Re: how can I run .net logon script application

From: Nicole Calinoiu (calinoiu)
Date: 07/11/05


Date: Mon, 11 Jul 2005 08:59:14 -0400

What about the other exception? (BTW, could you please provide the error
description shown at the top of the error dialog as well?)

"amos hchmon" <amoshchmon@discussions.microsoft.com> wrote in message
news:9205F393-676E-4743-BD69-6676529931CB@microsoft.com...
> That is the details:
>
> See the end of this message for details on invoking
> just-in-time (JIT) debugging instead of this dialog box.
>
> ************** Exception Text **************
> System.Security.SecurityException: Security error.
> at WindowsApplication2.Form1.Form1_Load(Object sender, EventArgs e)
> at System.Windows.Forms.Form.OnLoad(EventArgs e)
> at System.Windows.Forms.Form.OnCreateControl()
> at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
> at System.Windows.Forms.Control.CreateControl()
> at System.Windows.Forms.Control.WmShowWindow(Message& m)
> at System.Windows.Forms.Control.WndProc(Message& m)
> at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
> at System.Windows.Forms.ContainerControl.WndProc(Message& m)
> at System.Windows.Forms.Form.WmShowWindow(Message& m)
> at System.Windows.Forms.Form.WndProc(Message& m)
> at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
> at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
> at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg,
> IntPtr wparam, IntPtr lparam)
>
>
> ************** Loaded Assemblies **************
> mscorlib
> Assembly Version: 1.0.5000.0
> Win32 Version: 1.1.4322.573
> CodeBase:
> file:///c:/windows/microsoft.net/framework/v1.1.4322/mscorlib.dll
> ----------------------------------------
> System
> Assembly Version: 1.0.5000.0
> Win32 Version: 1.1.4322.573
> CodeBase:
> file:///c:/windows/assembly/gac/system/1.0.5000.0__b77a5c561934e089/system.dll
> ----------------------------------------
> System.Drawing
> Assembly Version: 1.0.5000.0
> Win32 Version: 1.1.4322.573
> CodeBase:
> file:///c:/windows/assembly/gac/system.drawing/1.0.5000.0__b03f5f7f11d50a3a/system.drawing.dll
> ----------------------------------------
> WindowsApplication2
> Assembly Version: 1.0.2010.25183
> Win32 Version: 1.0.2010.25183
> CodeBase: file://mocdc1/netlogon/Debug/WindowsApplication2.exe
> ----------------------------------------
> System.Windows.Forms
> Assembly Version: 1.0.5000.0
> Win32 Version: 1.1.4322.573
> CodeBase:
> file:///c:/windows/assembly/gac/system.windows.forms/1.0.5000.0__b77a5c561934e089/system.windows.forms.dll
> ----------------------------------------
> System.Xml
> Assembly Version: 1.0.5000.0
> Win32 Version: 1.1.4322.573
> CodeBase:
> file:///c:/windows/assembly/gac/system.xml/1.0.5000.0__b77a5c561934e089/system.xml.dll
> ----------------------------------------
> Interop.ActiveDs
> Assembly Version: 1.0.0.0
> Win32 Version: 1.0.0.0
> CodeBase: file://mocdc1/netlogon/Debug/Interop.ActiveDs.DLL
> ----------------------------------------
> System.DirectoryServices
> Assembly Version: 1.0.5000.0
> Win32 Version: 1.1.4322.573
> CodeBase:
> file:///c:/windows/assembly/gac/system.directoryservices/1.0.5000.0__b03f5f7f11d50a3a/system.directoryservices.dll
> ----------------------------------------
>
> ************** JIT Debugging **************
> To enable just in time (JIT) debugging, the config file for this
> application or machine (machine.config) must have the
> jitDebugging value set in the system.windows.forms section.
> The application must also be compiled with debugging
> enabled.
>
> For example:
>
> <configuration>
> <system.windows.forms jitDebugging="true" />
> </configuration>
>
> When JIT debugging is enabled, any unhandled exception
> will be sent to the JIT debugger registered on the machine
> rather than being handled by this dialog.
>
>
>
>
> "Nicole Calinoiu" wrote:
>
>> "amos hchmon" <amoshchmon@discussions.microsoft.com> wrote in message
>> news:696CCD4C-0122-437B-924B-07B690792503@microsoft.com...
>> >
>> > The security error is:
>> > /*the application attempted to perform an opertion not allowed by the
>> > security policy.The opertion required the securityexcepion.Yo grant
>> > this
>> > application the required permission please contact your system
>> > administrator,or use the microsoft .net security policy administration
>> > tool.*/
>>
>> A PolicyException can be addressed by adjusting the CAS policy. However,
>> before doing so, it's generally necessary to determine which permission
>> is
>> missing. The full exception details (as returned by its ToString method)
>> might allow me to figure out what the missing permission in this case may
>> be.
>>
>>
>> > if this exception is not enough i will send you more details latter
>>
>> Please do.
>>
>>
>> > (I'm not in my work now).
>> > it dosen't work when launched locally by a non admin,in the local host
>> > the
>> > exception refer to the JIT/CLR exception.
>>
>> It sounds like it might be necessary for the user to have at least some
>> permissions not granted to non-admin users, but I can't be sure without
>> the
>> exception details. Please provide these as well, if possible.
>>
>>
>> > also, I repeat my question does this problem has any connection to
>> > CAS?
>>
>> The PolicyException does, but the other exception seen when a non-admin
>> run
>> the application locally probably does not.
>>
>>
>> > if yes can you tell me how i create a strong name.
>>
>> See http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx for
>> instructions on both signing your assembly and adding a code group based
>> on
>> your strong name to your local CAS policy. For some options on deploying
>> your CAS policy changes, see
>> http://msdn.microsoft.com/library/en-us/dnnetsec/html/entsecpoladmin.asp.
>> For obvious reasons, deployment should be planned in conjunction with
>> your
>> network administrator.
>>
>>
>>
>> > The security context for the user is domain users .I am not intersted
>> > to
>> > change the policy for the user,
>>
>> You cannot compensate for a lack of user privileges by elevating CAS
>> permissions. In order for managed code to run, both the user and the
>> code
>> must have sufficient privileges. If domain users do not have sufficient
>> Windows permissions to run your code (which still isn't certain), you
>> will
>> need to either alter your application to not require the elevated
>> permissions, elevate the user permissions, or run in a different user
>> context.
>>
>>
>> > maybe there is option to give for the
>> > application permission in the Security Policy Administration Tool, to
>> > running
>> > in the client.
>>
>> Sorry, but I don't understand what you mean by this.
>>
>>
>> >
>> > thanks Nicole.
>> >
>> >
>> > "Nicole Calinoiu" wrote:
>> >
>> >> Might you be able to provide the full exception details as returned by
>> >> the
>> >> exceptions's ToString method? If not, could you please provide at
>> >> least
>> >> the
>> >> type of exception and the exception message?
>> >>
>> >> Also, you mentioned that it doesn't work when launched by a domain
>> >> user
>> >> over
>> >> the network. Does it work when launched locally by a non-admin? If
>> >> not,
>> >> is
>> >> the same exception returned as when it's run over the network?
>> >>
>> >>
>> >> "amos hchmon" <amoshchmon@discussions.microsoft.com> wrote in message
>> >> news:E081C376-8990-4EA1-A162-51BC52C43BAF@microsoft.com...
>> >> >I have windows application that execute a logon script in the client
>> >> >from
>> >> >the
>> >> > server under shere network(in the netlogon directory or in GPO
>> >> > /windows
>> >> > setting/logon) when the users enter the LAN.
>> >> > my application get attribute from the ACTIVE DIRECTORY to present
>> >> > for
>> >> > the
>> >> > user his name and department, when I am running the application
>> >> > from
>> >> > my
>> >> > computer the application works excellent ,but when its running from
>> >> > the
>> >> > server in
>> >> > the client that his permisstion under domin user I get error about
>> >> > security .
>> >> > what can i do to solve the problem without gives privilege to the
>> >> > user?
>> >> > and
>> >> > where i find in the msdn library material about this problem?
>> >> > i asking that question in the asdi.general and joe kaplan refer me
>> >> > under
>> >> > this subject.
>> >> > now i know that there is link to CAS that means that I can give
>> >> > privilege
>> >> > only to code but yet I don't know how and where?
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>