Re: Security blues

Generally, when an app behaves differently depending on the user who is
running it, this is because of Windows security, not Code Access Security.
CAS determines what the code is allowed to do independent of the user who is
running it. As such, permcalc isn't likely to be of much use.

You might consider using a tool like process monitor to see if there are any
files or registry key accesses that are generating an access denied error
during execution. This is often a good indication of the Windows permission
that is being requested and not granted and my give you some idea where to
look.

Note also that if you don't have the source code for some of your
assemblies, you can often do a serviceable job of recovering it with
Reflector with the file disassembler plug-in.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"ItsOnlyAFleshWound" <ItsOnlyAFleshWound@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:54B5DA96-F5D4-4EC2-9888-08BE32A439D1@xxxxxxxxxxxxxxxx
.Net gurus,

I have written an app that works great on my dev workstation. When I load
it on the corporate server, it fails, seemingly with an error unrelated to
security. (It says it cannot load a resource string, while all resources
are
embedded in the assembly.) However, when I get the admin of the server to
run the program with admin rights, it succeeds. "Fix the security," you
say,
and you're right of course.

Here are the complications of fixing the security.
1. It is using a common library of assemblies which were developed by a
number of individuals at my company, many of whom no longer work here. I
have no idea how they might have set up security.
2. My company is using .Net 1.1, so I cannot use PermCalc. At least I
think
not.
3. Permview doesn't give me much: ReflectionPermission (TypeInformation,
MemberAccess) and SecurityPermission (Execution, SerializationFormatter).
Doesn't sound like it should need admin rights.

What I'm after is:
1. How do I determine which operations in my assembly require local
administrator on the box to run?
2. Is there a way to work around these, short of just giving the runtime
account admin privileges?

Thank you in advance for your assistance.
--
Tim


.

Relevant Pages

  • Re: Code Access Security Enforcement anamoly - - Thx in advance.
    ... If we look at the documentation and security changes since v1.0 of .NET, ... so that any assemblies under that website would be considered as fully ... > Hi Shawn, ... >> You are probably running into a situation with dynamic compilation. ...
    (microsoft.public.dotnet.security)
  • Re: Am I the only one with doubts about .NET for commercial apps?
    ... > So far, I have found only these two weaknesses, but these are BIG ... harder to do in unmanaged code, no licensing restrictions you add there are ... sense of security by making it clearer how easy it is to do. ... You can make reusing your assemblies a bit harder by using identity demands, ...
    (microsoft.public.dotnet.general)
  • RE: Decleration Excel.Application or what
    ... security error when you call into the NanoSort class. ... When you create and build your VSTO project a .NET security policy is ... assemblies reside rather than just the VSTO assembly and this should correct ...
    (microsoft.public.vsnet.vstools.office)
  • RE: Windows Service cannot create text files?
    ... should know that running your service as the Local System account is Very ... If your service has a single security flaw that is exploited, ... The steps for changing the policy for the user ... This will import the strong name and only assemblies ...
    (microsoft.public.dotnet.languages.vb)
  • ANN: Free .NET Workshops
    ... Richard Grimes has made available some of his .NET training courses as ... - Location of .NET assemblies and how to change the default locations ... ..NET Security Workshop ... - Cryptography; Crypto transforms and crypto streams; Keys and ...
    (microsoft.public.dotnet.faqs)