Re: Possible security error loading an Xsl?
From: Nicole Calinoiu (calinoiu)
Date: 05/14/05
- Next message: christian.benien_at_gmail.com: "PasswordDeriveBytes in .NET 2.0 Beta"
- Previous message: Valery Pryamikov: "Re: How to protect data in executable file?"
- In reply to: Ed Murphy: "Possible security error loading an Xsl?"
- Next in thread: Ed Murphy: "Re: Possible security error loading an Xsl?"
- Reply: Ed Murphy: "Re: Possible security error loading an Xsl?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 14 May 2005 08:47:09 -0400
This doesn't seem to be related to CAS permissions at all. Instead, it
would appear to be a consequence of how the zone is being evaluated for the
specified path on Windows 2003. Only URIs for files in the internet and
trusted sites zones result in the code path that includes Site.CreateFromUrl
being evaluated. However, it would appear that a mapped drive path ends up
being evaluated as falling in one of those zones on Windows 2003, but not
on Windows XP. One obvious workaround for the problem would be to use a
local copy of the XSL file.
HTH,
Nicole
"Ed Murphy" <Ed Murphy@discussions.microsoft.com> wrote in message
news:D25466C0-4402-4724-AD40-EF3A743C9D5D@microsoft.com...
> Hi,
>
> I've run into a problem that may be security related that I haven't been
> able to find a whole lot of information on and I'm hoping someone might
> recognize it enough to give me some pointers.
>
> I've got the following code:
>
> XslTransform myTransform = new XslTransform();
> myTransform.Load(@"M:\MyData\MyTransform.xsl");
>
> When the call to the Load routine executes, I get a system
> ArgumentException with the description "Invalid Site".
>
> Here's the stack trace:
> at System.Security.Util.SiteString.CreateSeparatedSite(String site)
> at System.Security.Util.SiteString..ctor(String site)
> at System.Security.Policy.Site.ParseSiteFromUrl(String name)
> at System.Security.Policy.Site.CreateFromUrl(String url)
> at System.Xml.XmlSecureResolver.CreateEvidenceForUrl(String
> securityUrl)
> at System.Xml.Xsl.XslTransform.Load(String url, XmlResolver resolver)
> at System.Xml.Xsl.XslTransform.Load(String url)
> ...
>
> I haven't been able to find much information on CreateSeparatedSite and
> what I've been able to find on ParseSiteFromUrl doesn't really tell me
> much. The XSL file is there and teh XSL code is correct (it's been used
> in other instances with no problems.) This is the first time this code
> has been tested on this particular laptop running Windows 2003 server,
> but it's been run on that platform (and other) Windows boxes elsewhere
> and not received this error.
>
> Could this be a system setting under security? In order to test this
> code, I did have to create a FullTrust Runtime Security policy for the
> URL file://M:/* under the .NET configuration for Runtime Security
> Policy > Machine > Code Groups > All_Code. Might there be some other
> entry I have to make?
>
> Got a headache from banging my head against this one, so any help is
> MUCH appreciated.
>
> Regards,
> Ed
- Next message: christian.benien_at_gmail.com: "PasswordDeriveBytes in .NET 2.0 Beta"
- Previous message: Valery Pryamikov: "Re: How to protect data in executable file?"
- In reply to: Ed Murphy: "Possible security error loading an Xsl?"
- Next in thread: Ed Murphy: "Re: Possible security error loading an Xsl?"
- Reply: Ed Murphy: "Re: Possible security error loading an Xsl?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
