Simple C# Permission

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a simple application in C++ that uses a dll I wrote in C#. It works
fine when I run it on C: on my local PC, but when I attempt to run it on the
i: drive on my LAN, it gets a loading permission error, presumably when
loading my c# dll. I gather that I must set an attribute in my C++ program to
grant security to load the dll, but I can not figure out what to use. Here is
my c++ program:

#include <stdio.h>
#using <csfu.dll>

void main(void)
{
printf("In Mancfu\n");
MBSFu::AClass::AFun();
}

What needs to be added? Thanks.
 
Hi Richard,

Welcome to the MSDN newsgroup.

From your description, I understand you've developed a .NET assembly which
is used by another unmanaged c++ application. The application runs well on
local computer, however, after be moved to a remote UNC share, it fails to
load the .net assembly, correct?

As for this issue, I think it likely a code access permission specific
issue. In .net framework, all the code executed in managed world(CLR) will
be restricted by the CLR code access security setting. And code with
different condition (e.g from different source , remote or local) will have
different code access permission. In your case, after you move the
application and assembly to a remote UNC share, it is no longer in the
local computer zone , it may have insufficient permission to run. To
verify this, you can try using the caspol.exe tool to turn off the .net CAS
checking temporarily and test the app again to see whether it works:

#Code Access Security Policy Tool (Caspol.exe)
http://msdn2.microsoft.com/en-us/library/cb6t8dtz.aspx

If this does be the case, you'll need to add a custom codegroup for your
problem assembly (grant it fulltrust permission set). You can define the
codegroup by Url(point to the UNC path) or use StrongName as the evidence.
Here are some good articles introducing the .net CAS:

#Managing .NET Code Access Security (CAS) Policy
http://www.code-magazine.com/Article.aspx?quickid=0405031

#Security in .NET: Enforce Code Access Rights with the Common Language
Runtime
http://msdn.microsoft.com/msdnmag/issues/01/02/cas/

Hope this helps.

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Yes, your analysis of my situation is correct, I will try the CASPOL and the
articles you suggest, Thanks.
 
Thanks. I am using Internet Explorer to access the newsgroup, and see no
attachments, is there a better way to do it?

I have been using caspol.exe and sn.exe, to give my assembly a strong name,
now I am attempting to give it the permissions it needs. But I am still at a
basic level, trying to determine whether it is the calling program that needs
the rights, or the caller.
 
Thanks for your response Richard,

As for the attachment, I'm afraid you have to use Outlook Express to access
the newsgroup so as to retrieve the attached files. The public msdn
newsgroup's NNTP server is "msnews.microsoft.com".

As for
=======================
But I am still at a
basic level, trying to determine whether it is the calling program that
needs
the rights, or the caller.
=======================

Is the C++ application also a managed one(.net assembly)? Anyway, you need
to grant FullTrust permission for any .net code that will need to be loaded
from that remote UNC share. And that's why I suggest you use Url (file
path) to identify your custom codegroup. You can pay more attention on
creating codegroup in the msdn reference I mentioned. Also, if you get my
attachement, the screenshoot I provided just show you the custom
codegroup(which use Url evidence) in my local test machine.

Hope this helps.

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Back
Top