RE: Code Group Question

From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 07/18/03 

Date: Thu, 17 Jul 2003 23:55:20 GMT

More information on this can be found here:
http://blogs.gotdotnet.com/shawnfa/PermaLink.aspx/abbe58e7-2ee6-4f77-bcd9-189fcd01e51d

-Shawn 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at 
http://www.microsoft.com/info/cpyright.htm 
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>X-Tomcat-ID: 353424201
>References: <uvolp6URDHA.1868@TK2MSFTNGP11.phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain
>Content-Transfer-Encoding: 7bit
>From: ivanmed@online.microsoft.com ("Ivan Medvedev [MS]")
>Organization: Microsoft
>Date: Wed, 09 Jul 2003 22:12:20 GMT
>Subject: RE: Code Group Question
>X-Tomcat-NG: microsoft.public.dotnet.security
>Message-ID: <VCIErcmRDHA.1996@cpmsftngxa06.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>Lines: 15        
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:2014
>NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
>
>Scot -
>the managed IE control scenario is special in a way the security checks are 
>done. When the security checks walk the stack on the very top of it they 
>see a special AppDomain frame, whose security is based on the html page 
>evidence (url, zone, etc.) rather than your control evidence. To fix the 
>problem what you probably need is find the methods that are called directly 
>from the web page script and Assert() an appropriate permission in those 
>methods.
>Hope this helps.
>--Ivan
>This posting is provided "AS IS" with no warranties, and confers no rights.
>
>

Relevant Pages