Re: Security blues



Once you have those tools, you'll find a million uses for them. Glad it
worked out!

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"ItsOnlyAFleshWound" <ItsOnlyAFleshWound@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:7FE54331-5BCC-4A0A-8EEF-FE776B374EB2@xxxxxxxxxxxxxxxx
Thanks, Joe.

I was able to determine what my problems are using the tool you
recommended.
I have already worked around one and can pose the other to the
development
group responsible for the libraries that I am using.

Very useful piece of software.
Thanks again.
--
Tim


"Joe Kaplan" wrote:

Generally, when an app behaves differently depending on the user who is
running it, this is because of Windows security, not Code Access
Security.
CAS determines what the code is allowed to do independent of the user who
is
running it. As such, permcalc isn't likely to be of much use.

You might consider using a tool like process monitor to see if there are
any
files or registry key accesses that are generating an access denied error
during execution. This is often a good indication of the Windows
permission
that is being requested and not granted and my give you some idea where
to
look.

Note also that if you don't have the source code for some of your
assemblies, you can often do a serviceable job of recovering it with
Reflector with the file disassembler plug-in.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"ItsOnlyAFleshWound" <ItsOnlyAFleshWound@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:54B5DA96-F5D4-4EC2-9888-08BE32A439D1@xxxxxxxxxxxxxxxx
.Net gurus,

I have written an app that works great on my dev workstation. When I
load
it on the corporate server, it fails, seemingly with an error unrelated
to
security. (It says it cannot load a resource string, while all
resources
are
embedded in the assembly.) However, when I get the admin of the server
to
run the program with admin rights, it succeeds. "Fix the security,"
you
say,
and you're right of course.

Here are the complications of fixing the security.
1. It is using a common library of assemblies which were developed by a
number of individuals at my company, many of whom no longer work here.
I
have no idea how they might have set up security.
2. My company is using .Net 1.1, so I cannot use PermCalc. At least I
think
not.
3. Permview doesn't give me much: ReflectionPermission
(TypeInformation,
MemberAccess) and SecurityPermission (Execution,
SerializationFormatter).
Doesn't sound like it should need admin rights.

What I'm after is:
1. How do I determine which operations in my assembly require local
administrator on the box to run?
2. Is there a way to work around these, short of just giving the
runtime
account admin privileges?

Thank you in advance for your assistance.
--
Tim





.



Relevant Pages

  • Re: Integrated Windows Authentication Timeout?
    ... For the second search, if the user account has an SPN of HTTP/webserver, ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication since ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... You should then be able to see the SPNs that are on that account. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How do I convert sid retrieved from the AD to SDDL string form
    ... LDAP doesn't support joins. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... objectSid property to a SecurityIdentifier class. ...
    (microsoft.public.dotnet.security)
  • Re: GetOwner and IdentityNotMappedException
    ... the SID, then the .NET code should be able to also, all things being equal. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... especially when deleted security principals are involved. ...
    (microsoft.public.dotnet.security)