Re: Exception with Child AppDomain
- From: xenophon <xenophon@xxxxxxxxxxxxx>
- Date: Fri, 16 Dec 2005 09:40:33 -0500
Yes, I agree there is a security issue.
This is not an issue where a page can be browsed by one user and not
by another. The AppDomain work occurs in the Session_Start event,
presumably before any page is instanced. It appears to me that an
unknown user account does not have permissions to load or Reflect over
the external DLL for Remoting.
I am unable to properly debug this because if I am in the VS.NET 2003
debugger (where I develop as a local Administrator), the problem does
not occur. It occurs only when the app content is xcopy-deployed to
the remote web server and the site is then accessed by an unprivileged
user. I set up the web app to send an email when an Exception is
thrown, that is the only reason I have the info I previously posted.
The ACLs on the bin directory (where the external DLL is located)
allow "R"ead for the local group that can otherwise access the site.
Do I need to create custom Evidence so "everyone" can load the
Assembly?
On Fri, 16 Dec 2005 08:17:42 GMT, lukezhan@xxxxxxxxxxxxxxxxxxxx
([MSFT]) wrote:
>>From your description, it seems to be a security issue. Your ASP.NET
>application will use the current user's acount to load the app domain. To
>confirm this, you can logon on as a local administrator, and browse to the
>ASP.NET web page, what will be the result?
>
>Luke
.
- Follow-Ups:
- Re: Exception with Child AppDomain
- From: [MSFT]
- Re: Exception with Child AppDomain
- References:
- Exception with Child AppDomain
- From: xenophon
- RE: Exception with Child AppDomain
- From: [MSFT]
- Exception with Child AppDomain
- Prev by Date: RE: Exception with Child AppDomain
- Next by Date: Distributed 3 Tier & WebService Design Question
- Previous by thread: RE: Exception with Child AppDomain
- Next by thread: Re: Exception with Child AppDomain
- Index(es):
Relevant Pages
|
