Re: Adjusting security setting to run an embedded windows control in IE
From: Marina (someone_at_nospam.com)
Date: 01/28/04
- Next message: Jonas: "Security error when running .NET user control in IE"
- Previous message: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- In reply to: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jan 2004 11:36:53 -0500
Actually, I believe I was able to do this through the .net security
configuration tool.
"Marina" <someone@nospam.com> wrote in message
news:ucKHpdb5DHA.2380@TK2MSFTNGP10.phx.gbl...
> This assembly is not a strongly named one, so I don't think option 2 would
> work.
>
> How does one go about giving an AppDomain full trust by using a URL
> membership condition?
>
> Thanks
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:OUVp7Zb5DHA.2764@TK2MSFTNGP09.phx.gbl...
> > The best way to do this is to give just the assemblies that need Full
> Trust
> > that permission.
> >
> > The reason it doesn't work in your situation is that when IE creates the
> > AppDomain that it runs your code in, that AppDomain is created based on
> the
> > URL which will have some sort of partial trust (unless that URL or the
> whole
> > zone has been given Full Trust).
> >
> > Two things happen after that:
> > - If your assembly is not marked with the
> > AllowPartiallyTrustedCallersAttribute, the partially trusted AppDomain
> that
> > it is running in will not be able to call it.
> > - Any code that requires a permission will hit your assembly, where it
> will
> > be granted due to your Full Trust, but will likely fail when the stack
> gets
> > up to the partially trusted AppDomain since the AppDomain may not have
> that
> > permission.
> >
> > You have basically two options to solve this:
> > - Make the AppDomain have Full Trust with something like a URL
membership
> > condition. This is the easiest thing to do, but is not very secure,
> > especially if the URL is not very specific.
> > - Add the AllowPartiallyTrustedCallersAttribute and use Assert on the
> > Permissions that you need when you need them to prevent the stack walk
> into
> > the containing AppDomain. This is more work, but is vastly more secure
> and
> > is the recommended approach.
> >
> > There have been some good articles on implementing the second approach.
I
> > believe Ivan Medvedev has some good info on his website. You might
start
> > there:
> > http://www.dotnetthis.com/Articles/WritingForSEE.htm
> >
> > Joe K.
> >
> > "Marina" <someone@nospam.com> wrote in message
> > news:Os5oCLb5DHA.2572@TK2MSFTNGP09.phx.gbl...
> > > Hi,
> > >
> > > I am trying to find the minimum security settings to allow a windows
> > control
> > > embedded in IE have full trust.
> > >
> > > If I give the entire Intranet zone full trust, this works. However,
this
> > is
> > > very broad and gives the entire zone high privleges.
> > >
> > > I tried giving just the assembly full trust (using the full URL for
the
> > > DLL), but this doesn't seem to work.
> > >
> > > Any direction in how to accomplish this?
> > >
> > >
> >
> >
>
>
- Next message: Jonas: "Security error when running .NET user control in IE"
- Previous message: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- In reply to: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
