Re: Adjusting security setting to run an embedded windows control in IE
From: Marina (someone_at_nospam.com)
Date: 01/28/04
- Next message: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jan 2004 10:57:17 -0500
This assembly is not a strongly named one, so I don't think option 2 would
work.
How does one go about giving an AppDomain full trust by using a URL
membership condition?
Thanks
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OUVp7Zb5DHA.2764@TK2MSFTNGP09.phx.gbl...
> The best way to do this is to give just the assemblies that need Full
Trust
> that permission.
>
> The reason it doesn't work in your situation is that when IE creates the
> AppDomain that it runs your code in, that AppDomain is created based on
the
> URL which will have some sort of partial trust (unless that URL or the
whole
> zone has been given Full Trust).
>
> Two things happen after that:
> - If your assembly is not marked with the
> AllowPartiallyTrustedCallersAttribute, the partially trusted AppDomain
that
> it is running in will not be able to call it.
> - Any code that requires a permission will hit your assembly, where it
will
> be granted due to your Full Trust, but will likely fail when the stack
gets
> up to the partially trusted AppDomain since the AppDomain may not have
that
> permission.
>
> You have basically two options to solve this:
> - Make the AppDomain have Full Trust with something like a URL membership
> condition. This is the easiest thing to do, but is not very secure,
> especially if the URL is not very specific.
> - Add the AllowPartiallyTrustedCallersAttribute and use Assert on the
> Permissions that you need when you need them to prevent the stack walk
into
> the containing AppDomain. This is more work, but is vastly more secure
and
> is the recommended approach.
>
> There have been some good articles on implementing the second approach. I
> believe Ivan Medvedev has some good info on his website. You might start
> there:
> http://www.dotnetthis.com/Articles/WritingForSEE.htm
>
> Joe K.
>
> "Marina" <someone@nospam.com> wrote in message
> news:Os5oCLb5DHA.2572@TK2MSFTNGP09.phx.gbl...
> > Hi,
> >
> > I am trying to find the minimum security settings to allow a windows
> control
> > embedded in IE have full trust.
> >
> > If I give the entire Intranet zone full trust, this works. However, this
> is
> > very broad and gives the entire zone high privleges.
> >
> > I tried giving just the assembly full trust (using the full URL for the
> > DLL), but this doesn't seem to work.
> >
> > Any direction in how to accomplish this?
> >
> >
>
>
- Next message: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
