web page or Windows Forms assemblies
hosted on an Internet Web server and loaded either
through the Web browser or programmatically using the
System.Reflection.Assembly.LoadFrom() method-now receive
sufficient permission to execute in a semi-trusted
manner. Default security policy has been changed so that
assemblies assigned by the common language runtime (CLR)
to the Internet zone code group now receive the
constrained permissions associated with the Internet
permission set. In the .NET Framework 1.0 Service Pack 1
and Service Pack 2, such applications received the
permissions associated with the Nothing permission set
and could not execute.

Note: While we are re-enabling code from the Internet
zone, the defaults do not give this code full access to
the user's machine. By default, thanks to code access
security, this code runs in a restricted manner and is
allowed access only to a limited set of resources that
are safe to use. This code cannot damage your data or
system, and it cannot steal private information that you
do not explicitly give it.
</ms:snippet>

The latest version did solve my execution issue. Quite
contrary to the article, however, was the fact that I
could get my control to execute on a framework v1 sp1
configuration with default policy configurations.

>-----Original Message-----
>Hi Tim - You're running into this issue because your
control doesn't have
>the AllowPartiallyTrustedCallers (APTCA) attribute on
it. There are a few
>routes you can take to fix this:
>
>1 - Give either the entire site or the url of the page
and control FullTrust
>2 - Put the APTCA on your assembly. There are several
ramifications of
>doing so however. The full scoop on APTCA can be found
at:
>http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnnetsec/ht
>ml/seccodeguide.asp
>
>"Tim Clamp" <TClamp@Welcom.com> wrote in message
>news:075001c2fe1f$fb1e6670$a001280a@phx.gbl...
>> Hi all,
>>
>> The problem i have is my windows form controls, which
are
>> embedded in IE fail to load
>> up when they are strongly named. After giving "full
>> trust" to the client
>> control, i still failed to load up the control in IE.
The
>> error log in
>> FUSLOGVW.exe shows:
>>
>> URL:
http://localhost/WinControls/WinControls.dll
>> Zone: 1
>> Assembly Name: WinControls.dll
>> Type Name: WinControls.GridControl
>>
>> ----- Thrown Exception -----
>>
>> System.Security.SecurityException: Request failed.
>>
>> Server stack trace:
>> at System.RuntimeType.CreateInstanceImpl(Boolean
>> publicOnly)
>> at System.Activator.CreateInstance(Type type, Boolean
>> nonPublic)
>> at System.RuntimeType.CreateInstanceImpl(BindingFlags
>> bindingAttr, Binder
>> binder, Object[] args, CultureInfo culture, Object[]
>> activationAttributes)
>> at System.Activator.CreateInstance(Type type,
>> BindingFlags bindingAttr,
>> Binder binder, Object[] args, CultureInfo culture,
Object
>> []
>> activationAttributes)
>> at System.Activator.CreateComInstanceFrom(String
>> assemblyName, String
>> typeName)
>> at System.AppDomain.CreateComInstanceFrom(String
>> assemblyName, String
>> typeName)
>> at
>>
System.Runtime.Remoting.Messaging.StackBuilderSink.Private
>> ProcessMessage(Met
>> hodBase mb, Object[] args, Object server, Int32
>> methodPtr, Boolean
>> fExecuteInContext, Object[]& outArgs)
>> at
>>
System.Runtime.Remoting.Messaging.StackBuilderSink.SyncPro
>> cessMessage(IMessa
>> ge msg, Int32 methodPtr, Boolean fExecuteInContext)
>>
>> Exception rethrown at [0]:
>> at
>>
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMess
>> age(IMessage
>> reqMsg, IMessage retMsg)
>> at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke
>> (MessageData&
>> msgData, Int32 type)
>> at System.AppDomain.CreateComInstanceFrom(String
>> assemblyName, String
>> typeName)
>> at
Microsoft.IE.SecureFactory.CreateInstanceWithSecurity
>> (Int32 dwFlag,
>> Int32 dwZone, String pURL, String uniqueIdString,
String
>> link, String
>> licenses)
>>
>> What do I need to do in order to solve this security
>> issue?
>>
>
>
>.
>



Relevant Pages

  • .NET Framework 1.1 sp1 breaks our application!
    ... I have de-installed SP1 and can confirm that the problem is ... solved by reverting to the original 1.1 framework. ... I have created a simple control with an event. ... assemblies enabled. ...
    (microsoft.public.dotnet.framework)
  • Re: Determine Framework version from assembly
    ... I don't have access to the 1.1 Framework. ... assembly in a text editor I see the following string in several places ... "version=1.0.3300.0" referencing mscorlib and other assemblies such as ... > Scott wrote: ...
    (microsoft.public.dotnet.languages.vb)
  • Re: C# DLL in non dot net environment
    ... including dynamic loading of external assemblies ... so the user doesn't really see the Framework in the ... exists on the same machine, the mini-deployed app wouldn't know it at all, ... In the case of a managed user control under IE, ...
    (microsoft.public.dotnet.framework)
  • Re: OODesign - OPF, design pattern
    ... It's under their control, for goodness ... Now that it is written we have had 2 or 3 people writing the app at ... As long as you don't throw in "dirty hacks" your framework ... for both OO design and the conventional design. ...
    (borland.public.delphi.non-technical)
  • Re: OODesign - OPF, design pattern
    ... What I had in mind were very specific design patterns, ... It's under their control, for goodness ... but once I had reached a point where I could stop "tweaking" the framework to handle scenarios that I hadn't previously thought of the development time suddenly increased dramatically. ... once you zoom in even just a little, OO design reveals more layers. ...
    (borland.public.delphi.non-technical)