Re: how can I run .net logon script application
From: amos hchmon (amoshchmon_at_discussions.microsoft.com)
Date: 07/11/05
- Next message: Nicole Calinoiu: "Re: how can I run .net logon script application"
- Previous message: Marinus Holkema: "RE: Need some help with secure deployment please"
- In reply to: Nicole Calinoiu: "Re: how can I run .net logon script application"
- Next in thread: Nicole Calinoiu: "Re: how can I run .net logon script application"
- Reply: Nicole Calinoiu: "Re: how can I run .net logon script application"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Jul 2005 05:37:02 -0700
That is the details:
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text **************
System.Security.SecurityException: Security error.
at WindowsApplication2.Form1.Form1_Load(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ContainerControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg,
IntPtr wparam, IntPtr lparam)
************** Loaded Assemblies **************
mscorlib
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.573
CodeBase:
file:///c:/windows/microsoft.net/framework/v1.1.4322/mscorlib.dll
----------------------------------------
System
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.573
CodeBase:
file:///c:/windows/assembly/gac/system/1.0.5000.0__b77a5c561934e089/system.dll
----------------------------------------
System.Drawing
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.573
CodeBase:
file:///c:/windows/assembly/gac/system.drawing/1.0.5000.0__b03f5f7f11d50a3a/system.drawing.dll
----------------------------------------
WindowsApplication2
Assembly Version: 1.0.2010.25183
Win32 Version: 1.0.2010.25183
CodeBase: file://mocdc1/netlogon/Debug/WindowsApplication2.exe
----------------------------------------
System.Windows.Forms
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.573
CodeBase:
file:///c:/windows/assembly/gac/system.windows.forms/1.0.5000.0__b77a5c561934e089/system.windows.forms.dll
----------------------------------------
System.Xml
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.573
CodeBase:
file:///c:/windows/assembly/gac/system.xml/1.0.5000.0__b77a5c561934e089/system.xml.dll
----------------------------------------
Interop.ActiveDs
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file://mocdc1/netlogon/Debug/Interop.ActiveDs.DLL
----------------------------------------
System.DirectoryServices
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.573
CodeBase:
file:///c:/windows/assembly/gac/system.directoryservices/1.0.5000.0__b03f5f7f11d50a3a/system.directoryservices.dll
----------------------------------------
************** JIT Debugging **************
To enable just in time (JIT) debugging, the config file for this
application or machine (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.
For example:
<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>
When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the machine
rather than being handled by this dialog.
"Nicole Calinoiu" wrote:
> "amos hchmon" <amoshchmon@discussions.microsoft.com> wrote in message
> news:696CCD4C-0122-437B-924B-07B690792503@microsoft.com...
> >
> > The security error is:
> > /*the application attempted to perform an opertion not allowed by the
> > security policy.The opertion required the securityexcepion.Yo grant this
> > application the required permission please contact your system
> > administrator,or use the microsoft .net security policy administration
> > tool.*/
>
> A PolicyException can be addressed by adjusting the CAS policy. However,
> before doing so, it's generally necessary to determine which permission is
> missing. The full exception details (as returned by its ToString method)
> might allow me to figure out what the missing permission in this case may
> be.
>
>
> > if this exception is not enough i will send you more details latter
>
> Please do.
>
>
> > (I'm not in my work now).
> > it dosen't work when launched locally by a non admin,in the local host the
> > exception refer to the JIT/CLR exception.
>
> It sounds like it might be necessary for the user to have at least some
> permissions not granted to non-admin users, but I can't be sure without the
> exception details. Please provide these as well, if possible.
>
>
> > also, I repeat my question does this problem has any connection to CAS?
>
> The PolicyException does, but the other exception seen when a non-admin run
> the application locally probably does not.
>
>
> > if yes can you tell me how i create a strong name.
>
> See http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx for
> instructions on both signing your assembly and adding a code group based on
> your strong name to your local CAS policy. For some options on deploying
> your CAS policy changes, see
> http://msdn.microsoft.com/library/en-us/dnnetsec/html/entsecpoladmin.asp.
> For obvious reasons, deployment should be planned in conjunction with your
> network administrator.
>
>
>
> > The security context for the user is domain users .I am not intersted to
> > change the policy for the user,
>
> You cannot compensate for a lack of user privileges by elevating CAS
> permissions. In order for managed code to run, both the user and the code
> must have sufficient privileges. If domain users do not have sufficient
> Windows permissions to run your code (which still isn't certain), you will
> need to either alter your application to not require the elevated
> permissions, elevate the user permissions, or run in a different user
> context.
>
>
> > maybe there is option to give for the
> > application permission in the Security Policy Administration Tool, to
> > running
> > in the client.
>
> Sorry, but I don't understand what you mean by this.
>
>
> >
> > thanks Nicole.
> >
> >
> > "Nicole Calinoiu" wrote:
> >
> >> Might you be able to provide the full exception details as returned by
> >> the
> >> exceptions's ToString method? If not, could you please provide at least
> >> the
> >> type of exception and the exception message?
> >>
> >> Also, you mentioned that it doesn't work when launched by a domain user
> >> over
> >> the network. Does it work when launched locally by a non-admin? If not,
> >> is
> >> the same exception returned as when it's run over the network?
> >>
> >>
> >> "amos hchmon" <amoshchmon@discussions.microsoft.com> wrote in message
> >> news:E081C376-8990-4EA1-A162-51BC52C43BAF@microsoft.com...
> >> >I have windows application that execute a logon script in the client
> >> >from
> >> >the
> >> > server under shere network(in the netlogon directory or in GPO /windows
> >> > setting/logon) when the users enter the LAN.
> >> > my application get attribute from the ACTIVE DIRECTORY to present for
> >> > the
> >> > user his name and department, when I am running the application from
> >> > my
> >> > computer the application works excellent ,but when its running from the
> >> > server in
> >> > the client that his permisstion under domin user I get error about
> >> > security .
> >> > what can i do to solve the problem without gives privilege to the user?
> >> > and
> >> > where i find in the msdn library material about this problem?
> >> > i asking that question in the asdi.general and joe kaplan refer me
> >> > under
> >> > this subject.
> >> > now i know that there is link to CAS that means that I can give
> >> > privilege
> >> > only to code but yet I don't know how and where?
> >> >
> >> >
> >> >
> >>
> >>
> >>
>
>
>
- Next message: Nicole Calinoiu: "Re: how can I run .net logon script application"
- Previous message: Marinus Holkema: "RE: Need some help with secure deployment please"
- In reply to: Nicole Calinoiu: "Re: how can I run .net logon script application"
- Next in thread: Nicole Calinoiu: "Re: how can I run .net logon script application"
- Reply: Nicole Calinoiu: "Re: how can I run .net logon script application"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
