Re: Adjusting security setting to run an embedded windows control in IE
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 01/28/04
- Next message: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Previous message: Marina: "Adjusting security setting to run an embedded windows control in IE"
- In reply to: Marina: "Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Crirus: "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jan 2004 09:50:36 -0600
The best way to do this is to give just the assemblies that need Full Trust
that permission.
The reason it doesn't work in your situation is that when IE creates the
AppDomain that it runs your code in, that AppDomain is created based on the
URL which will have some sort of partial trust (unless that URL or the whole
zone has been given Full Trust).
Two things happen after that:
- If your assembly is not marked with the
AllowPartiallyTrustedCallersAttribute, the partially trusted AppDomain that
it is running in will not be able to call it.
- Any code that requires a permission will hit your assembly, where it will
be granted due to your Full Trust, but will likely fail when the stack gets
up to the partially trusted AppDomain since the AppDomain may not have that
permission.
You have basically two options to solve this:
- Make the AppDomain have Full Trust with something like a URL membership
condition. This is the easiest thing to do, but is not very secure,
especially if the URL is not very specific.
- Add the AllowPartiallyTrustedCallersAttribute and use Assert on the
Permissions that you need when you need them to prevent the stack walk into
the containing AppDomain. This is more work, but is vastly more secure and
is the recommended approach.
There have been some good articles on implementing the second approach. I
believe Ivan Medvedev has some good info on his website. You might start
there:
http://www.dotnetthis.com/Articles/WritingForSEE.htm
Joe K.
"Marina" <someone@nospam.com> wrote in message
news:Os5oCLb5DHA.2572@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I am trying to find the minimum security settings to allow a windows
control
> embedded in IE have full trust.
>
> If I give the entire Intranet zone full trust, this works. However, this
is
> very broad and gives the entire zone high privleges.
>
> I tried giving just the assembly full trust (using the full URL for the
> DLL), but this doesn't seem to work.
>
> Any direction in how to accomplish this?
>
>
- Next message: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Previous message: Marina: "Adjusting security setting to run an embedded windows control in IE"
- In reply to: Marina: "Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Crirus: "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
