Re: security exception for aspx page

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/23/04


Date: Tue, 23 Nov 2004 13:58:27 -0600

I'm sorry, but I don't have a sample. However, you might want to check out
some of the blogs by the CAS gurus such as Nicole Calinoiu, Shawn Farkas and
Peter Torr.

I actually think you'll be better off if you get the vendor to update their
code as writing a wrapper would be a lot of work if the control is at all
complex and would make it hard for you to upgrade.

Best of luck,

Joe K.

"GoCMS" <GoCMS@discussions.microsoft.com> wrote in message
news:9E137F19-979C-48FE-8674-60A64BD27600@microsoft.com...
> Is there any article or example of how to do write the wrapper. I'm just a
> newbie in terms of security. Thanks!
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> You can't just inherit, you have wrap. The reason is that you must
>> manually
>> assert each permission that their code demands in order to block the
>> stack
>> walk. If their code demands a lot of permissions, this will be a pain.
>>
>> Essentially, you just create a permission object of the same type that is
>> being demanded by the code lower down and call the Assert method before
>> calling the method that causes their demand. Your assert will then block
>> their demand. Make sure you call RevertAssert when you are done.
>>
>> HTH,
>>
>> Joe K.
>>
>> "GoCMS" <GoCMS@discussions.microsoft.com> wrote in message
>> news:06345205-3035-47A3-B37B-07CF5298990D@microsoft.com...
>> > About the second approach, I wrote a class that inherits the 3rd party
>> > control, or just a class that delegates the functions to 3rd party
>> > control
>> > functions. I also add APTCA attribute and put both of the assemblies
>> > ( my
>> > wrapper and 3rd party one) into GAC. It still fails at the same place.
>> > What
>> > did I miss? ( Note: replace with my assembly doesn't eliminate the
>> > reference
>> > to the 3rd party control).
>> > Thanks a bunch!
>> >
>> >
>> > "Joe Kaplan (MVP - ADSI)" wrote:
>> >
>> >> Contact the vendor?
>> >>
>> >> Alternately, if it is strong named, you could put it in the GAC, then
>> >> write
>> >> a wrapper assembly that does have APTCA on it that talks to the
>> >> control.
>> >> Then, your code would talk to your wrapper which is also in the GAC,
>> >> and
>> >> thus would have full trust.
>> >>
>> >> Obviously, the first option is much less work :)
>> >>
>> >> Or, give up on partial trust for web development. That's what most of
>> >> us
>> >> do.
>> >>
>> >> Joe K.
>> >>
>> >> "GoCMS" <GoCMS@discussions.microsoft.com> wrote in message
>> >> news:5E9C8325-1F83-47C1-A332-DFAFFA98E8D8@microsoft.com...
>> >> > Thanks again! That's exactly what happens. The assembly provided
>> >> > doesn't
>> >> > have
>> >> > APTCA. That is a bad news. Even if I don't use it as a share point
>> >> > Web
>> >> > Part,
>> >> > I'm going to have trouble for any web application with trust level
>> >> > not
>> >> > set
>> >> > to
>> >> > "Full". But on the other hand, I don't want to lowever security
>> >> > level
>> >> > just
>> >> > to
>> >> > use 3rd party DLL. What to do?
>> >> > "Joe Kaplan (MVP - ADSI)" wrote:
>> >> >
>> >> >> The easiest way would be with Reflector or ILDasm. In reflector,
>> >> >> you
>> >> >> just
>> >> >> load up the assembly and click on it. Then, hit space to reverse
>> >> >> compile.
>> >> >> You should see all the attributes at the assembly level in the
>> >> >> decompilation. If APTCA is set, it will be in there.
>> >> >>
>> >> >> If it isn't set, you are going to have trouble using that control
>> >> >> in
>> >> >> SharePoint.
>> >> >>
>> >> >> Joe K.
>> >> >>
>> >> >> "GoCMS" <GoCMS@discussions.microsoft.com> wrote in message
>> >> >> news:2CF2A027-EA49-4A45-8FAB-DC25F97DFAE2@microsoft.com...
>> >> >> > Hi, Joe:
>> >> >> > Thanks a lot for your help. You were right, when you said it
>> >> >> > should
>> >> >> > give
>> >> >> > you the specific permission, I began to doubt it wasn't the
>> >> >> > problem
>> >> >> > of
>> >> >> > authenticateAsUser("adminUser"...)! I again narrowed it down,
>> >> >> > and
>> >> >> > came
>> >> >> > to
>> >> >> > third-party control, called Obout tree view.
>> >> >> > Before you read along, I want to ask if the third-party provided
>> >> >> > assembly
>> >> >> > doesn't set APTCA (AllowPartiallyTrustedCallersAttribute), is it
>> >> >> > true
>> >> >> > that
>> >> >> > we
>> >> >> > can't get away with partially trusted web application? How to
>> >> >> > find
>> >> >> > out
>> >> >> > if
>> >> >> > their assembly doesn't set APTCA?
>> >> >> >
>> >> >> > See the exception below, it throws exception at Line 49,
>> >> >> > DisplayPage
>> >> >> > function. I made it very short and simple like
>> >> >> > private void DisplayPage()
>> >> >> > {
>> >> >> > oTree = new obout_ASPTreeView_2_NET.Tree();
>> >> >> > oTree.FolderIcons = "/TreeIcons/Icons";
>> >> >> > oTree.FolderStyle = "/TreeIcons/Styles/Win2003";
>> >> >> > oTree.ShowIcons = true;
>> >> >> > oTree.SelectedEnable = false;
>> >> >> > }
>> >> >> > Exception Info.....
>> >> >> > ***********************************************************
>> >> >> > Description: The application attempted to perform an operation
>> >> >> > not
>> >> >> > allowed
>> >> >> > by the security policy. To grant this application the required
>> >> >> > permission
>> >> >> > please contact your system administrator or change the
>> >> >> > application's
>> >> >> > trust
>> >> >> > level in the configuration file.
>> >> >> >
>> >> >> > Exception Details: System.Security.SecurityException: Security
>> >> >> > error.
>> >> >> > Source Error:
>> >> >> > Line 47: RebuildXMLFile();
>> >> >> > Line 48:
>> >> >> > Line 49: DisplayPage();
>> >> >> > Line 50:
>> >> >> > Line 51: RegisterButton.Attributes.Add("onClick",
>> >> >> > "ob_t2send();");
>> >> >> > Source File: d:\inetpub\wwwroot\MyProject\MyFile.aspx.cs Line:
>> >> >> > 49
>> >> >> > Stack Trace:
>> >> >> > [SecurityException: Security error.]
>> >> >> > MyNamespace.MyProject.MyFile.DisplayPage() +0
>> >> >> > MyNamespace.MyProject.MyFile.Page_Load(Object sender, EventArgs
>> >> >> > e)
>> >> >> > in
>> >> >> > d:\inetpub\wwwroot\MyProject\MyFile.aspx.cs:49
>> >> >> > System.Web.UI.Control.OnLoad(EventArgs e) +67
>> >> >> > System.Web.UI.Control.LoadRecursive() +35
>> >> >> > System.Web.UI.Page.ProcessRequestMain() +2112
>> >> >> > System.Web.UI.Page.ProcessRequest() +218
>> >> >> > System.Web.UI.Page.ProcessRequest(HttpContext context) +18
>> >> >> >
>> >> >> > System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
>> >> >> > +179
>> >> >> > System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
>> >> >> > Boolean&
>> >> >> > completedSynchronously) +87
>> >> >> > **********************************************************
>> >> >> >
>> >> >> > "Joe Kaplan (MVP - ADSI)" wrote:
>> >> >> >
>> >> >> >> I'm not sure about how CMS works with CAS, but if a security
>> >> >> >> exception
>> >> >> >> is
>> >> >> >> being thrown, then there should be an indication of what the
>> >> >> >> permission
>> >> >> >> requirement is. Otherwise, try to get us more details. You
>> >> >> >> might
>> >> >> >> also
>> >> >> >> try
>> >> >> >> asking in one of the CMS groups.
>> >> >> >>
>> >> >> >> Joe K.
>> >> >> >>
>> >> >> >> "GoCMS" <GoCMS@discussions.microsoft.com> wrote in message
>> >> >> >> news:765F2C4F-2578-4EDE-AB88-334376CF08BF@microsoft.com...
>> >> >> >> > Forget about my previous post, I passed it.
>> >> >> >> > Now I came to the REAL problem, it's actually complained when
>> >> >> >> > I
>> >> >> >> > used
>> >> >> >> > a
>> >> >> >> > function from Microsoft.ContentManagement.Publishing.dll
>> >> >> >> > CmsApplicationContext.AuthenticateAsUser(
>> >> >> >> > "admin_user_for_CMS_site","password",PublishingMode.Published);
>> >> >> >> >
>> >> >> >> > I'm actually not sure what kind of permission it needs. It's
>> >> >> >> > not
>> >> >> >> > even
>> >> >> >> > part
>> >> >> >> > of standard .net library.
>> >> >> >> > Sorry for the confusion, I came a long way to get rid of all
>> >> >> >> > my
>> >> >> >> > invalid
>> >> >> >> > suspicion...
>> >> >> >> >
>> >> >> >> > "GoCMS" wrote:
>> >> >> >> >
>> >> >> >> >> Thanks again for your help. I guess it's me who lacks such
>> >> >> >> >> security
>> >> >> >> >> knowledge.
>> >> >> >> >> In my Wss_MediumTrust.config file, ( just regard it as any
>> >> >> >> >> customized
>> >> >> >> >> policy
>> >> >> >> >> file)
>> >> >> >> >> I have:
>> >> >> >> >> <PermissionSet
>> >> >> >> >> class="NamedPermissionSet"
>> >> >> >> >> version="1"
>> >> >> >> >> Name="ASP.Net">
>> >> >> >> >> <IPermission
>> >> >> >> >> class="FileIOPermission"
>> >> >> >> >> version="1"
>> >> >> >> >> Read="$AppDir$"
>> >> >> >> >> Write="$AppDir$"
>> >> >> >> >> Append="$AppDir$"
>> >> >> >> >> PathDiscovery="$AppDir$"
>> >> >> >> >> />
>> >> >> >> >> </PermissionSet>
>> >> >> >> >> What I really want, besides the alove, is the the
>> >> >> >> >> read/write/delete
>> >> >> >> >> priviledge for a particular file, say
>> >> >> >> >> c:\inetpub\wwwroot\shared\My_File.txt.
>> >> >> >> >>
>> >> >> >> >> Thanks!
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> "Joe Kaplan (MVP - ADSI)" wrote:
>> >> >> >> >>
>> >> >> >> >> > So, it is a FileIOPermission that isn't being granted? In
>> >> >> >> >> > that
>> >> >> >> >> > case,
>> >> >> >> >> > you
>> >> >> >> >> > need to make sure that the permission set you have grants
>> >> >> >> >> > that
>> >> >> >> >> > required
>> >> >> >> >> > access. You would need to look at what you are being
>> >> >> >> >> > granted
>> >> >> >> >> > in
>> >> >> >> >> > the
>> >> >> >> >> > policy
>> >> >> >> >> > and modify that. I'm not exactly sure where that is
>> >> >> >> >> > configured
>> >> >> >> >> > in
>> >> >> >> >> > SharePoint though. Sorry I'm not too helpful here. Can
>> >> >> >> >> > you
>> >> >> >> >> > show
>> >> >> >> >> > any
>> >> >> >> >> > more
>> >> >> >> >> > info about the FileIOPermission that isn't being granted?
>> >> >> >> >> >
>> >> >> >> >> > The other option would be to peform the privileged
>> >> >> >> >> > operation
>> >> >> >> >> > from
>> >> >> >> >> > an
>> >> >> >> >> > assembly that has higher permissions and Assert the
>> >> >> >> >> > required
>> >> >> >> >> > permissions to
>> >> >> >> >> > avoid the stack trace.
>> >> >> >> >> >
>> >> >> >> >> > Joe K.
>> >> >> >> >> >
>> >> >> >> >> > "GoCMS" <GoCMS@discussions.microsoft.com> wrote in message
>> >> >> >> >> > news:65DAE916-21D7-42C5-86D0-78A4478416A1@microsoft.com...
>> >> >> >> >> > > Thanks! It turns out, I guess, it's not a problem of
>> >> >> >> >> > > calling
>> >> >> >> >> > > 3rd
>> >> >> >> >> > > party
>> >> >> >> >> > > dll (
>> >> >> >> >> > > or I haven't reached there). According to the stack
>> >> >> >> >> > > trace,
>> >> >> >> >> > > it
>> >> >> >> >> > > fails
>> >> >> >> >> > > where
>> >> >> >> >> > > I
>> >> >> >> >> > > tried to write to a file. So I guess I don't have the
>> >> >> >> >> > > access
>> >> >> >> >> > > to
>> >> >> >> >> > > the
>> >> >> >> >> > > file
>> >> >> >> >> > > outside of virtual directory.
>> >> >> >> >> > > So... how to grant unrestricted access to a specific
>> >> >> >> >> > > file
>> >> >> >> >> > > or
>> >> >> >> >> > > directory in
>> >> >> >> >> > > the Wss_MediumTrust.config file? For my case, I didn't
>> >> >> >> >> > > put
>> >> >> >> >> > > my
>> >> >> >> >> > > code
>> >> >> >> >> > > into an
>> >> >> >> >> > > assembly, all my files are just aspx pages under
>> >> >> >> >> > > inetput\wwwroot\My_Application directory.
>> >> >> >> >> > >
>> >> >> >> >> > > Many thanks!!
>> >> >> >> >> > >
>> >> >> >> >> > > "Joe Kaplan (MVP - ADSI)" wrote:
>> >> >> >> >> > >
>> >> >> >> >> > >> Well, the first thing to do is to try to figure out what
>> >> >> >> >> > >> the
>> >> >> >> >> > >> actual
>> >> >> >> >> > >> permission that is being demanded is. Then, you have a
>> >> >> >> >> > >> few
>> >> >> >> >> > >> options:
>> >> >> >> >> > >>
>> >> >> >> >> > >> - Modify policy to allow that permission to be granted
>> >> >> >> >> > >> - Modify the assembly in the GAC to Assert that
>> >> >> >> >> > >> permission
>> >> >> >> >> > >> before
>> >> >> >> >> > >> the
>> >> >> >> >> > >> demand is called so that the stack walk is stopped
>> >> >> >> >> > >> (note,
>> >> >> >> >> > >> potential
>> >> >> >> >> > >> security
>> >> >> >> >> > >> risk here)
>> >> >> >> >> > >> - Create your own assembly that goes in the GAC that
>> >> >> >> >> > >> wraps
>> >> >> >> >> > >> their
>> >> >> >> >> > >> assembly
>> >> >> >> >> > >> and does the above mentioned Assert. Note the same
>> >> >> >> >> > >> security
>> >> >> >> >> > >> risk
>> >> >> >> >> > >>
>> >> >> >> >> > >> You might want to find some articles on CAS so that you
>> >> >> >> >> > >> get
>> >> >> >> >> > >> a
>> >> >> >> >> > >> better
>> >> >> >> >> > >> feel
>> >> >> >> >> > >> for what I'm talking about here as it can be somewhat
>> >> >> >> >> > >> confusing
>> >> >> >> >> > >> until you
>> >> >> >> >> > >> get the hang of it.
>> >> >> >> >> > >>
>> >> >> >> >> > >> If you can find out what the actual permission that was
>> >> >> >> >> > >> demanded
>> >> >> >> >> > >> was
>> >> >> >> >> > >> and
>> >> >> >> >> > >> what the stack trace for the exception was, that would
>> >> >> >> >> > >> be
>> >> >> >> >> > >> very
>> >> >> >> >> > >> helpful
>> >> >> >> >> > >> for
>> >> >> >> >> > >> us to know.
>> >> >> >> >> > >>
>> >> >> >> >> > >> Joe K.
>> >> >> >> >> > >>
>> >> >> >> >> > >>
>> >> >> >> >> > >> "GoCMS" <GoCMS@discussions.microsoft.com> wrote in
>> >> >> >> >> > >> message
>> >> >> >> >> > >> news:6B2A6B2B-4507-455D-BCE8-9C11897357BF@microsoft.com...
>> >> >> >> >> > >> > Since I'm rather new on ASP.net or share point web
>> >> >> >> >> > >> > part
>> >> >> >> >> > >> > security,
>> >> >> >> >> > >> > I
>> >> >> >> >> > >> > wonder
>> >> >> >> >> > >> > what will be the standard steps( & configuration
>> >> >> >> >> > >> > entries)
>> >> >> >> >> > >> > to
>> >> >> >> >> > >> > make
>> >> >> >> >> > >> > third
>> >> >> >> >> > >> > party
>> >> >> >> >> > >> > DLL accessible. The articles I'm reading on internet
>> >> >> >> >> > >> > only
>> >> >> >> >> > >> > addresses
>> >> >> >> >> > >> > cases
>> >> >> >> >> > >> > when user put their own developed ASP.NET assemblies
>> >> >> >> >> > >> > into
>> >> >> >> >> > >> > GAC.
>> >> >> >> >> > >> > Thanks a lot.
>> >> >> >> >> > >> >
>> >> >> >> >> > >> > "Joe Kaplan (MVP - ADSI)" wrote:
>> >> >> >> >> > >> >
>> >> >> >> >> > >> >> Are you sure the third party DLL isn't allowing a
>> >> >> >> >> > >> >> full
>> >> >> >> >> > >> >> demand
>> >> >> >> >> > >> >> for
>> >> >> >> >> > >> >> a
>> >> >> >> >> > >> >> permission to go up the stack? Just because it is in
>> >> >> >> >> > >> >> the
>> >> >> >> >> > >> >> GAC
>> >> >> >> >> > >> >> and
>> >> >> >> >> > >> >> it
>> >> >> >> >> > >> >> has
>> >> >> >> >> > >> >> Full Trust doesn't mean that some code it is using
>> >> >> >> >> > >> >> won't
>> >> >> >> >> > >> >> trigger
>> >> >> >> >> > >> >> a
>> >> >> >> >> > >> >> Demand
>> >> >> >> >> > >> >> that results in a full stack walk which would then
>> >> >> >> >> > >> >> fail
>> >> >> >> >> > >> >> in
>> >> >> >> >> > >> >> your
>> >> >> >> >> > >> >> code
>> >> >> >> >> > >> >> which
>> >> >> >> >> > >> >> is partially trusted.
>> >> >> >> >> > >> >>
>> >> >> >> >> > >> >> Without knowing more details on the exception, it
>> >> >> >> >> > >> >> would
>> >> >> >> >> > >> >> be
>> >> >> >> >> > >> >> hard
>> >> >> >> >> > >> >> to
>> >> >> >> >> > >> >> know
>> >> >> >> >> > >> >> exactly what the problem is, but I suspect it is
>> >> >> >> >> > >> >> something
>> >> >> >> >> > >> >> along
>> >> >> >> >> > >> >> those
>> >> >> >> >> > >> >> lines.
>> >> >> >> >> > >> >>
>> >> >> >> >> > >> >> Joe K.
>> >> >> >> >> > >> >>
>> >> >> >> >> > >> >> "GoCMS" <GoCMS@discussions.microsoft.com> wrote in
>> >> >> >> >> > >> >> message
>> >> >> >> >> > >> >> news:095F0E58-0588-4CF3-A520-BF9FB72A6F08@microsoft.com...
>> >> >> >> >> > >> >> > The message is not detailed enough though, as
>> >> >> >> >> > >> >> > follows:
>> >> >> >> >> > >> >> >
>> >> >> >> >> > >> >> > Security Exception Description: The application
>> >> >> >> >> > >> >> > attempted
>> >> >> >> >> > >> >> > to
>> >> >> >> >> > >> >> > perform
>> >> >> >> >> > >> >> > an
>> >> >> >> >> > >> >> > operation not allowed by the security policy. To
>> >> >> >> >> > >> >> > grant
>> >> >> >> >> > >> >> > this application the required permission please
>> >> >> >> >> > >> >> > contact
>> >> >> >> >> > >> >> > your system administrator or change the
>> >> >> >> >> > >> >> > application's
>> >> >> >> >> > >> >> > trust level in the configuration file.
>> >> >> >> >> > >> >> >
>> >> >> >> >> > >> >> > Exception Details:
>> >> >> >> >> > >> >> > System.Security.SecurityException:Security
>> >> >> >> >> > >> >> > Error
>> >> >> >> >> > >> >> >
>> >> >> >> >> > >> >> >
>> >> >> >> >> > >> >> > "Nicole Calinoiu" wrote:
>> >> >> >> >> > >> >> >
>> >> >> >> >> > >> >> >> What is the exception message or, even better, its
>> >> >> >> >> > >> >> >> full
>> >> >> >> >> > >> >> >> details (as
>> >> >> >> >> > >> >> >> returned
>> >> >> >> >> > >> >> >> by its ToString method)?
>> >> >> >> >> > >> >> >>
>> >> >> >> >> > >> >> >>
>> >> >> >> >> > >> >> >> "GoCMS" <GoCMS@discussions.microsoft.com> wrote in
>> >> >> >> >> > >> >> >> message
>> >> >> >> >> > >> >> >> news:3DBB444B-3A4A-419D-A61A-8E281CBE1CA3@microsoft.com...
>> >> >> >> >> > >> >> >> > hi, there:
>> >> >> >> >> > >> >> >> > I was developing a new page for a web part
>> >> >> >> >> > >> >> >> > project.
>> >> >> >> >> > >> >> >> > My
>> >> >> >> >> > >> >> >> > page
>> >> >> >> >> > >> >> >> > keeps
>> >> >> >> >> > >> >> >> > on
>> >> >> >> >> > >> >> >> > getting security exception whereas other pages
>> >> >> >> >> > >> >> >> > in
>> >> >> >> >> > >> >> >> > the
>> >> >> >> >> > >> >> >> > same
>> >> >> >> >> > >> >> >> > project
>> >> >> >> >> > >> >> >> > don't.
>> >> >> >> >> > >> >> >> > I
>> >> >> >> >> > >> >> >> > set the security level to be WSS_MediumTrust
>> >> >> >> >> > >> >> >> > level.
>> >> >> >> >> > >> >> >> > I
>> >> >> >> >> > >> >> >> > wasn't
>> >> >> >> >> > >> >> >> > using
>> >> >> >> >> > >> >> >> > any
>> >> >> >> >> > >> >> >> > database connection, but I was using a third
>> >> >> >> >> > >> >> >> > party
>> >> >> >> >> > >> >> >> > DLL(
>> >> >> >> >> > >> >> >> > which is
>> >> >> >> >> > >> >> >> > already
>> >> >> >> >> > >> >> >> > signed and put into GAC).
>> >> >> >> >> > >> >> >> >
>> >> >> >> >> > >> >> >> > I add the third party assembly into the project
>> >> >> >> >> > >> >> >> > web.config.
>> >> >> >> >> > >> >> >> > I also add the following section into
>> >> >> >> >> > >> >> >> > WSS_MediumTrust.config
>> >> >> >> >> > >> >> >> > file.
>> >> >> >> >> > >> >> >> > <CodeGroup class="UnionCodeGroup" version="1"
>> >> >> >> >> > >> >> >> > PermissionSetName="FullTrust">
>> >> >> >> >> > >> >> >> > <IMembershipCondition
>> >> >> >> >> > >> >> >> > class="StrongNameMembershipCondition"
>> >> >> >> >> > >> >> >> > version="1" PublicKeyBlob="public key for
>> >> >> >> >> > >> >> >> > 3rd
>> >> >> >> >> > >> >> >> > party
>> >> >> >> >> > >> >> >> > assembly"/>
>> >> >> >> >> > >> >> >> > </CodeGroup>
>> >> >> >> >> > >> >> >> >
>> >> >> >> >> > >> >> >> > Any other ideas? Thanks a LOT!
>> >> >> >> >> > >> >> >> >
>> >> >> >> >> > >> >> >> >
>> >> >> >> >> > >> >> >> >
>> >> >> >> >> > >> >> >>
>> >> >> >> >> > >> >> >>
>> >> >> >> >> > >> >> >>
>> >> >> >> >> > >> >>
>> >> >> >> >> > >> >>
>> >> >> >> >> > >> >>
>> >> >> >> >> > >>
>> >> >> >> >> > >>
>> >> >> >> >> > >>
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>



Relevant Pages

  • about permissions
    ... Assert vs Demand ... With assert, the immediate caller must have permission to ...
    (microsoft.public.cert.exam.mcad)
  • Re: security exception for aspx page
    ... > assert each permission that their code demands in order to block the stack ... > being demanded by the code lower down and call the Assert method before ... > calling the method that causes their demand. ...
    (microsoft.public.dotnet.security)
  • about permissions
    ... Assert method: Declares that the calling code can access ... the resource protected by a permission demand through the ... The immediate caller is required to have been granted the ...
    (microsoft.public.dotnet.languages.vb)
  • about permissions
    ... Assert method: Declares that the calling code can access ... the resource protected by a permission demand through the ... The immediate caller is required to have been granted the ...
    (microsoft.public.cert.exam.mcad)
  • Re: CodeAccessPermission.Demand() vs Assert()
    ... they should just add the permission to assert there along with whatever they ... assert), because stack frames above might not have the permission. ... > that this AppDomain boundary will only resolve to Internet permissions". ... > From this I assume my Demand() will fail. ...
    (microsoft.public.dotnet.security)