Re: code access security



thanks alberto

I had already tried the ACCESS EXTERNAL route - but that gives me a compile
time error :

Error 1 CREATE ASSEMBLY for assembly 'GmsSqlClr' failed because assembly
'GmsSqlClr' is not authorized for PERMISSION_SET = EXTERNAL_ACCESS. The
assembly is authorized when either of the following is true: the database
owner (DBO) has EXTERNAL ACCESS ASSEMBLY permission and the database has the
TRUSTWORTHY database property on; or the assembly is signed with a
certificate or an asymmetric key that has a corresponding login with
EXTERNAL ACCESS ASSEMBLY permission. If you have restored or attached this
database, make sure the database owner is mapped to the correct login on
this server. If not, use sp_changedbowner to fix the problem. GmsSqlClr

The dbo ( me ) does have EXTERNAL ACCESS permissions and the db is set as
TRUSTWORTHY and the assembly is signed but still no sugar.
Although regarding signing, I am not sure about the "corresponding login"
bit - how is a login associated with a key and how do I find out who it is ?
I would assume that login would be me as I am the one created the key.

Since this is to be used in an isolated/controlled envirnment - is there any
way to just shut CAS off altogether ?

Gerry


"Alberto Poblacion" <earthling-quitaestoparacontestar@xxxxxxxxxxxxx> wrote
in message news:%23U%23oJvY6JHA.1424@xxxxxxxxxxxxxxxxxxxxxxx
"gerry" <germ2@xxxxxxxxxxxxxxxx> wrote in message
news:ObD4BPU6JHA.1372@xxxxxxxxxxxxxxxxxxxxxxx
vs2008 sp1
.net 3.5sp1

I am taking a 1st stab at SQLCLR and after years of .net development have
finally run into CAS.

Trying to access Environment.MachineName() generates the following
exception :

Request for the permission of type
'System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.

Google turns up lots of hits for this but so far nothing that explains
how to get around it.

So now I am looking for sources on handling these types of security
issues.

Basically, Sql Server is creating an AppDomain in which it loads your
code. The permissions that it grants to the AppDomain are restricted by
default, and that's why your code doesn't have the EnvironmentPermission.

The way around it, in this case, is to request more permissions from
Sql Server when you install your assembly. When you execute the CREATE
ASSEMBLY statement to install your assembly into the database, add the
"... WITH PERMISSION_SET = EXTERNAL_ACCESS" clause. This will grant
EnvironmentPermission to this assembly.



.



Relevant Pages

  • Re: db_owner role in SQL 2k
    ... Windows login name. ... login that is the owner of a database and members of the sysadmin role. ... >> the username dbo" ... >> FULL permission to do anything and everything. ...
    (microsoft.public.sqlserver.programming)
  • Re: GRANT CREATE DATABASE versus GRANT ALTER ANY LOGIN
    ... Cannot find the login 'valen\nsLocalDBUsers', ... CREATE DATABASE is a database permission, ALTER ANY LOGIN is a server- ... Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx ...
    (microsoft.public.sqlserver.security)
  • Re: Help me the webapplication cannot run
    ... permission to access the database you are using. ... > Cannot open database requested in login 'test'. ... // Put user code to initialize the page here ... I think the test.mdf is not permission to the use ...
    (microsoft.public.sqlserver.msde)
  • Re: Cannot open database requested in login
    ... authentication to sql server and windows... ... >DELL\VSdotNET is a Login and has been given permission to ... >database ITPSCustomers. ... >> The Windows user you are using to login to SQL Server ...
    (microsoft.public.sqlserver.security)
  • Re: PDO: Switch database user without reopening connection
    ... At the bare minimum there will be a login user who only has ... modifications to the database as well (editors get update permission, ... As database connections are expensive to ... a certain visitor in the Session, and use that value to start the right ...
    (comp.lang.php)