Re: Digging deeper to find cause of System.Security.SecurityException in IEHost?

From: Ivan Medvedev [MS] (ivanmed_at_online.microsoft.com)
Date: 10/15/03

  • Next message: Eugene V. Bobukh [MS]: "Re: All permissions all access ! .NET drives me crazy" 
    Date: Tue, 14 Oct 2003 15:42:43 -0700

    Luther -
    is it possible that the control was originally compiled with v1.0 of the
    runtime and then v1.1 was installed on the machine and the control was not
    re-compiled? If so, can you try and recomple it with v1.1 compiler and
    libraries?
    Currently there is no tool released that would point out what code path
    would throw a security exception in a security restricted environment.
    --Ivan
    http://blogs.gotdotnet.com/ivanmed
    This message is provided "AS IS" with no warranties, and confers no rights.

    "Luther Miller" <googlenews@hotmail.com> wrote in message
    news:8c1abe63.0310140952.227103b3@posting.google.com...
    > I am working on a project where a Windows Forms (.NET) control is
    > hosted in a web page in IE.
    >
    > The control has been in development for a while and is now being
    > tested again as an embedded control. A security exception is being
    > thrown (I turned on logging to find this out) and the control is not
    > being loaded.
    >
    > Obviously, this means that some piece of code in the control violates
    > a security constraint imposed by the browser. I need to find out what
    > piece of code that is so that we can either remove it or work around
    > it.
    >
    > Is there a tool I can use to analyze and assembly to find out what
    > IEExec will like or not like about it?
    >
    > The exception thrown is:
    > System.Reflection.TargetInvocationException: Exception has been thrown
    > by the target of an invocation. --->
    > System.Security.SecurityException: Request for the permission of type
    > System.Security.Permissions.SecurityPermission, mscorlib,
    > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
    > failed.
    >
    >
    > Here is the log file in its entirety:
    >
    >
    > ***** IEHOST Error Log (Tuesday, 14 October 2003 10:40) *****
    >
    >
    >
    > URL: http://localhost/MyCo/MyCoForms.dll
    > Zone: 1
    > Assembly Name: MyCoForms.dll
    > Type Name: MyCo.Forms.MyEmbeddedControl
    >
    >
    >
    > ----- Thrown Exception -----
    >
    >
    > System.Reflection.TargetInvocationException: Exception has been thrown
    > by the target of an invocation. --->
    > System.Security.SecurityException: Request for the permission of type
    > System.Security.Permissions.SecurityPermission, mscorlib,
    > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
    > failed.
    > at
    System.Runtime.Serialization.Formatters.Binary.ObjectReader.CheckSecurity(Pa
    rseRecord
    > pr)
    > at
    System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(Pars
    eRecord
    > pr)
    > at
    System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecor
    d
    > pr)
    > at
    System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWith
    MapTyped(BinaryObjectWithMapTyped
    > record)
    > at
    System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWith
    MapTyped(BinaryHeaderEnum
    > binaryHeaderEnum)
    > at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
    > at
    System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(Head
    erHandler
    > handler, __BinaryParser serParser, Boolean fCheck, IMethodCallMessage
    > methodCallMessage)
    > at
    System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(S
    tream
    > serializationStream, HeaderHandler handler, Boolean fCheck,
    > IMethodCallMessage methodCallMessage)
    > at
    System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(S
    tream
    > serializationStream)
    > at System.Resources.ResourceReader.LoadObject(Int32 pos)
    > at System.Resources.RuntimeResourceSet.GetObject(String key,
    > Boolean ignoreCase)
    > at System.Resources.ResourceManager.GetObject(String name,
    > CultureInfo culture)
    > at System.Resources.ResourceManager.GetObject(String name)
    > at MyCo.Forms.MyEmbeddedControl.InitializeComponent()
    > at MyCo.Forms.MyEmbeddedControl..ctor()
    > --- End of inner exception stack trace ---
    >
    > Server stack trace:
    > at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
    > at System.Activator.CreateInstance(Type type, Boolean nonPublic)
    > at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr,
    > Binder binder, Object[] args, CultureInfo culture, Object[]
    > activationAttributes)
    > at System.Activator.CreateInstance(Type type, BindingFlags
    > bindingAttr, Binder binder, Object[] args, CultureInfo culture,
    > Object[] activationAttributes)
    > at System.Activator.CreateComInstanceFrom(String assemblyName,
    > String typeName, Byte[] hashValue, AssemblyHashAlgorithm
    > hashAlgorithm)
    > at System.AppDomain.CreateComInstanceFrom(String assemblyFile,
    > String typeName, Byte[] hashValue, AssemblyHashAlgorithm
    > hashAlgorithm)
    > at
    System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(Met
    hodBase
    > mb, Object[] args, Object server, Int32 methodPtr, Boolean
    > fExecuteInContext, Object[]& outArgs)
    > at
    System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessa
    ge
    > msg, Int32 methodPtr, Boolean fExecuteInContext)
    >
    > Exception rethrown at [0]:
    > at
    System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    > reqMsg, IMessage retMsg)
    > at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    > msgData, Int32 type)
    > at System.AppDomain.CreateComInstanceFrom(String assemblyFile,
    > String typeName, Byte[] hashValue, AssemblyHashAlgorithm
    > hashAlgorithm)
    > at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32
    > dwFlag, Int32 dwZone, String pURL, String uniqueIdString, String link,
    > String licenses)

  • Next message: Eugene V. Bobukh [MS]: "Re: All permissions all access ! .NET drives me crazy"

    Relevant Pages

    • Re: SecurityException while loading a user control in IE
      ... AllowPartiallyTrustedCallers attribute to your control assembly (see ... do this until you're sure that this doesn't introduce additional security ... > at System.Activator.CreateComInstanceFrom(String assemblyName, String ... > at System.AppDomain.CreateComInstanceFrom(String assemblyFile, String ...
      (microsoft.public.dotnet.security)
    • Re: Multithreaded GUI issues
      ... The code is happening in a try/catch handler, but the exception is taking place in a callback thread that I have no control over. ... were actually trying to close a socket at the time the exception occurred, so you might want to check to see why something is trying to close a socket when you don't expect to. ... But how do I know that creating an Image object is thread safe? ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: What does it mean?
      ... > But, if you would like to save yourself all of the exception processing, a ... (That's what a cast does internally.) ... > control array is a particular control. ... >> where the result isn't a TextBox, ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: GUI Thread - Is cross-thread operation really bad?
      ... Yes, it will throw exception when running inside IDE/debugger, but if I ... to WPF which always throws exception. ... control via window messages). ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: windows form control +Active X in IE
      ... The .NET control will not work unless it has the privilege to do so. ... > at System.Activator.CreateComInstanceFrom(String assemblyName, String ... > at System.AppDomain.CreateComInstanceFrom(String assemblyFile, String ...
      (microsoft.public.dotnet.framework.interop)