Re: full trus and 1.1 SP1

• Previous message: AndrewEames: "Re: full trus and 1.1 SP1"
• In reply to: AndrewEames: "Re: full trus and 1.1 SP1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Mar 2005 11:52:25 -0500

Unless you have other policy changes that need to be preserved, it might be
a good idea to reset your CAS policy to default settings in order to start
from a "clean" configuration. To do this, launch the ".NET Framework 1.1
Configuration" MSC, right-click on the "Runtime Security Policy" node, then
select the "Reset All..." option from the shortcut menu. Before you perform
the reset, you may want to back up your existing policy files in case there
are other changes that should be conserved (or at least reproduced after the
reset). For the locations of the configuration files, see
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconsecurityconfigurationfiles.asp.

BTW, it may be useful to keep in mind that it's possible to instruct the
.NET runtime to omit verification of execution permission (e.g.: caspol -e
off) when launching code. If this option is in effect, it's reasonable to
expect that an assembly with supposedly no permissions would be able to
execute until it encounters a (link)demand for any code access permission.
To verify whether the option to skip execution skipping is enabled, you can
run caspol -l (the option status will be displayed at the start of the
output), or read the value of the
System.Security.SecurityManager.CheckExecutionRights property from managed
code.

HTH,
Nicole

"AndrewEames" <AndrewEames@discussions.microsoft.com> wrote in message
news:7D0024C3-035A-40E3-B983-C6F71B193160@microsoft.com...
> OK - I have a few different things going on here which appear to be
> confusing
> me.
>
> I definitely had the scenario described below where I had executed some
> code
> but later got a security exception saying I didnt have execute permission.
> This was pretty weird and I can't reprodce this in a simple app
>
> I then realised that in the past I had trusted this assembly in various
> ways
> through the "trust my assembly wizard" It took me a little while to figure
> out how to undo this - eventually I realized I had to delete the
> codegroups
> the wizard had generated - Wizard_0, Wizard_1, etc.
>
> I then discovered what looks like a bug to me - after removing the wizard
> generated code groups, change the machine level security policy - these
> wizard generated security groups magically reappear! (You have to close
> and
> then reopen the 1.1 .Net framework configuration wizard applet to see
> this)
>
> So once I realised this was happening, I changed my machine level security
> to medium trust and then deleted my magically recreated codegroups. Now in
> this state, my test application behaves as I would expect and I can
> successfully check for full trust. However, my real application won't
> launch
> and I get the exception
>
> An unhandled exception of type 'System.Security.SecurityException'
> occurred
> in Unknown Module.
>
> Additional information: Request for the permission of type
> System.Security.Permissions.SecurityPermission, mscorlib,
> Version=1.0.5000.0,
> Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
>
> Why might this be?
>
> Hope some of this makes sense :)
> Anrew
>
> "Nicole Calinoiu" wrote:
>
>> "AndrewEames" <AndrewEames@discussions.microsoft.com> wrote in message
>> news:B5DEB5D5-E5DB-4D4F-9F22-31AE8438A147@microsoft.com...
>> >I just applied 1.1 SP1 and I am seeing some changes in behavior wrt.
>> >security
>> >
>> > If I set my security level to no trust, my .NET application will now
>> > actualy
>> > execute until Application.Run (previously, it wouldn't even start up
>> > without
>> > execute permission)
>>
>> This seems rather unlikely. It might be a good idea to confirm whether
>> your
>> application is truly being granted no permissions at all
>> (http://support.microsoft.com/kb/815170/EN-US/). If it really isn't
>> being
>> granted SecurityPermission\Execution, could you please post short but
>> complete sample code (http://www.yoda.arachsys.com/csharp/complete.html)
>> for
>> an application that demonstrates this?
>>
>>
>> > So great I thought - I can put up a friendly dialog for my users if I
>> > dont
>> > have full trust. so I added the following code
>> >
>> > PermissionSet fullTrust = new
>> > PermissionSet(PermissionState.Unrestricted);
>> > try
>> > {
>> > fullTrust.Demand();
>> > }
>> > catch(SecurityException)
>> > {
>> >
>> > However, this demand succeeds even if I am running under no trust - why
>> > is
>> > this?
>>
>> Probably because the demand applies only to callers, but not to the
>> method
>> in which it is used. Try moving the demand into a separate method called
>> from within your Main method.
>>
>>
>> > Thanks
>> > Andrew
>> >
>> >
>>
>>
>>

• Previous message: AndrewEames: "Re: full trus and 1.1 SP1"
• In reply to: AndrewEames: "Re: full trus and 1.1 SP1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]