RE: Cannot change Code Group's Membership Condition to Strong Name

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 03/06/04


Date: Fri, 05 Mar 2004 23:37:44 GMT

An unrestriced security permission will definatly cover threading and unmanaged code permissions. In regards to your asserting multiple
permissions, what you need to do is combine them into a PermisisonSet, then assert the permission set.

I'm not really sure what's causing the problem in your code, maybe a small sample repro would help to identify the problem.

-Shawn
http://blogs.msdn.com/shawnfa

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>Thread-Topic: Cannot change Code Group's Membership Condition to Strong Name
>thread-index: AcQCJCCZEw9bb3RKRZ6PzX7SgsuppA==
>X-Tomcat-NG: microsoft.public.dotnet.security
>From: =?Utf-8?B?TG93ZWxs?= <theyas@theyas.com>
>References:  <5E252D81-1F8C-4BDA-B89C-AF99DE703D67@microsoft.com> <xwWA8LLAEHA.616@cpmsftngxa06.phx.gbl> <A72801B0-F76B-
4CA2-ADEF-A8729F9D6D34@microsoft.com> <WthjT2YAEHA.3552@cpmsftngxa06.phx.gbl>
>Subject: RE: Cannot change Code Group's Membership Condition to Strong Name
>Date: Thu, 4 Mar 2004 12:06:06 -0800
>Lines: 190
>Message-ID: <DB5CA590-E514-40D5-943B-3C1AC10C6488@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
>	charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.dotnet.security
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:5248
>NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>Shawn,
Thanks for the reply!
I've got a "SecurityPermission(PermisionState.Unrestricted).Assert();" which should take care of both of those.  And the Permissions set up in 
mscorcfg are set that way too.  When I've had other SecurityPermission errors, they were specific about what Permission was missing.  But this 
one is only "Security error."  Any ideas?
(Also, is there a way to combine Asserts of multiple types of Permissions?  The documentation for CodePermission.Assert() says that you only get 
to do one of these in each frame (each method), and danged if that isn't true--you get an Exception on the second Assert() call.)
Thanks,
Lowell
     
     ----- \"Shawn Farkas\" wrote: -----
     
     If you're calling into Excel you'll need unmanaged code permission, and if you're doing much with threads you'll probably need control thread 
     permission.  These are both flags on the SecurityPermission itself (SecurityPermisisonFlag.ControlThread | 
     SecurityPermissionFlag.UnmanagedCode)
     
     -Shawn
     http://blogs.msdn.com/shawnfa
     
     -- 
     
     This posting is provided "AS IS" with no warranties, and confers no rights.
     Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
     originated.  
     --------------------
     >Thread-Topic: Cannot change Code Group's Membership Condition to Strong Name
     >thread-index: AcQBghOxDAn4nLASQDWP0IQIxFnBDA==
     >X-Tomcat-NG: microsoft.public.dotnet.security
     >From: =?Utf-8?B?TG93ZWxs?= <theyas@theyas.com>>References:  <5E252D81-1F8C-4BDA-B89C-AF99DE703D67@microsoft.com>
<xwWA8LLAEHA.616@cpmsftngxa06.phx.gbl>>Subject: RE: Cannot change Code Group's Membership Condition to Strong Name
     >Date: Wed, 3 Mar 2004 16:46:06 -0800
     >Lines: 68
     >Message-ID: <A72801B0-F76B-4CA2-ADEF-A8729F9D6D34@microsoft.com>>MIME-Version: 1.0
     >Content-Type: text/plain;
     >	charset="Utf-8"
     >Content-Transfer-Encoding: 7bit
     >X-Newsreader: Microsoft CDO for Windows 2000
     >Content-Class: urn:content-classes:message
     >Importance: normal
     >Priority: normal
     >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
     >Newsgroups: microsoft.public.dotnet.security
     >Path: cpmsftngxa06.phx.gbl
     >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:5234
     >NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
     >X-Tomcat-NG: microsoft.public.dotnet.security
     >>Thanks Shawn.  That helped!  Now I'm back to my other problem.  My UI object instantiates a "worker" object in another DLL and calls a 
method 
     in it.  The "worker" object instantiates an "Excel Interface" object and calls a method in it.  The last method call fails with a "Security error." and 
the 
     stack trace shows the last method call (from the "Excel Interface" object).  But when I debug and step into or set a breakpoint just inside the 
method 
     itself, I neveractually get inside that method even though the arguments passed to the method are native types (strings, ints and bools).  (Note 
that I 
     can get into the constructor without any trouble, it's just when I try to drill down into that first method that everything stops.)
     
     
     
     In my "worker" object, I've created extra methods so that I can "Assert" all the permissions I think I need.  I'm "Asserting" a 
"ReflectionPermission", 
     a "FileIOPermission", a "SecurityPermission", and a "WebPermission" (I'm reading data from a Webservice).
     
     
     
     Note that when I run the UI object from a Windows EXE object, everything (of course) works just fine.
     
     
     
     Any ideas as to what that "Security Error" might be?  (The try/catch catches a "SecurityException" which has "Security Error" for the "Message", 
the 
     Stack Trace has the method I never get into and and the method with the catch, and blank "PermissionState", "PermissionType" and 
     "PermissionsRefused" properties.)
     
     
     
     TIA
     
          
     
          ----- \"Shawn Farkas\" wrote: -----
     
          
     
          Hi Lowell,
     
          
     
          	I wrote a blog about this topic.  You can find more information here:  
     
          http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx
     
          
     
          -Shawn
     
          http://blogs.msdn.com/shawnfa
     
          
     
          -- 
     
          
     
          This posting is provided "AS IS" with no warranties, and confers no rights.
     
          Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
     
          originated.  
     
          --------------------
     
          >Thread-Topic: Cannot change Code Group's Membership Condition to Strong Name
     
          >thread-index: AcQAEfvtwhx9M+JuTU+b0Q19jJrFcQ==
     
          >X-Tomcat-NG: microsoft.public.dotnet.security
     
          >From: =?Utf-8?B?TG93ZWxs?= <theyas@theyas.com>>Subject: Cannot change Code Group's Membership Condition to Strong Name
     
          >Date: Mon, 1 Mar 2004 20:51:11 -0800
     
          >Lines: 9
     
          >Message-ID: <5E252D81-1F8C-4BDA-B89C-AF99DE703D67@microsoft.com>>MIME-Version: 1.0
     
          >Content-Type: text/plain;
     
          >	charset="Utf-8"
     
          >Content-Transfer-Encoding: 7bit
     
          >X-Newsreader: Microsoft CDO for Windows 2000
     
          >Content-Class: urn:content-classes:message
     
          >Importance: normal
     
          >Priority: normal
     
          >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
     
          >Newsgroups: microsoft.public.dotnet.security
     
          >Path: cpmsftngxa06.phx.gbl
     
          >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:5206
     
          >NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
     
          >X-Tomcat-NG: microsoft.public.dotnet.security
     
          >>I've got a web client DLL that I run through IE using the <Object> tag.  When I define the Membership Condition using a "Site" or a "URL" in 
     
          mscorcfg, it works (well, part way, see previous post).  When I change the Membership condition to a Strong Name, nothing works.  The DLL's 
     UI 
     
          doesn't even come up in the browser.
     
          
     
          
     
          
     
          The structure of the DLLs are as follows:  A "UI.dll", which calls a "Doit.dll", which calls a "Util.dll" and the Excel XP PIA dlls.  My three dlls are 
all 
     
          strong-named from the same keypair.snk file.  The Excel XP PIAs are also strong-named, by Microsoft.  I set up the strong name 
Memebership 
     
          Condition with just the public key (I grabbed the public key by importing from the "UI.dll")
     
          
     
          
     
          
     
          Any ideas how I can get this working or how I can trouble-shoot it?
     
          
     
          
     
          
     
          Thanks!
     
          
     
          
     
          
     
          Lowell
     
          >>
>


Relevant Pages

  • RE: RWW Printer Problems
    ... It is reported that if users does not have enough permission they will be ... Print Jobs May Not be Deleted When Printed by Non- Administrator User ... please refer to the following Microsoft Knowledge Base article ... ensure that the "Enable bidirectional support" option is unchecked. ...
    (microsoft.public.windows.server.sbs)
  • RE: Company Web Kerberos Error
    ... Control permission to ... Microsoft CSS Online Newsgroup Support ... | Thread-Topic: Company Web Kerberos Error ... | When you attempt to go to companyweb, we receive a pop up log in box. ...
    (microsoft.public.windows.server.sbs)
  • RE: File & folder migration problem in Security setting
    ... I understand that you are using FSMT to migrate ... replace the permission of ACLs in the NT domain with new ACLs in the win2k3 ... Microsoft is providing this information as a convenience to you. ... Microsoft Online Partner Support ...
    (microsoft.public.windows.server.migration)
  • Re: "Send as" and SBS Domain Power User
    ... > You can remove the power user from the Account Operator group or deny the ... > permission and it will also impact other permission of power user that ... > Microsoft CSS Online Newsgroup Support ... >>The issue should be caused that the users are members of the 'Domain Power ...
    (microsoft.public.windows.server.sbs)
  • Re: COM Server Permission Error
    ... On the SBS server: ... permissions to the default DCOM permission on the computer. ... Programs that use DCOM do not work correctly after you install Microsoft ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)