Security issue in .NET 2.0 app on Network drive

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Our company deploys our .NET 2.0 apps to a network drive for them to be run.
We are having issues with security in getting these to run. Below is a sample
output for a job that is trying to call a DLL and failing.

Since the .NET 2.0 Config control panel applet is no longer included with
the framework, we ran the following command line to allow full trust on Local
Intranet apps:

c:\windows\microsoft.net\framework\v2.0.50727\caspol.exe -cg
LocalIntranet_Zone FullTrust

However, looking at the error output, it seems as though it's putting our
assembly into the Internet zone, even though it's on a local network? Does
this mean we need to modify the Internet Options to explicitly allow that
network path? Why doesn't it automatically recognize that this is a Local
Intranet location, since it is internal to our AD domain?

Here is the error output:

-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
Unhandled Exception: System.Security.SecurityException: Request for the
permission of type 'System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
at System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Reflection.Assembly.VerifyCodeBaseDiscovery(String codeBase)
at System.Reflection.Assembly.GetName(Boolean copiedName)
at System.Reflection.Assembly.GetName()
at Mono.GetOptions.OptionList.ExtractEntryAssemblyInfo(Type optionsType)
at Mono.GetOptions.OptionList..ctor(Options optionBundle)
at Mono.GetOptions.Options.ProcessArgs(String[] args)
at TuitionSupervisorEmail.Program.Main(String[] args)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The first permission that failed was:

The demand was for:

The granted set of the failing assembly was:

The assembly or AppDomain that failed was:
Mono.GetOptions, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
The method that caused the failure was:
Void ExtractEntryAssemblyInfo(System.Type)
The Zone of the assembly that failed was:
Internet
The Url of the assembly that failed was:
file://path/to/app/folder/Mono.GetOptions.DLL
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

Thanks,
toby
 
toby said:
Our company deploys our .NET 2.0 apps to a network drive for them to be
run.
We are having issues with security in getting these to run. Below is a
sample
output for a job that is trying to call a DLL and failing.

Since the .NET 2.0 Config control panel applet is no longer included with
the framework, we ran the following command line to allow full trust on
Local
Intranet apps:

c:\windows\microsoft.net\framework\v2.0.50727\caspol.exe -cg
LocalIntranet_Zone FullTrust
Click to expand...

Is an IP address used in the path to the assembly? Are any machines running
Vista?

PS
However, looking at the error output, it seems as though it's putting our
assembly into the Internet zone, even though it's on a local network? Does
this mean we need to modify the Internet Options to explicitly allow that
network path? Why doesn't it automatically recognize that this is a Local
Intranet location, since it is internal to our AD domain?

Here is the error output:

-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
Unhandled Exception: System.Security.SecurityException: Request for the
permission of type 'System.Security.Permissions.FileIOPermission,
mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
at System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Reflection.Assembly.VerifyCodeBaseDiscovery(String codeBase)
at System.Reflection.Assembly.GetName(Boolean copiedName)
at System.Reflection.Assembly.GetName()
at Mono.GetOptions.OptionList.ExtractEntryAssemblyInfo(Type optionsType)
at Mono.GetOptions.OptionList..ctor(Options optionBundle)
at Mono.GetOptions.Options.ProcessArgs(String[] args)
at TuitionSupervisorEmail.Program.Main(String[] args)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The first permission that failed was:

The demand was for:

The granted set of the failing assembly was:

The assembly or AppDomain that failed was:
Mono.GetOptions, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
The method that caused the failure was:
Void ExtractEntryAssemblyInfo(System.Type)
The Zone of the assembly that failed was:
Internet
The Url of the assembly that failed was:
file://path/to/app/folder/Mono.GetOptions.DLL
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

Thanks,
toby
Click to expand...
 
PS said:
Is an IP address used in the path to the assembly? Are any machines running
Vista?

PS
Click to expand...

Hello,

No, we were using a UNC path to run the app. I was able to work around this
by adding "file://server" to the Local Intranet zone under Internet Options.
I'm still not sure though, why this was turned into a file URI in the first
place.
 
toby said:
Hello,

No, we were using a UNC path to run the app. I was able to work around
this
by adding "file://server" to the Local Intranet zone under Internet
Options.
I'm still not sure though, why this was turned into a file URI in the
first
place.
Click to expand...

I assume the computers were running IE7?

PS
 
Back
Top