Re: VS.NET application security when starting Application from network

Is there some reason thta you MUST load the .NET code from network share (it
still run locally on the running computer, whether you load it from network
share or install it locally)? If you really want to loaded from network
share, then you must use caspol.exe tool to configure running computer's
security setting to allow .NET code from outside running computer runs. It
is really your choice of either installing locally, or using caspol tool to
configure security settings. If the app is a bit complicated, installing
locally is recommended. If you have a few small apps that may be updated
from time to time and you do not want to install it to users computer, you
can make a network share as your central location for all these .NET apps
and you only need to run CASPOL once on each user computer to create a code
group, which points to the network share with proper permission. After that,
whenever you have a. NET app created, simply drop it to that folder, all
computers in your network would load the app from there and runs. As long as
you have tight controls on who can drop apps into that folder, you can
guarantee the .NET code in that folder is safe to run.

"Christian Muggli" <christian.muggli@xxxxxxxxxxxxxxxxx> wrote in message
news:%23f1IsD5FHHA.3872@xxxxxxxxxxxxxxxxxxxxxxx
Hello folks

following situation:

- we built an application (windows application) with VS.NET 2005/VB.NET
- Application does:
- collect inventory (Win32Product and Win32QuickFixEngineering)
information using WMI (System.Management)
- reads/writes a registry key for a UID (to identify the device)
- connects to a central SQL Server and submit the collected inventory
information

The application must be started from a Network (UNC) Path.. usually this
will be the Netlogon Share, using a Logon Script.

The challenge (problem) we've faced is .NET Security. We do NOT want to
deploy the application using ClickOnceDeploy, nor we want to install a
Security template or something simliar. do we really have to call
caspol.exe in the login script to manage the code access security ? or how
can we 'sign' or authorize the .NET App to run from a network share? we
already thought about going down to vb6/vc6 to get rid off that problem.

(application runs smooth when started locally..)

what we get when we start the App is:

---

System.Security.SecurityException: Request for the permission of type
'System.Security.Permissions.RegistryPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
at System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at Microsoft.Win32.RegistryKey.CheckSubKeyReadPermission(String
subkeyName)
at Microsoft.Win32.RegistryKey.CheckOpenSubKeyPermission(String
subkeyName, Boolean subKeyWritable)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at cxnInvColWorker.basRegistry.RegistryGetValue(String sKey, String
sValue, String sDefaultValue)
at cxnInvColWorker.formMain.formMain_Load(Object sender, EventArgs e)
.
.
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.RegistryPermission
The Zone of the assembly that failed was:
Intranet
---

************** Exception Text **************
System.Security.SecurityException: That assembly does not allow partially
trusted callers.
at
System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly
asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle
rmh, SecurityAction action, Object demand, IPermission permThatFailed)
at cxnInvColWorker.formMain.btnSWInv_Click(Object sender, EventArgs e)
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons
button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message&
m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg,
IntPtr wparam, IntPtr lparam)
The action that failed was:
LinkDemand
The Zone of the assembly that failed was:
Intranet

---

can someone point me in a direction?

helps really appreciated!

Christian




.