Re: Adjusting security setting to run an embedded windows control in IE
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 01/28/04
- Next message: Shawn Farkas: "RE: Security error when running .NET user control in IE"
- Previous message: Chris Jackson: "Re: ASP & the Registry"
- In reply to: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Crirus: "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jan 2004 12:52:33 -0600
Ok, glad you got it work.
Just so you remember that I said this is the less secure and thus less
preferred option.
Strong naming an assembly is generally quite simple and isn't a bit deal.
The other advantage is that you can easily deploy other assemblies with the
same storng name key later and have them get Full Trust as well.
Joe K.
"Marina" <someone@nospam.com> wrote in message
news:O0wAxzb5DHA.2136@TK2MSFTNGP12.phx.gbl...
> Actually, I believe I was able to do this through the .net security
> configuration tool.
>
> "Marina" <someone@nospam.com> wrote in message
> news:ucKHpdb5DHA.2380@TK2MSFTNGP10.phx.gbl...
> > This assembly is not a strongly named one, so I don't think option 2
would
> > work.
> >
> > How does one go about giving an AppDomain full trust by using a URL
> > membership condition?
> >
> > Thanks
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
wrote
> > in message news:OUVp7Zb5DHA.2764@TK2MSFTNGP09.phx.gbl...
> > > The best way to do this is to give just the assemblies that need Full
> > Trust
> > > that permission.
> > >
> > > The reason it doesn't work in your situation is that when IE creates
the
> > > AppDomain that it runs your code in, that AppDomain is created based
on
> > the
> > > URL which will have some sort of partial trust (unless that URL or the
> > whole
> > > zone has been given Full Trust).
> > >
> > > Two things happen after that:
> > > - If your assembly is not marked with the
> > > AllowPartiallyTrustedCallersAttribute, the partially trusted AppDomain
> > that
> > > it is running in will not be able to call it.
> > > - Any code that requires a permission will hit your assembly, where
it
> > will
> > > be granted due to your Full Trust, but will likely fail when the stack
> > gets
> > > up to the partially trusted AppDomain since the AppDomain may not have
> > that
> > > permission.
> > >
> > > You have basically two options to solve this:
> > > - Make the AppDomain have Full Trust with something like a URL
> membership
> > > condition. This is the easiest thing to do, but is not very secure,
> > > especially if the URL is not very specific.
> > > - Add the AllowPartiallyTrustedCallersAttribute and use Assert on the
> > > Permissions that you need when you need them to prevent the stack walk
> > into
> > > the containing AppDomain. This is more work, but is vastly more
secure
> > and
> > > is the recommended approach.
> > >
> > > There have been some good articles on implementing the second
approach.
> I
> > > believe Ivan Medvedev has some good info on his website. You might
> start
> > > there:
> > > http://www.dotnetthis.com/Articles/WritingForSEE.htm
> > >
> > > Joe K.
> > >
> > > "Marina" <someone@nospam.com> wrote in message
> > > news:Os5oCLb5DHA.2572@TK2MSFTNGP09.phx.gbl...
> > > > Hi,
> > > >
> > > > I am trying to find the minimum security settings to allow a windows
> > > control
> > > > embedded in IE have full trust.
> > > >
> > > > If I give the entire Intranet zone full trust, this works. However,
> this
> > > is
> > > > very broad and gives the entire zone high privleges.
> > > >
> > > > I tried giving just the assembly full trust (using the full URL for
> the
> > > > DLL), but this doesn't seem to work.
> > > >
> > > > Any direction in how to accomplish this?
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Shawn Farkas: "RE: Security error when running .NET user control in IE"
- Previous message: Chris Jackson: "Re: ASP & the Registry"
- In reply to: Marina: "Re: Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Crirus: "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
