Adding permissions to predefined permission sets

From: Novice (6tc1ATqlinkDOTqueensuDOTca)
Date: 08/26/04

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: WindowsPrincipal.IsInRole does not reflect recent changes in AD" 
    Date: Thu, 26 Aug 2004 08:41:01 -0700

    Hey all, I've finally had a chance to start experimenting with caspol.exe and
    other things to test the security of .net.

    But I'm having some strange problems - for one I was told that you could go
    into the security policy files and manually edit the XML. However, I have
    tried to give either the intranet and/or the internet permission set the
    ability to write files to my file system with no luck. Please understand it
    isn't that I would actually like this setup on my system - I just want to
    understand how this could be achieved so that I can better understand .net
    security.

    Anyway, I wrote a basic stand-alone application in .net that will attempt to
    write a file to your file system if you press a button. When I first created
    the application I put it on my webserver, loaded the application in IE and
    clicked the button - as expected I received the error (I've only included the
    top portion of the stack trace):
    System.Security.SecurityException: Request for the permission of type
    System.Security.Permissions.FileIOPermission, mscorlib, Version=1.0.5000.0,
    Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.

    Then I tried manually editing the three security config files (enterprise,
    user, and machine) and then added the following tag to both the internet and
    intranet permission sets:

                         <IPermission class="FileIOPermission"
                                      version="1"
                                      Unrestricted="true"/>

    However, this did nothing - even after I did an iisreset, I still get the
    security exception.

    My first question therefore is - is there a way to manually edit these
    security config files to allow internet or intranet applications to write
    files (or any other enhanced privileges)? If there is - what have I done
    wrong?

    My second question is - how can I use the caspol.exe program to let intranet
    or internet applications the permission to write files? I have found the
    following use of the command on the web:
    caspol -cg 1.2 FullTrust

    But the above apparently gives intranet applications full trust - I would
    just like to add the file IO permission or some other specific permission to
    the internet or intranet permission set.

    Thanks for any assistance,
    Novice

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: WindowsPrincipal.IsInRole does not reflect recent changes in AD"
    • Quantcast