ASP.NET in a Partially Trusted Environment

From: Kris McFarren (kmm187_at_hotmail.com)
Date: 07/10/03

• Next message: Joel Register: "Converting a JAVA SHA1 Encryption Scheme"
• Previous message: Shel Blauman [MSFT]: "Re: How to use Runtime Security Policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 10 Jul 2003 08:58:38 -0700

How do you run ASP.NET in a partially-trusted environment
(i.e. the My_Computer_Zone is not set to Full Trust)?

The default policy looks something like this:

All_Code = Nothing
   My_Computer_Zone = Full Trust
      Microsoft_Strong_Name = Full Trust
      ECMA_Strong_Name = Full Trust

We want to set up something like this:

All_Code = Nothing
   My_Computer_Zone = Nothing
      Microsoft_Strong_Name = Full Trust
      ECMA_Strong_Name = Full Trust
      MyWebApp = MyWebAppPermissionSet

Changing the My_Computer_Zone to anything but "Full
Trust" seems to kill the ASP.NET worker process. The
following error gets entered into the event log:

"Failed to execute request because the App-Domain could
not be created."

The source of the error is listed as "ASP.NET 1.1.4322.0"

It should be possible to grant the ASP.NET assemblies the
permissions that they need without having to assign full
trust to the entire local machine. How do I go about
doing this?

---

• Next message: Joel Register: "Converting a JAVA SHA1 Encryption Scheme"
• Previous message: Shel Blauman [MSFT]: "Re: How to use Runtime Security Policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Boot floppy ... simple matter of policy that the IT department manages ... "Trust me it is secured." ... potentially sensitive data stored on servers. ... Are you using SPI, Watchfire or WhiteHat? ... (Pen-Test) Re: CAS & GAC: connection? ... Under default policy settings, all locally installed ... >> assemblies will have full trust, and most assemblies in the GAC are ... >> limited permissions under policy. ... >> you want to avoid an implicit link demand for full trust. ... (microsoft.public.dotnet.security) Re: How to perform SSL certificate validation ? ... `Trusted' means it can violate your security policy, ... suppose you trust your ... doctor to keep your medical records private. ... (Security-Basics) Re: Question about strong-name dlls ... > You only want to set trust on ONE assembly, but really, you don't need to. ... check your Security Policy for that OS. ... >>> How about copying and pasting the EXACT error message? ... (microsoft.public.dotnet.framework.aspnet) Re: how to programatically give assembly loaded from network the same trust as those loaded from loc ... I would like to programmatically configure policy. ... > require a high degree of trust. ... > 2) Create a custom code group that has that strong name as a membership ... > 3) Assign the code group a permission set that has only the permissions ... (microsoft.public.dotnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2003-07