Re: Howto: Run Application from Network Drive
From: Guillaume Hanique (g.hanique.nospam_at_adviesburo-snijders.nl)
Date: 05/21/03
- Next message: Wallace B. McClure: "Re: ODBC access within a Windows Service"
- Previous message: Ice: "Re: Strong-name and remoting"
- In reply to: Shel Blauman [MSFT]: "Re: Howto: Run Application from Network Drive"
- Next in thread: Michel Gallant \(MVP\): "Re: Howto: Run Application from Network Drive"
- Reply: Michel Gallant \(MVP\): "Re: Howto: Run Application from Network Drive"
- Reply: Michel Gallant \(MVP\): "Re: Howto: Run Application from Network Drive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 May 2003 13:51:37 +0200
How do I get / make the keyPair.snk file?
"Shel Blauman [MSFT]" <sheldonb@online.microsoft.com> wrote in message
news:eVrGA1vHDHA.1608@tk2msftngp13.phx.gbl...
> Yup, it's in my todo list:
>
> How to run an executable from a share.
>
>
>
> The following applies to a managed executable program (.exe) that executes
> with greater permissions than normally would be granted to the zone to
which
> the assembly belongs. For a program hosted on another computer in a local
> area network, this would be the Local Intranet zone. Any file residing on
a
> mapped network drive is, by default, in the Local Intranet zone and
operates
> under its permission set. If the assembly to be run does not require any
> permissions other than those normally granted to applications running in
the
> Local Intranet zone, signing and creating a custom code group are not
> required. The below steps are only necessary when the assembly causes a
> security exception to be thrown when it is executed. It is strongly
> recommended that the permissions granted the Local Intranet zone not be
> changed to FullTrust as an alternative to the following steps.
>
>
>
> Check that the following conditions have been met:
>
>
>
> 1. The evidence identifying the executable is used to set the
> membership condition in a code group, using either the .NET Configuration
> Tool (Mscorcfg.msc) or caspol.exe. Although other membership conditions
> are available, the recommended practice is to sign the assembly with a
> strong name or a certificate.
>
>
>
> To create a strong name use sn.exe:
>
>
>
> sn -k keyPair.snk
>
>
>
> // This strong name key is used to create a code group that gives //
> permissions to this assembly.
>
> [assembly: AssemblyKeyFile("keyPair.snk")]
>
> namespace SignedAssembly
>
>
>
> 2. The code group corresponding to the evidence of the executable gives
> the permissions the assembly requires. If the executable is identified by
a
> strong name, the code group will utilize the
StrongNameMembershipCondition.
>
>
>
> caspol -machine -addgroup All_Code -strong -file signedassembly.exe
> FullTrust -name FouthCoffeeStrongName -description "Code group granting
> trust to code signed by FourthCoffee"
>
>
>
> Alternatively, the code group can be created using the Microsoft .NET
> Framework Configuration tool (Mscorcfg.msc) found under Administrative
> Tools.
>
>
>
> The simplest method of granting permissions to the new code group is by
the
> use of the existing FullTrust permission set; however, it would be best to
> create a custom named permission set only granting the permissions the
> assembly requires to execute. Named permission sets are most easily
> constructed using the Microsoft .NET Framework Configuration tool
mentioned
> above. The sequence would be to first create the custom named permission
> set, then create the code group, making use of the new permission set.
>
>
>
> 3. The runtime version on the host computer is compatible with the
> runtime used to compile the assembly.
>
>
>
> 4. The code group created for the executable is in the same runtime
> that the executable uses.
>
>
>
>
>
> .
>
>
>
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "ToddT" <NOturczytj@SPAMmaritz.com> wrote in message
> news:p0rkcvs0fc17ot69lfim4j5u0idqjfdh28@4ax.com...
> > how about some msdn aricle that goes thru this step by step? this
> > question comes up time and time again - the explanations in the
> > newsgroups are still kind of fuzzy...
> >
> >
> > On Tue, 20 May 2003 09:34:51 -0700, "Shel Blauman [MSFT]"
> > <sheldonb@online.microsoft.com> wrote:
> >
> > >I would strong name the assembly you want to run, then use the .NET
> > >Framework configuration tool to create a code group to give that strong
> name
> > >the permissions you want to grant it. That way, any assembly you run
> that
> > >is signed with that strong name will be able to run. You can have
> multiple
> > >assemblies signed with the same strong name, and only need one code
group
> to
> > >run them all.
> > >
> > >Shel
> >
>
>
- Next message: Wallace B. McClure: "Re: ODBC access within a Windows Service"
- Previous message: Ice: "Re: Strong-name and remoting"
- In reply to: Shel Blauman [MSFT]: "Re: Howto: Run Application from Network Drive"
- Next in thread: Michel Gallant \(MVP\): "Re: Howto: Run Application from Network Drive"
- Reply: Michel Gallant \(MVP\): "Re: Howto: Run Application from Network Drive"
- Reply: Michel Gallant \(MVP\): "Re: Howto: Run Application from Network Drive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
