|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Security settings for intranet zoneI have a problem executing a managed application from a server's share - hopefully, someone can give me a hint. The application and all DLLs are signed with a key, therefore have a strong name. Now, I was assuming that if I create a code group under the "Organization" level with that strong name as criterium and the FullTrust permission set, my assemblies should be able to access all ressources (including reflection which is causing all the trouble); but when executing the application, I get a SecurityException. I tried setting that policy to LevelFinal and Exclusive, but still that nasty SecurityExceptions keep popping up. The only way I found to make it work is when I set the LocalIntranet zone security setting to the highest level. But of course, customers will not be wanting to grant full access to just any assembly on the intranet. Therefore, my questions are: 1. How does the zone security setting affect the runtime policies? 2. How can I grant my application FullTrust permission set, but only my application? Thanks for any hints on this! Roland You definitely should not have to elevate the permission grant of the entire
intranet zone for this. If you are seeing problems after setting up the code groups that uses strong name evidence, either your policy modifications are incorrectly configured, or you might have a assembly in the mix that isn't signed with the same key. Since the policy modification issue is likely to be more difficult to troubleshoot, let's first try to rule out the possibility of an assembly with an alternate signature in the mix. Would you be able to post the full exception details (incl. call stack) of one of your SecurityExceptions, as output by its ToString method? Show quote "Roland Dick" <bris***@web.de> wrote in message news:u4kXdYF5FHA.2040@TK2MSFTNGP14.phx.gbl... > Hi, > > I have a problem executing a managed application from a server's share - > hopefully, someone can give me a hint. The application and all DLLs are > signed with a key, therefore have a strong name. > > Now, I was assuming that if I create a code group under the "Organization" > level with that strong name as criterium and the FullTrust permission set, > my assemblies should be able to access all ressources (including > reflection which is causing all the trouble); but when executing the > application, I get a SecurityException. I tried setting that policy to > LevelFinal and Exclusive, but still that nasty SecurityExceptions keep > popping up. The only way I found to make it work is when I set the > LocalIntranet zone security setting to the highest level. But of course, > customers will not be wanting to grant full access to just any assembly on > the intranet. > > Therefore, my questions are: > 1. How does the zone security setting affect the runtime policies? > 2. How can I grant my application FullTrust permission set, but only my > application? > > Thanks for any hints on this! > > Roland  |
|||||||||||||||||||||||
Other interesting topics