Re: how do i enable security for this to run?

From: Ivan Medvedev [MS] (ivanmed_at_online.microsoft.com)
Date: 06/17/03 

Date: Mon, 16 Jun 2003 23:06:05 GMT

Hi -
IE hosted controls will always be running in the latest installed runtime
version. This behavior can not be changed.
FullTrust is not exactly equal to a set off all available permissions in
their unrestricted state. When something requires FullTrust to run (for
example accessing a strong named assembly that does not have
AllowPartiallyTrustedCallersAttribute in semi-trusted environment) it can
not be substituted with anything other than FullTrust.
--Ivan
This message is provided "AS IS" with no warranties, and confers no rights

--------------------
>From: "palmtree953b" <palmtree953b@hotmail.com>
>References: <#m0jFCxKDHA.2580@TK2MSFTNGP09.phx.gbl>
<e4$KF#ELDHA.1908@TK2MSFTNGP11.phx.gbl>
>Subject: Re: how do i enable security for this to run?
>Date: Wed, 11 Jun 2003 01:28:10 -0700
>Lines: 114
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#vRoRN$LDHA.2708@tk2msftngp13.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: aliq3tpy19x4.bc.hsia.telus.net 64.180.248.75
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:1602
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>Thank you very much for your suggestion.
>
>My main problem was that I mistakenly assumed that since I was building
with
>the 1.0.3705 framework, and because I also created a "config" file which
>specified "<requiredRuntime version="v1.0.3705" />", that the IE-hosted
>control was indeed running using that framework version. Wrong.
>
>Clearly stated in the help documentation, "Specifying Which Runtime Version
>to Use":
>ms-help://MS.VSCC/MS.MSDNVS/cpguide/html/cpconspecifyingwhichruntimeversion
t
>ouse.htm
>"The startup code for an application hosted in Microsoft Internet Explorer
>ignores the required runtime setting in an application configuration file."
>
>So, that "requiredRuntime" in my config is ignored when the control is
>hosted in IE. As it turns out, the control ends up running under v1.1.4322
>of the runtime (when hosted by IE), so the security setting changes that I
>was making to v1.0 of the framework were obviously not being used which
>explains the problem I was having getting the control to work.
>
>HOWEVER, this now poses a few more interesting questions:
>1) Will this control always run with the "latest" runtime installed on the
>target machine (when hosted in IE)?
>2) Can one specify a specific runtime version for the control to run with
>when hosting it in IE?
>
>Also note that the control seems to require FullTrust to instantiate that
>object from the DirectX dll; I tried even creating a custom permission set
>that includes unrestricted access for all of the available permissions and
>it did not work (so doing this is somehow different than FullTrust). The
>exception thrown when everything is added as unrestricted access is:
>System.Reflection.TargetInvocationException: Exception has been thrown by
>the target of an invocation. ---> System.Security.SecurityException:
>Security error.
> at WindowsControlLibrary1.UserControl1..ctor()
>Any possible explanations for this?
>
>Thanks again for your help!
>
>"Shel Blauman [MSFT]" <sheldonb@online.microsoft.com> wrote in message
>news:e4$KF%23ELDHA.1908@TK2MSFTNGP11.phx.gbl...
>> This is a long shot, but easy enough to try. What happens if you tag
your
>> control with the securitypermissionattribute setting SKipVerification to
>> true?
>>
>> [assembly:SecurityPermissionAttribute( SecurityAction::RequestMinimum,
>> SkipVerification=true)];
>>
>> I'm hoping that it turns off verification for both your assembly and the
>> assemblies it calls.
>>
>> Shel
>>
>>
>> --
>> This posting is provided "AS IS" with no warranties, and confers no
>rights.
>> Use of included script samples are subject to the terms specified at
>> http://www.microsoft.com/info/cpyright.htm
>>
>>
>> "palmtree953b" <palmtree953b@hotmail.com> wrote in message
>> news:%23m0jFCxKDHA.2580@TK2MSFTNGP09.phx.gbl...
>> > I have a user control that references a directx dll, and I would like
to
>> > host this user control dll in internet explorer. I have tried setting
>all
>> > of my security policies to "All Code" and "Full Trust" (yes, I know
this
>> is
>> > bad) but it still does not run.
>> >
>> > Here is the error that I get:
>> > ----- Thrown Exception -----
>> > System.Reflection.TargetInvocationException: Exception has been thrown
>by
>> > the target of an invocation. ---> System.IO.FileLoadException:
>> Unverifiable
>> > assembly 'Microsoft.DirectX' failed policy check.
>> > File name: "Microsoft.DirectX"
>> > at WindowsControlLibrary1.UserControl1..ctor()
>> > --- End of inner exception stack trace ---
>> >
>> > This is easily reproduced by creating a new Windows Control Library,
add
>a
>> > reference to Microsoft.DirectX.dll (and the "using" statement) and
>> somewhere
>> > create an object from that namespace, ie: in the constructor, add:
>> > Microsoft.DirectX.Vector2 vector = new Microsoft.DirectX.Vector2();
>> > (these steps are for C#). You can also change BackColor to black to
>make
>> it
>> > obvious when control loads. Build the dll and place output files on
>your
>> > local web server (ie: wwwroot\test\ ...).
>> >
>> > Create an HTML file for IE that contains the object tag in the body
(and
>> > place it in same folder as above on local web server):
>> > <OBJECT ID="myobj" width=320 height=240
>> >
>classid="WindowsControlLibrary1.dll#WindowsControlLibrary1.UserControl1">
>> >
>> > Navigate to that html file on your server ( http://localhost/test/ ...)
>> and
>> > you will see that the control does not instantiate.
>> > If you remove the creation of the directx object, it should work fine.
>> > Somehow, I should be able to modify the security settings to allow this
>to
>> > run.
>> > Anybody have any ideas?
>> >
>> >
>>
>>
>
>
>

Relevant Pages

  • Re: Embedded .NET Control in IE - Policy issue not causing it to work???
    ... I only grant FullTrust right now to make sure that my component works. ... I'll narrow down the necessary permissions later. ... permissions, my control worked fine. ... >> IMethodCallMessage methodCallMessage) ...
    (microsoft.public.dotnet.framework.windowsforms)
  • Re: Signed Controls in IE with FullTrust only?
    ... control to execute with only the required permissions. ... you are getting when you try to use a more specific permission set? ... Shel ... It implies that you have to give FullTrust to the assembly. ...
    (microsoft.public.dotnet.security)
  • Re: CAS, Hosting in Internet Explorer
    ... If you've signed your control with a strong name you can use the allow ... partially trusted callers attribute then assert the permission you require ... group that gives the control the permissions it requires. ... > But if I evaluate it, my assembly get Fulltrust. ...
    (microsoft.public.dotnet.security)
  • Re: Signed Controls in IE with FullTrust only?
    ... Shel, ... It implies that you have to give FullTrust to the assembly. ... an explicit requirement for FullTrust or is there a permission set with less ... The control is in a signed ...
    (microsoft.public.dotnet.security)
  • Re: Service hangs when accessing ActiveX control
    ... correctly in an STA on the main thread but you are later calling into this ... your OnStart method and then create the form and control in the ThreadStart ... Application.Runto start the message pump. ... > Not specifying any attribute or specifying it as STA results in the same ...
    (microsoft.public.dotnet.framework.interop)