Re: Windows user controls in a web page: Security
From: Nicole Calinoiu (calinoiu)
Date: 03/01/05
- Previous message: Tim Wilson: "Re: Sizing a listview to the data"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Mar 2005 13:02:39 -0500
My guess would be that you probably weren't altering the CAS policy for the
same version of the framework that was being used to load the control. You
could probably get it to work as expected on a multi-version machine if you
were to ensure that the .NET Framework version targeted for the CAS policy
modification is the same as the version in which the control will be loaded
when hosted in IE.
"John Francisco Williams" <JohnFranciscoWilliams1010@Yahoo.Com> wrote in
message news:u3iZYPdHFHA.3076@tk2msftngp13.phx.gbl...
> Thank you very much for your help. I tried to use Strong Name as the
> membership condition (as it mentions the first article) and that didn't
> work. I also tried the assert method, mentioned in the second article.
> That
> didn't work either. I then tried on more machines (I was using 3 real
> machines and 2 virtual servers) and it worked!!! :-) . This is what I
> found:
>
> 1. My control was made using .Net Framework 1.1. Machines that have both
> .Net Framework 1.0 and .Net Framework 1.1 installed, didn't work.
> 2. Machines that have both .Net Framework 1.1 and .Net Framework 2.0,
> didn't
> work either.
> 3. Machines with only .Net Framework 1.1, worked perfect.
>
> It worked using the steps I mentioned in my first post. Here are the
> steps,
> a bit more detailed, in case anyone wants them:
>
> 1. Create a windows user control, with the functionality needed. In my
> case,
> the control access the file system, and an SQL Server.
> 2. Create a web page (in my case, I'm using Aspx pages) that uses the
> control, like this:
>
> <object
> classid = AssemblyName.DLL#NameSpace.ControlName
> ViewAsText>
> </object>
>
> 3. Each machine that's going to use that page, needs to comply with this:
>
> 3.1. Have the .Net framework installed (same version as the control)
> 3.2. Authorize the assembly, or the whole URL, or the whole web site, to
> perform the operations needed.
>
> 4. To do "3.2":
>
> 4.1. Use one machine as the template, for creating the authorization
> needed for all the other machines. After creating all the permissions
> needed, an .Msi will be created, that will replicate this same permission
> state, on every machine that uses the page with the control.
> 4.2. Go to administrative tools, "Microsoft .NET Framework 1.1
> Configuration"
> 4.3. Go to Runtime Security Policy\Machine\Permission Sets
> 4.4. Right click "Permission Sets", select "New".
> 4.5. Give it a descriptive name, and select next.
> 4.6. Select the permissions your control will need and then click "Add
>>>>" to add them to the "Assigned Permissions" list. In my case, I choosed
> "DNS", "File IO" and "SQL Client", unrestricted.
> 4.7. Click "Finish"
> 4.8. After you created a set with the permissions you want to assign,
> you now need to specify who is going to get those permissions. Go to
> Runtime
> Security Policy\Machine\Code Groups\All_Code\Internet_Zone
> 4.9. Right click "Internet_Zone", select "New"
> 4.10. Give it a descriptive name, and select next.
> 4.11. Next window is "Condition Type": Where is this assembly that
> needs
> to be authorized? In my case, I selected "Site", to give permission to any
> control that comes from a specific site. I you need to be more
> restrictive,
> use "URL", for example, to only authorize assemblies coming from one URL.
> I
> you use URL, include the name of the assembly (e.g.
> http://wwww.SiteName.Com/Dir1/Dir1b/AssemblyName.Dll) or a "*", to
> authorize
> all assemblies coming from that URL. (e.g.
> http://wwww.SiteName.Com/Dir1/Dir1b/* ). If you select "Site", don't
> include
> the protocol (example: www.SiteName.Com, instead of
> http://www.SiteName.Com ).
> 4.12. Next section is "Permission Set". You already indicated which
> assembly (s) to trust. Now indicate what type of permissions it will have,
> by associating it with a permission set. Choose the permission set you
> created in 4.5.
> 4.13. Click "Next", "Finish", test your page.
> 4.14. If everything is working as needed, and you don't need to modify
> more permissions, go to "Runtime Security Policy". Right click there, and
> select "Create Deployment Package".
> 4.15. Indicate the level of security to deploy. In this case,
> "Machine".
> 4.16. Choose the folder and a file name for this Deployment Package.
> 4.17. Click "Next", "Finish", the package is ready.
> 4.18. Have this MSI run on each machine that needs to use the page with
> the control.
>
> NOTES:
> . This installer is primitive. If you had previous custom permission sets
> on
> a machine, they will be lost when you run the installer. For those cases,
> I
> suggest having one or more machines with the permissions set, to be used
> as
> templates. And then, always use those machines to make any changes and
> deployment packages.
> . Depending on your scenario, you might need to use "Local_Intranet_Zone",
> "My_Computer_Zone", etc, instead of "Internet_Zone" in step 4.8.
> . You need to know what section is your assembly being "assigned to"? Go
> to
> "Runtime Security Policy" and select "Evaluate Assembly" on the right
> side.
>
> Thanks Nicole. Thanks all :-)
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:uFyh2ABHFHA.472@TK2MSFTNGP12.phx.gbl...
>> See http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx and
>> http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx for
> explanations
>> of why your code isn't being granted the permissions you would like and
> what
>> you can do about it.
>>
>>
>> "John Francisco Williams" <JohnFranciscoWilliams1010@Yahoo.Com> wrote in
>> message news:ehEfw04GFHA.1096@tk2msftngp13.phx.gbl...
>> > Hi all. Where can I find documentation on using windows user controls
>> > in
>> > web
>> > pages? I've been looking for documentation, but haven't found much.
>> > Specifically, I'm now having problems with assembly permissions:
>> >
>> > 1. I have an Aspx page that uses a windows user control
>> > 2. The control uses ADO.Net to retrieve information from an SQL server
> (at
>> > least it tries)
>> > 3. In a client machine, I created a code group under Machine, AllCode,
>> > Local_Intranet. Membership. Condition is the URL of my app. Permission
> set
>> > is one I created allowing EVERYTHING
>> > 4. It doesn't work. When the control tries to retrieve the information,
> I
>> > get an exception: Request for the permission SQLClientPermission
>> > failed.
>> >
>> > Note: The control works fine on the machine I use to host the page. All
> I
>> > had to do was trust the control's assembly. It doesn't work on other
>> > machines that browse to that page.
>> >
>> > Any suggestions, tips, info are welcome. I don't know what newsgroup to
>> > use
>> > so, I'm trying with these two.
>> >
>> > Thanks a lot!!!
>> >
>> > Frank
>> >
>> >
>> >
>>
>>
>
>
- Previous message: Tim Wilson: "Re: Sizing a listview to the data"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
