Re: how can I run .net logon script application

From: amos hchmon (amoshchmon_at_discussions.microsoft.com)
Date: 07/11/05


Date: Mon, 11 Jul 2005 05:37:02 -0700

That is the details:

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.Security.SecurityException: Security error.
   at WindowsApplication2.Form1.Form1_Load(Object sender, EventArgs e)
   at System.Windows.Forms.Form.OnLoad(EventArgs e)
   at System.Windows.Forms.Form.OnCreateControl()
   at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
   at System.Windows.Forms.Control.CreateControl()
   at System.Windows.Forms.Control.WmShowWindow(Message& m)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
   at System.Windows.Forms.ContainerControl.WndProc(Message& m)
   at System.Windows.Forms.Form.WmShowWindow(Message& m)
   at System.Windows.Forms.Form.WndProc(Message& m)
   at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
   at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg,
IntPtr wparam, IntPtr lparam)

************** Loaded Assemblies **************
mscorlib
    Assembly Version: 1.0.5000.0
    Win32 Version: 1.1.4322.573
    CodeBase:
file:///c:/windows/microsoft.net/framework/v1.1.4322/mscorlib.dll
----------------------------------------
System
    Assembly Version: 1.0.5000.0
    Win32 Version: 1.1.4322.573
    CodeBase:
file:///c:/windows/assembly/gac/system/1.0.5000.0__b77a5c561934e089/system.dll
----------------------------------------
System.Drawing
    Assembly Version: 1.0.5000.0
    Win32 Version: 1.1.4322.573
    CodeBase:
file:///c:/windows/assembly/gac/system.drawing/1.0.5000.0__b03f5f7f11d50a3a/system.drawing.dll
----------------------------------------
WindowsApplication2
    Assembly Version: 1.0.2010.25183
    Win32 Version: 1.0.2010.25183
    CodeBase: file://mocdc1/netlogon/Debug/WindowsApplication2.exe
----------------------------------------
System.Windows.Forms
    Assembly Version: 1.0.5000.0
    Win32 Version: 1.1.4322.573
    CodeBase:
file:///c:/windows/assembly/gac/system.windows.forms/1.0.5000.0__b77a5c561934e089/system.windows.forms.dll
----------------------------------------
System.Xml
    Assembly Version: 1.0.5000.0
    Win32 Version: 1.1.4322.573
    CodeBase:
file:///c:/windows/assembly/gac/system.xml/1.0.5000.0__b77a5c561934e089/system.xml.dll
----------------------------------------
Interop.ActiveDs
    Assembly Version: 1.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file://mocdc1/netlogon/Debug/Interop.ActiveDs.DLL
----------------------------------------
System.DirectoryServices
    Assembly Version: 1.0.5000.0
    Win32 Version: 1.1.4322.573
    CodeBase:
file:///c:/windows/assembly/gac/system.directoryservices/1.0.5000.0__b03f5f7f11d50a3a/system.directoryservices.dll
----------------------------------------

************** JIT Debugging **************
To enable just in time (JIT) debugging, the config file for this
application or machine (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the machine
rather than being handled by this dialog.

"Nicole Calinoiu" wrote:

> "amos hchmon" <amoshchmon@discussions.microsoft.com> wrote in message
> news:696CCD4C-0122-437B-924B-07B690792503@microsoft.com...
> >
> > The security error is:
> > /*the application attempted to perform an opertion not allowed by the
> > security policy.The opertion required the securityexcepion.Yo grant this
> > application the required permission please contact your system
> > administrator,or use the microsoft .net security policy administration
> > tool.*/
>
> A PolicyException can be addressed by adjusting the CAS policy. However,
> before doing so, it's generally necessary to determine which permission is
> missing. The full exception details (as returned by its ToString method)
> might allow me to figure out what the missing permission in this case may
> be.
>
>
> > if this exception is not enough i will send you more details latter
>
> Please do.
>
>
> > (I'm not in my work now).
> > it dosen't work when launched locally by a non admin,in the local host the
> > exception refer to the JIT/CLR exception.
>
> It sounds like it might be necessary for the user to have at least some
> permissions not granted to non-admin users, but I can't be sure without the
> exception details. Please provide these as well, if possible.
>
>
> > also, I repeat my question does this problem has any connection to CAS?
>
> The PolicyException does, but the other exception seen when a non-admin run
> the application locally probably does not.
>
>
> > if yes can you tell me how i create a strong name.
>
> See http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx for
> instructions on both signing your assembly and adding a code group based on
> your strong name to your local CAS policy. For some options on deploying
> your CAS policy changes, see
> http://msdn.microsoft.com/library/en-us/dnnetsec/html/entsecpoladmin.asp.
> For obvious reasons, deployment should be planned in conjunction with your
> network administrator.
>
>
>
> > The security context for the user is domain users .I am not intersted to
> > change the policy for the user,
>
> You cannot compensate for a lack of user privileges by elevating CAS
> permissions. In order for managed code to run, both the user and the code
> must have sufficient privileges. If domain users do not have sufficient
> Windows permissions to run your code (which still isn't certain), you will
> need to either alter your application to not require the elevated
> permissions, elevate the user permissions, or run in a different user
> context.
>
>
> > maybe there is option to give for the
> > application permission in the Security Policy Administration Tool, to
> > running
> > in the client.
>
> Sorry, but I don't understand what you mean by this.
>
>
> >
> > thanks Nicole.
> >
> >
> > "Nicole Calinoiu" wrote:
> >
> >> Might you be able to provide the full exception details as returned by
> >> the
> >> exceptions's ToString method? If not, could you please provide at least
> >> the
> >> type of exception and the exception message?
> >>
> >> Also, you mentioned that it doesn't work when launched by a domain user
> >> over
> >> the network. Does it work when launched locally by a non-admin? If not,
> >> is
> >> the same exception returned as when it's run over the network?
> >>
> >>
> >> "amos hchmon" <amoshchmon@discussions.microsoft.com> wrote in message
> >> news:E081C376-8990-4EA1-A162-51BC52C43BAF@microsoft.com...
> >> >I have windows application that execute a logon script in the client
> >> >from
> >> >the
> >> > server under shere network(in the netlogon directory or in GPO /windows
> >> > setting/logon) when the users enter the LAN.
> >> > my application get attribute from the ACTIVE DIRECTORY to present for
> >> > the
> >> > user his name and department, when I am running the application from
> >> > my
> >> > computer the application works excellent ,but when its running from the
> >> > server in
> >> > the client that his permisstion under domin user I get error about
> >> > security .
> >> > what can i do to solve the problem without gives privilege to the user?
> >> > and
> >> > where i find in the msdn library material about this problem?
> >> > i asking that question in the asdi.general and joe kaplan refer me
> >> > under
> >> > this subject.
> >> > now i know that there is link to CAS that means that I can give
> >> > privilege
> >> > only to code but yet I don't know how and where?
> >> >
> >> >
> >> >
> >>
> >>
> >>
>
>
>



Relevant Pages

  • Security violation when trying to bring up help
    ... permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 ... Win32 Version: 1.1.4322.573 ... CodeBase: ... To enable just in time debugging, ...
    (microsoft.public.dotnet.framework.windowsforms)
  • Re: media Center Extender Errors (Cont)
    ... Win32 Version: 6.1.2715.2716.051020-1902) ... To enable just in time debugging, ... connect to media Center, but media cneter will not actually start ... problem I'm having now is the MCX1 account not being able to log in. ...
    (microsoft.public.windows.mediacenter)
  • Re: Object reference not set to an instance
    ... Win32 Version: 2.0.50727.42 ... CodeBase: ... To enable just-in-time debugging, ... When JIT debugging is enabled, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Object reference not set to an instance of an object
    ... The last student built an application called ICE ACCRETION using Micr ... Win32 Version: 2.0.50727.42 ... To enable just-in-time debugging, ... When JIT debugging is enabled, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Object reference not set to an instance
    ... Win32 Version: 2.0.50727.42 ... CodeBase: ... To enable just-in-time debugging, ... When JIT debugging is enabled, ...
    (microsoft.public.dotnet.languages.csharp)