Re: Href/Exe and Async SWE 2.0SP1 CAS Security error

From: Nicole Calinoiu (calinoiu)
Date: 10/18/04 

Date: Mon, 18 Oct 2004 07:56:21 -0400

According to your "yes", the code already is fully trusted. However, that
doesn't necessarily mean that no stack walk modifiers have been applied when
any given method is invoked. Could you please provide the full details for
the inner SecurityException, including its call stack listing?

"Morten Lyhr" <MortenLyhr@discussions.microsoft.com> wrote in message
news:875E476B-688D-49B5-91AF-BB903888D5E5@microsoft.com...
> Yes.
>
> It's only when when the Call is from a async callback method, that it
> fails.
> I guess it is because the delegate creates a new thread - and for some
> reason
> that thread is not fully trusted? Perhaps because its not created from my
> signed assembly - but mscorelib creates it?
>
> So how can I make all delegates/thread/events that my signed assembly uses
> fully trusted?
>
> "Nicole Calinoiu" wrote:
>
>> Placing the demand call inside your Main method won't work since the
>> stack
>> walk will only evaluate the callers, and there's won't be any in the Main
>> method. If you put the full trust evaluation code in a separate method
>> that
>> you can call from within the Main method, does it still indicate that the
>> assembly is fully trusted?
>>
>>
>>
>>
>> "Morten Lyhr" <Morten Lyhr@discussions.microsoft.com> wrote in message
>> news:A97026ED-5F22-4EC5-9410-CB78254C1844@microsoft.com...
>> >I have a SmartClient (Windows Forms) application that uses a WSE2.0SP1
>> > WebService.
>> >
>> > The SmartClient exe and dll's are signed with a strong name. The Client
>> > maschines have a modified Policy, that grants Full Trust to any
>> > assembly
>> > signed with the key.
>> >
>> > Any Sync Calls to the WebService works fine - any async calls does
>> > not!!!
>> >
>> > If I Insert the follow code in my Main method, it passes - so I know I
>> > have
>> > Full Trust.
>> >
>> > System.Security.PermissionSet fullTrust = new
>> > System.Security.NamedPermissionSet("FullTrust");
>> > try
>> > {
>> > fullTrust.Demand();
>> > }
>> > catch (Exception ex)
>> > {
>> > MessageBox.Show("not fully trusted");
>> > }
>> >
>> >
>> > If I insert the code in the Async callback delegate:
>> >
>> > private void FillTreeViewUnspsc(IAsyncResult ar)
>> > {
>> > ....
>> > }
>> >
>> > It fails!!!
>> >
>> > I can see that the calls are not on the same thread since,
>> > System.Threading.Thread.CurrentThread.IsBackground returns false for
>> > the
>> > Main
>> > and true for the callback delegate.
>> >
>> > How can I modify my code so that any background threads gain the same
>> > permission set(Full Trust) as the Main Thread ????
>> >
>> >
>> > The exception I get is the following:
>> >
>> > {"There is an error in XML document (1, 471)." }
>> > [System.InvalidOperationException]:
>> > {System.InvalidOperationException}
>> > System.Object: {System.InvalidOperationException}
>> > _className: null
>> > _COMPlusExceptionCode: -532459699
>> > _exceptionMethod: <undefined value>
>> > _exceptionMethodString: null
>> > _helpURL: null
>> > _HResult: -2146233079
>> > _innerException: {"One or more assemblies referenced by the
>> > XmlSerializer cannot be called from partially trusted code." }
>> > _message: "There is an error in XML document (1, 471)."
>> > _remoteStackIndex: 0
>> > _remoteStackTraceString: null
>> > _source: null
>> > _stackTrace: {System.Array}
>> > _stackTraceString: null
>> > _xcode: -532459699
>> > _xptrs: 0
>> > HelpLink: null
>> > HResult: -2146233079
>> > InnerException: {"One or more assemblies referenced by the
>> > XmlSerializer
>> > cannot be called from partially trusted code." }
>> > Message: "There is an error in XML document (1, 471)."
>> > Source: "System.Xml"
>> > StackTrace: " at
>> > System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader,
>> > String encodingStyle, XmlDeserializationEvents events)\r\n at
>> > System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader,
>> > XmlDeserializationEvents events)\r\n at
>> > System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
>> > xmlReader)\r\n
>> > at
>> > System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage
>> > message, WebResponse response, Stream responseStream, Boolean
>> > asyncCall)\r\n
>> > at
>> > System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult
>> > asyncResult)\r\n at
>> > ********************.EndFillWithItems(IAsyncResult
>> > asyncResult, Int32& totalPages) in
>> > C:\\*****************************\\Reference.cs:line 60\r\n at
>> > ******************.MainForm.FillTreeViewUnspsc(IAs
>> > yncResult ar) in c:\\*******************\\mainform.cs:line 965"
>> > TargetSite: <error: an exception of type:
>> > {System.Security.SecurityException} occurred>
>> >
>>
>>
>>

Relevant Pages

  • RE: Regarding Alephs "Smashing the Stack for fun and Profit"
    ... One major reason is that on newer ... Regarding Aleph's "Smashing the Stack for fun and Profit" ... machine code came on board, etc. Aleph One's ...
    (Security-Basics)
  • Re: HPGCC related ...
    ... I hate it when it gets there as well and for that reason I have never ... conversation two months ago or so discussing scanf or the keyboard ... On the calculator, you already have plenty of tools for getting input ... built into the OS - primarily the stack. ...
    (comp.sys.hp48)
  • Re: Inconsistent derivation for generic collections
    ... which means you obviously don't know the reason the ... it's safe for them to implement that interface. ... LinkedList, Stack, and Queue generically other than as an ICollection, ...
    (microsoft.public.dotnet.framework)
  • Re: why this program is not crashing
    ... >> ...there's no reason to assume that this is true in the general case. ... Already your first assumption that things are stored on a stack ... but already changing the compiler options could ...
    (comp.lang.c)
  • Re: WSOP ME - Satellite vs. buying in
    ... sense if for some reason you KNOW your opponents (specifically, ... In the hand I described (short stack jam, big stack jam, ... there's absolutely no reason for him to play a hand for more ... you should be approaching it from what the SHORTSTACK has. ...
    (rec.gambling.poker)