Re: No touch install throwing FileLoadException Failed to grant required minimum permissions to assembly

From: Nicole Calinoiu (calinoiu)
Date: 01/27/05 

Date: Thu, 27 Jan 2005 07:37:29 -0500

Permview is ok, but Reflector is actually quite a bit more convenient.
Output readability is one obvious issue <g>, but there are some additional
complexities to consider. Developers who bother using assembly-level
permission declarations often tend to use permission checks elsewhere, and
permview won't reveal these. Given the opacity of security exceptions, one
very often must resort to using a decompiler if one wishes to reveal the
minimum permission set required to fulfill these checks.

""Shawn Farkas [MS]"" <shawnfa@online.microsoft.com> wrote in message
news:uoZ1WxyAFHA.2504@cpmsftngxa10.phx.gbl...
> That's actually exactly what's going on here. Joe can do a quick
> refresher
> on assembly level security here:
> http://blogs.msdn.com/shawnfa/archive/2004/08/30/222918.aspx PermView is
> a
> good idea to figure out the declarative demands of the MagicLibrary.
>
> -Shawn
> http://blogs.msdn.com/shawnfa
> --
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> Note:
> For the benefit of the community-at-large, all responses to this message
> are best directed to the newsgroup/thread from which they originated.
> --------------------
>> From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
>> References: <ukYA7zJAFHA.4004@tk2msftngp13.phx.gbl>
>> Subject: Re: No touch install throwing FileLoadException Failed to grant
> required minimum permissions to assembly
>> Date: Mon, 24 Jan 2005 14:56:59 -0500
>> Lines: 52
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>> X-RFC2646: Format=Flowed; Original
>> Message-ID: <OzYEk7kAFHA.1188@tk2msftngp13.phx.gbl>
>> Newsgroups: microsoft.public.dotnet.security
>> NNTP-Posting-Host: modemcable209.143-202-24.mc.videotron.ca
>> 24.202.143.209
>> Path:
> cpmsftngxa10.phx.gbl!TK2MSFTNGXA06.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08
> phx.gbl!tk2msftngp13.phx.gbl
>> Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:8832
>> X-Tomcat-NG: microsoft.public.dotnet.security
>>
>> Joe,
>>
>> From the exception description, it looks like MagicLibrary probably has
> some
>> assembly-level minimum permission requests. To discover which
> permissions
>> are being requested, you could use either permview.exe
>>
> (http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfPermissionsViewTo
> olPermviewexe.asp)
>> or a disassembler like Reflector (http://www.aisto.com/roeder/dotnet/).
>>
>> HTH,
>> Nicole
>>
>>
>>
>> "Joe" <J_no_spam@_no_spam_Fishinbrain.com> wrote in message
>> news:ukYA7zJAFHA.4004@tk2msftngp13.phx.gbl...
>> > My control uses several other controls - MagicLibrary being one of
> them.
>> > If
>> > I change my Internet security to Full Trust everything work fine but
> when
>> > I
>> > just have full trust for my control I get this error.
>> >
>> > These are the permissions I'm requesting I get:
>> > [assembly: FileIOPermission(SecurityAction.RequestOptional,
> Unrestricted =
>> > true)]
>> > [assembly: UIPermission(SecurityAction.RequestOptional, Unrestricted =
>> > true)]
>> > [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution
>> > =
>> > true)]
>> >
>> > Microsoft.IE.SecureFactory:
>> > System.Reflection.TargetInvocationException:
>> > Exception has been thrown by the target of an invocation. --->
>> > System.IO.FileLoadException: Failed to grant required minimum
> permissions
>> > to
>> > assembly 'MagicLibrary, Version=1.7.0.0, Culture=neutral,
>> > PublicKeyToken=3a6eb82f876a49bc'.
>> > File name: 'MagicLibrary, Version=1.7.0.0, Culture=neutral,
>> > PublicKeyToken=3a6eb82f876a49bc' --->
>> > System.Security.Policy.PolicyException: Required permissions can not be
>> > acquired.
>> > at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
>> > PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
>> > PermissionSet& denied, Boolean checkExecutionPermission)
>> > at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
>> > PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
>> > PermissionSet& denied, Int32& grantedIsUnrestricted, Boolean
>> > checkExecutionPermission)
>> > at WebControl.WebControl.InitializeComponent()
>> > at WebControl.WebControl..ctor()
>> >
>> >
>>
>>
>>
>

Relevant Pages

  • Re: Send As from another account
    ... It should be able to send unless there is some permission screw up ... profile; creates new message; choose From: ... I think I have the user log into his account and create a Joe mail profile ... I have give him full access to this mailbox, ...
    (microsoft.public.exchange.admin)
  • Re: use CAS demand or not?
    ... > FileIOPermission, then if the assembly attempts to do File IO, the .NET ... There's really no need to duplicate permission demands in this way. ... consider using assembly-level RequestMinimum permission attributes instead. ... one only makes CAS permission demands in code that makes ...
    (microsoft.public.dotnet.security)
  • Re: Unlock acct permissions
    ... You know Joe I have many Windows books and have read them but unfortunely ... >> group in that OU with permission to unloack accounts. ...
    (microsoft.public.win2000.active_directory)
  • Re: Limiting exe permissions
    ... Assembly-level permission rejections do protect the user. ... permission requests by running permview ... If you only want to change the permission grant for your main EXE, ...
    (microsoft.public.dotnet.security)
  • Re: Validate user permission
    ... Thanks a lot for the reply Joe! ... authenticated user can modify a given attribute (member is the one you are ... which is the only attribute in the Write Members permission ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.security)