CAS, No Touch Deployment and Flags="UnmanagedCode"

From: Greg Robinson (greg_at_cds-am.net)
Date: 12/22/04

• Next message: Scott Leonard: "Re: Security Exception - Winform usercontrol hosted in ASP.NET"
• Previous message: Nicole Calinoiu: "Re: Strange permission issue with a UserControl"
• Next in thread: Shawn Farkas [MS]: "RE: CAS, No Touch Deployment and Flags="UnmanagedCode""
• Reply: Shawn Farkas [MS]: "RE: CAS, No Touch Deployment and Flags="UnmanagedCode""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 22 Dec 2004 11:57:59 -0500

We No Touch Deploy our assemblies from a web server. So, our app runs from
the download cache.

We have a custom URL code group on each machine with FullTrust.

On the web server, our assemblies are stored in a folder called, lets say
"Folder1". The code url condition type points to the web server\Folder1.
The permission set is FullTrust.

All works well.

Today, I created a new web folder, call it "Folder2" and copied all of the
assemlbies in "Folder1" to "Folder2".

I created a new code group, FullTrust, different URL (points to Folder2).

When deploying our assemblies from Folder2, I am getting a CAS exception
inside one of the download assemblies:

The state of the failed permission was:
<IPermission class="System.Security.Permissions.SecurityPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
             version="1"
             Flags="UnmanagedCode"/>

I think this is happening on a p/invoke API call.

My question is why does this work from one web folder and not another, when
they contain the exact same assemblies and the client has FullTrust for both
URLs?

If I
CASPOL -s off

all works fine. So, I know it's a CAS issue, but why?

---

• Next message: Scott Leonard: "Re: Security Exception - Winform usercontrol hosted in ASP.NET"
• Previous message: Nicole Calinoiu: "Re: Strange permission issue with a UserControl"
• Next in thread: Shawn Farkas [MS]: "RE: CAS, No Touch Deployment and Flags="UnmanagedCode""
• Reply: Shawn Farkas [MS]: "RE: CAS, No Touch Deployment and Flags="UnmanagedCode""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: No touch deployment ... @rem whenever Caspol.exe is run using an option that would cause policy ... @rem - machine - specifies adding the new code group at machine policy ... > which he clicks OK to trust my assemblies. ... > Dim strFormTOLoad As String ... (microsoft.public.dotnet.framework.setup) Re: CAS, Hosting in Internet Explorer ... my assembly get Fulltrust. ... that behavior is expected, 'cause IE executes assemblies ... >> If I give FullTrust to the Intranet Code Group, ... (microsoft.public.dotnet.security) Re: Altering .NET Security policy across domain ... caspol.exe to create a code group, but it can also be done using the .NET ... permissions you grant the signed assemblies. ... >>> all machines in the domain. ... (microsoft.public.dotnet.security) Re: problem with strong name CAS ... the strong name I used for the other assemblies in the application. ... > created a small stub app which is installed on the client pc. ... I created a code group under the Machine ... The code group is granted FullTrust permissions and its ... (microsoft.public.dotnet.security) Re: dotnet security exception issues ... Your best option in this case would be to strong name your assemblies ... Or create a new code group with a higher trust ... and add your assemblies to that code group. ... Those security features are for your ... (microsoft.public.dotnet.languages.vb)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2004-12