Hosting Controls in IE

[Christoph Schittko [MVP]]

All,

I am trying to display a winforms user control inside an HTML page through
an <object> tag. Everything works fine and dandy until I sign the assembly
that contains the control. Once I start signing then I just get the icon
for the failed control.

Now I've confirmed from my web server logs that the control is properly
downloaded, I see requests with status codes of 200 or 304, so the download
succeded. I can further confirm that the download succeeded by checking the
downloaded assembly cache with gacutil /ldl and I do see the assembly in
there ( with the correct version number and public key token ).

When I check the IEHost log file, I see a SecurityException, but I did
explicitly configure FullTrust for all assemblies signed with my strong
name using the Configuration Wizard -> Trust Assembly and specifying the
http URL of the assembly on the web server. There are no details logged on
the security exception. What's even more puzzling is that this is happening
when I attempt to download this from localhost.

The fusion log does not show errors either, unless I take out the <link>
tag that's pointing to my config file on the web server.

I am running out of ideas what else to try right now. The configuration of
my set up is Windows 2003 Server, IE6, .NET Framework 1.1.

Can someone tell me what I am missing? I can post more details if necessary.

Thanks,
Christoph
MVP XML .NET

 

[Rajasi Saha]

Is your assembly marked by the attribute below?

[assembly: System.Security.AllowPartiallyTrustedCallers]

Before you apply this, you must make sure that your assembly cannot be
exploited by partially trusted code.

rajasi

 

[Christoph Schittko [MVP]]

Rajasi,

Thanks for the answer. The control is in a signed assembly, with the
AllowPartiallyTrustedCallers attached. I got everything working now as long
as I associate the FullTrust Permission Set with the CodeGroup applicable to
my assembly. Anything less than FullTrust will cause a SecurityException.

In [0] Chris Sells writes that the Execution Permission Set should be
sufficient. Does this only apply to .exe assemblies and not to controls that
are hosted as part of HTML pages? I tried all the stock permission sets as
well as coming up with a few custom ones, but none of them work.

Are there any other ways to work around this issue?
TIA,
Christoph Schittko
MS MVP XML .NET

[0] http://www.microsoft.com/indonesia/msdn/winforms11122002.asp

Is your assembly marked by the attribute below?

[assembly: System.Security.AllowPartiallyTrustedCallers]

Before you apply this, you must make sure that your assembly cannot be
exploited by partially trusted code.

rajasi

All,

I am trying to display a winforms user control inside an HTML page through
an <object> tag. Everything works fine and dandy until I sign the assembly
that contains the control. Once I start signing then I just get the icon
for the failed control.

Now I've confirmed from my web server logs that the control is properly
downloaded, I see requests with status codes of 200 or 304, so the download
succeded. I can further confirm that the download succeeded by checking the
downloaded assembly cache with gacutil /ldl and I do see the assembly in
there ( with the correct version number and public key token ).

When I check the IEHost log file, I see a SecurityException, but I did
explicitly configure FullTrust for all assemblies signed with my strong
name using the Configuration Wizard -> Trust Assembly and specifying the
http URL of the assembly on the web server. There are no details logged on
the security exception. What's even more puzzling is that this is happening
when I attempt to download this from localhost.

The fusion log does not show errors either, unless I take out the <link>
tag that's pointing to my config file on the web server.

I am running out of ideas what else to try right now. The configuration of
my set up is Windows 2003 Server, IE6, .NET Framework 1.1.

Can someone tell me what I am missing? I can post more details if necessary.

Thanks,
Christoph
MVP XML .NET

 

[Christoph Schittko [MVP]]

Rajasi,

I started over, recreated my project structure from scratch and now
everything works just great only
with the permissions needed.

I hope it will still work when I get back to it tomorrow, but I think I at
least I now understand what's going on.

Thanks for the help,

Christoph

Is your assembly marked by the attribute below?

[assembly: System.Security.AllowPartiallyTrustedCallers]

Before you apply this, you must make sure that your assembly cannot be
exploited by partially trusted code.

rajasi

All,

I am trying to display a winforms user control inside an HTML page through
an <object> tag. Everything works fine and dandy until I sign the assembly
that contains the control. Once I start signing then I just get the icon
for the failed control.

Now I've confirmed from my web server logs that the control is properly
downloaded, I see requests with status codes of 200 or 304, so the download
succeded. I can further confirm that the download succeeded by checking the
downloaded assembly cache with gacutil /ldl and I do see the assembly in
there ( with the correct version number and public key token ).

When I check the IEHost log file, I see a SecurityException, but I did
explicitly configure FullTrust for all assemblies signed with my strong
name using the Configuration Wizard -> Trust Assembly and specifying the
http URL of the assembly on the web server. There are no details logged on
the security exception. What's even more puzzling is that this is happening
when I attempt to download this from localhost.

The fusion log does not show errors either, unless I take out the <link>
tag that's pointing to my config file on the web server.

I am running out of ideas what else to try right now. The configuration of
my set up is Windows 2003 Server, IE6, .NET Framework 1.1.

Can someone tell me what I am missing? I can post more details if necessary.

Thanks,
Christoph
MVP XML .NET