Re: Determine what security permissions are needed

From: Nicole Calinoiu (calinoiu)
Date: 01/21/05 

Date: Fri, 21 Jan 2005 10:13:30 -0500

It might help if you could post the log results here...

"Joe" <J_no_spam@_no_spam_Fishinbrain.com> wrote in message
news:uhdmUs8$EHA.3924@TK2MSFTNGP15.phx.gbl...
>I don't know how to determine what types of permissions it is. I know the
> Inheritance is due to the CreateParams.
>
> I'm getting a book on .Net Security today to help me learn more about
> this.
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:OSn#DK7$EHA.2880@TK2MSFTNGP14.phx.gbl...
>> What types of permission are being requested by the inheritance and link
>> demands?
>>
>>
>> "Joe" <J_no_spam@_no_spam_Fishinbrain.com> wrote in message
>> news:uqvlmM3$EHA.824@TK2MSFTNGP11.phx.gbl...
>> > Thanks. The log shows an InheritenceDemand error which is being caused
> by
>> > the CreateParams override. If I comment that out I get a LinkDemand
> error.
>> >
>> > How can I resolve these? I looked at the help and it just tells me that
> I
>> > need the permissions for the InheritenceDemand but I don't know how to
>> > specify it.
>> >
>> > Thanks again,
>> > Joe
>> >
>> > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
> message
>> > news:OXYFDkw$EHA.2196@TK2MSFTNGP14.phx.gbl...
>> >> Joe,
>> >>
>> >> It sounds like it probably is a CAS permissions issue. However, you
> may
>> >> want to verify this using the steps outlined at
>> >> http://dotnetjunkies.com/WebLog/mlevison/archive/2004/08/28/23568.aspx.
>> >>
>> >> If you want to isolate the minimum permission set for your control, I
>> > would
>> >> recommend testing it in a Windows Forms application so that you can
>> > exclude
>> >> the complicating factor of the constraints imposed by the IE host. If
>> >> you
>> >> set up the hosting app to have FullTrust and allow partially trusted
>> > callers
>> >> into your control library assembly (using
>> >> AllowPartiallyTrustedCallersAttribute), you will be able to set up a
>> > variety
>> >> of tests to establish the minimum permission set required by your
>> >> control.
>> >> Probably the simplest way to do this is to ensure that your control
>> > assembly
>> >> is granted full trust via policy, then declare a minimum permission
>> >> set
>> >> within the assembly. As security exceptions are raised in your tests,
>> >> you
>> >> would then add a request for the missing permission to the request
> list.
>> >> For more information on this approach, see
>> >>
>> >
> http://groups-beta.google.com/group/microsoft.public.dotnet.security/browse_frm/thread/5fe7af6010cf7800/f6fae0d4c2b7de5f.
>> >>
>> >> HTH,
>> >> Nicole
>> >>
>> >>
>> >>
>> >> "Joe" <J_no_spam@_no_spam_Fishinbrain.com> wrote in message
>> >> news:uPJUvTv$EHA.1400@TK2MSFTNGP11.phx.gbl...
>> >> > Is there a utility to test an assembly for security issues? I have a
>> >> > Winforms user control which I'm hosting in an ASP.NET application.
>> >> > On
>> > some
>> >> > machines the assembly doesn't load when I override the CreateParams
>> >> > method.
>> >> > Also, if I add a chart control to this control it doesn't load.
>> >> >
>> >> > There's no exception being thrown but I'm guessing it has something
> to
>> > do
>> >> > with security.
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>

Relevant Pages

  • Re: ADAM And ACLs
    ... The ACLs for the OU which is the parent of the object below are: ... Effective Permissions on this object are: ... SPECIAL ACCESS ... for the naming context and is usually present by inheritance, ...
    (microsoft.public.windows.server.active_directory)
  • Re: NTFS inherited permissions bug on W2K
    ... NTFS inherited permissions bug on W2K ... >> Inheritance has always been present in NT. ... >actually copied to the inherited objects' ACLs). ...
    (NT-Bugtraq)
  • Re: Permissions resetting in Blocked Inheritance OUs
    ... If the ACL that is on the AdminSDHolder object is ... Delegated permissions are not available and inheritance is automatically ... "You do not have sufficient permissions in the Domain" error message occurs ... This user account is in an OU that has Blocked ...
    (microsoft.public.windows.server.active_directory)
  • Re: Permissions resetting in Blocked Inheritance OUs
    ... If the ACL that is on the AdminSDHolder object is ... Delegated permissions are not available and inheritance is automatically ... "You do not have sufficient permissions in the Domain" error message occurs ... This user account is in an OU that has Blocked ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD User Objects & Permission Inheritance
    ... I went ahead and granted the Account Operators built in group rights on the adminSDholder object according to what I want the OU admins to have. ... I went ahead and enabled inheritance on the> adminSDholder object to verify that this indeed was the cause and 60> minutes ... > later all user objects began to inherit permissions again. ...
    (microsoft.public.win2000.active_directory)
Quantcast