Re: Adjusting security setting to run an embedded windows control in IE
From: Crirus (Crirus_at_datagroup.ro)
Date: 01/30/04
- Previous message: Speedo Goo: "How to I configure the security settings of a "on-the-net" assembly?"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jan 2004 09:53:25 +0200
This is the scenario:
Clinet open the browser, access my server, receive a client app, embedded in
IE that start running. Now, the client app need webPermission to connect
back to the same server and request some data...
My question is if this is allowed, I see no reason why I cant request data
from my own server with my own client application... Any java applet can do
that
Java only restrict the acces to server on the same port 80 from where it was
first downloaded
I'm kinda lost in the woods with this permissions...
So, do the client need to set some permisions? The permission I need is
WebPermission but i'm not sure how it works...
--
Cheers,
Crirus
------------------------------
If work were a good thing, the boss would take it all from you
------------------------------
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:uL%23ooJq5DHA.3308@TK2MSFTNGP11.phx.gbl...
> Assuming that the code will not execute given the permissions it is
getting
> in the zone it is running in, I'm pretty sure you aren't going to get this
> to work without changing some kind of security permissions on the client.
>
> The reason is that if that code isn't granted the permission to do what it
> needs to do, there is no way for the code to get around that. .NET
security
> policy is administered on the local machine. The idea is that the
> administrator gets to decide which resources get which permissions. Then,
> code is allowed to execute automatically with the permissions it is given.
> This is very different from the downloadable ActiveX control model which
> asks the user for permission to install and run and then can do anything
the
> user has permissions to do on their machine.
>
> Are you sure you can't make adjustments to the client machine security
> policy? Are you sure the permission you need isn't already granted to the
> zone that the code executes in?
>
> Joe K.
>
> "Crirus" <Crirus@datagroup.ro> wrote in message
> news:eCh%23IUm5DHA.2560@TK2MSFTNGP09.phx.gbl...
> > I have a application, embedded in IE (html assambly).
> > That aplication need to connect back to the server in order to get some
> > data.
> > What are conditions to succeed without requesting any special
permissions
> > from client? As an applet do it....
> > Should I connect back to the server only using port 80?
> > Right now the client app is serverd by Apache and connection back is
tryed
> > to another aplication on port 9500
> >
> > Changing security permission by the client is not an option
> >
> > --
> > Cheers,
> > Crirus
> >
> > ------------------------------
> > If work were a good thing, the boss would take it all from you
> >
> > ------------------------------
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
wrote
> > in message news:OUVp7Zb5DHA.2764@TK2MSFTNGP09.phx.gbl...
> > > The best way to do this is to give just the assemblies that need Full
> > Trust
> > > that permission.
> > >
> > > The reason it doesn't work in your situation is that when IE creates
the
> > > AppDomain that it runs your code in, that AppDomain is created based
on
> > the
> > > URL which will have some sort of partial trust (unless that URL or the
> > whole
> > > zone has been given Full Trust).
> > >
> > > Two things happen after that:
> > > - If your assembly is not marked with the
> > > AllowPartiallyTrustedCallersAttribute, the partially trusted AppDomain
> > that
> > > it is running in will not be able to call it.
> > > - Any code that requires a permission will hit your assembly, where
it
> > will
> > > be granted due to your Full Trust, but will likely fail when the stack
> > gets
> > > up to the partially trusted AppDomain since the AppDomain may not have
> > that
> > > permission.
> > >
> > > You have basically two options to solve this:
> > > - Make the AppDomain have Full Trust with something like a URL
> membership
> > > condition. This is the easiest thing to do, but is not very secure,
> > > especially if the URL is not very specific.
> > > - Add the AllowPartiallyTrustedCallersAttribute and use Assert on the
> > > Permissions that you need when you need them to prevent the stack walk
> > into
> > > the containing AppDomain. This is more work, but is vastly more
secure
> > and
> > > is the recommended approach.
> > >
> > > There have been some good articles on implementing the second
approach.
> I
> > > believe Ivan Medvedev has some good info on his website. You might
> start
> > > there:
> > > http://www.dotnetthis.com/Articles/WritingForSEE.htm
> > >
> > > Joe K.
> > >
> > > "Marina" <someone@nospam.com> wrote in message
> > > news:Os5oCLb5DHA.2572@TK2MSFTNGP09.phx.gbl...
> > > > Hi,
> > > >
> > > > I am trying to find the minimum security settings to allow a windows
> > > control
> > > > embedded in IE have full trust.
> > > >
> > > > If I give the entire Intranet zone full trust, this works. However,
> this
> > > is
> > > > very broad and gives the entire zone high privleges.
> > > >
> > > > I tried giving just the assembly full trust (using the full URL for
> the
> > > > DLL), but this doesn't seem to work.
> > > >
> > > > Any direction in how to accomplish this?
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Previous message: Speedo Goo: "How to I configure the security settings of a "on-the-net" assembly?"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Adjusting security setting to run an embedded windows control in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
