Re: All permissions all access ! .NET drives me crazy

From: Eugene V. Bobukh [MS] (eugenebo_at_online.microsoft.com)
Date: 10/15/03


Date: Tue, 14 Oct 2003 15:54:17 -0700

Unfortunately, this is expected. There is NO manipulation a program can perform to get more permissions than it is granted by the environemnt. Otherwise, it would not get any point to introduce the Security, right?

So to solve the problem, you have one of two big choices:

a) If possible, to redesign everything in such a way that restricted functionality is enought for code to execute [e.g., use IsolatedStorage instead of File IO if you need to store data; see more tips in http://blogs.gotdotnet.com/ivanmed/default.aspx?date=2003-09-05T00:00:00].

b) If you certainly need something above, there is no other way as to configure the client policy in a proper way. Actually, this could be done easily by creating a simple .msi deployment package only once on your machine [in mscorcfg.msc] and then just asking clients who wish to run your code to apply it, just as if they install a program.

Couple of words on the samples below as they are misunderstood quite often. Demand() does not grant you the permission. It just checks if you have it, and if not, throws the SecurityException. RequestMinumun verifies that the progam is granted according permission from the very start. If not, it fails to execute, just as you see below.

-- 
Eugene V. Bobukh
This message is provided "AS IS" with no warranties, and confers no rights. Any opinions or policies stated within it are my own and do not necessarily constitute those of my employer.
----
"lobrys" <PUTAINlobrysDE@SPAMfreeDE.MERDE.fr> wrote in message news:Onh$eJmkDHA.3316@TK2MSFTNGP11.phx.gbl...
> hi
> 
> I build a VB .NET application that makes file access, environnemet acess,
> database access, etc....
> If I ran the app locally, everything works....(normal)
> 
> If I copy the app on a server, and execute it, everything works until a
> file/environnement/database access !.....
> 
> I just want that my app may run in every machine!
> I dont want to use client app like caspol.exe or mscorcfg.msc...(because I
> dont want to execute them in every computer!)
> 
> I found information on FileIOPermission, EnvirronementPermissionAttribute,
> ....
> for exemple : <Assembly: FileIOPermission(SecurityAction.RequestMinimum,
> Unrestricted:=True)>
> but nothing works (the program ask me for a debug)
> 
> 
> I also found this code :
> 
> Dim fp As EnvironmentPermission
> Try
>     fp = New EnvironmentPermission(PermissionState.Unrestricted)
>     fp.Demand()
> Catch e1 As Exception
>         MessageBox.Show(e1.Message)
> End Try
> 
> BUT nothing works!
> I have something like :
> System.Security.Permissions.FileIOPermission, mscorlib,
> Version=1.0.3300.0, Culture=neutral,     PublicKeyToken=b77a5c561934e089
> failed.
> 
> 
> I dont have found info on configuration files such as security.conf or
> machine.conf...
> Is it possible to resolve my problem with that?
> 
> 
> so, my friends, you are my last chance....
> What I must do?
> 
> thanks for your futur response
> 
> lobrys
> 
> 
> 
> 
>