Re: Security issue running unmanaged code in a win form ctrl hoste


I have already done it,
I have created a group with full trust for a specificy URL:

http//10.10.10.10/myapplication/*

and as I said:

the permissions for the windows from control are set to
unrestricted. (I have Double-checked it via the framework evaluation
permission option for assemblies persent in .NET)


Many thanks,
Filippo


"Dominick Baier [DevelopMentor]" wrote:

the CAS security policy restricts you from running umnanaged code -

go to mscorcfg.msc - there you can inspect the policy for the machine - the
intranet/internet permission set don't include SecurityPermission/UnmanagedCode

maybe you should create a custom code group for your control - using a StrongNameMembershipCondition,
and grant that necessary permission.

This has to be done on every client.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Security problem running unmanaged code (.ocx control) in a windows
from control hosted in IE6

Hi,

I have design a windows from control which contain a .OCX in one of
its
forms.
Component developed in C#2005 -------- .NET2
Now, the control is loaded successful via IIS in my web application.
Now when I try to load the form where the OCX is hosted:

private void button2_Click(object sender, EventArgs e)
{
Form1 a;
a = new Form1();
a.ShowDialog();
}
I got an .NET Excpetion saying:

System.Security.SecurityException: Request failed.

************** Exception Text **************
System.Security.SecurityException: Request failed.
at System.Windows.Forms.AxHost..ctor(String clsid, Int32 flags)
at System.Windows.Forms.AxHost..ctor(String clsid)
at AxAcroPDFLib.AxAcroPDF..ctor()
at WindowsControlLibrary1.Form1.InitializeComponent()
at WindowsControlLibrary1.Form1..ctor()
at WindowsControlLibrary1.UserControl1.button2_Click(Object sender,
EventArgs e)
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons
button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at
System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at
System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32
msg,
IntPtr wparam, IntPtr lparam)
The action that failed was:
Demand
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.PermissionSet
************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
......................

Now the permissions for the windows from control are set to
unrestricted. (I have Double-checked it via the framework evaluation
permission option for assemblies persent in .NET)

Tried the following in the AssemblyInfo.cs

[assembly: AllowPartiallyTrustedCallers()]
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum,
Flags
= SecurityPermissionFlag.UnmanagedCode)]
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum,
Flags
= SecurityPermissionFlag.ControlEvidence)]
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum,
Flags
= SecurityPermissionFlag.SkipVerification)]
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum,
Flags
= SecurityPermissionFlag.AllFlags)]
tried:

[SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)]
[SecurityPermission(SecurityAction.Assert, ControlEvidence = true)]
[SecurityPermission(SecurityAction.Assert, Unrestricted = true)]

no luck!!!!

Any idea how to run unmanged code in a window from hosted in IE6?

Many Thanks,
Filippo



.

Quantcast