Trying to run in partial trust (getting a PolicyException)

Discussion in 'ASP .Net Security' started by David Thielen, Nov 6, 2006.

  1. Hi;

    I am trying to run in partial trust and it will not load my assembly. Can
    anyone point me at what the problem is here? Our code is 100% managed code,
    strongly named & signed, and I don't think we require any permissions that
    would cause a problem.

    Required permissions cannot be acquired.
    Description: An unhandled exception occurred during the execution of the
    current web request. Please review the stack trace for more information about
    the error and where it originated in the code.

    Exception Details: System.Security.Policy.PolicyException: Required
    permissions cannot be acquired.

    Source Error:

    An unhandled exception was generated during the execution of the current web
    request. Information regarding the origin and location of the exception can
    be identified using the exception stack trace below.

    Stack Trace:

    [PolicyException: Required permissions cannot be acquired.]
    System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
    PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
    PermissionSet& denied, Boolean checkExecutionPermission) +2737589
    System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
    PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
    PermissionSet& denied, Int32& securitySpecialFlags, Boolean
    checkExecutionPermission) +57

    [FileLoadException: Could not load file or assembly 'WindwardReports,
    Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53' or one of
    its dependencies. Failed to grant minimum permission requests. (Exception
    from HRESULT: 0x80131417)]
    System.Reflection.Assembly.nLoad(AssemblyName fileName, String codeBase,
    Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark,
    Boolean throwOnFileNotFound, Boolean forIntrospection) +0
    System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef,
    Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean
    forIntrospection) +211
    System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence
    assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +141
    System.Reflection.Assembly.Load(String assemblyString) +25
    System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String
    assemblyName, Boolean starDirective) +32

    [ConfigurationErrorsException: Could not load file or assembly
    'WindwardReports, Version=4.1.35.0, Culture=neutral,
    PublicKeyToken=34ffe15f4bbb8e53' or one of its dependencies. Failed to grant
    minimum permission requests. (Exception from HRESULT: 0x80131417)]
    System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String
    assemblyName, Boolean starDirective) +596

    System.Web.Configuration.CompilationSection.LoadAllAssembliesFromAppDomainBinDirectory() +3487257
    System.Web.Configuration.CompilationSection.LoadAssembly(AssemblyInfo ai)
    +46

    System.Web.Compilation.BuildManager.GetReferencedAssemblies(CompilationSection compConfig) +177
    System.Web.Compilation.WebDirectoryBatchCompiler..ctor(VirtualDirectory
    vdir) +267

    System.Web.Compilation.BuildManager.BatchCompileWebDirectoryInternal(VirtualDirectory vdir, Boolean ignoreErrors) +36

    System.Web.Compilation.BuildManager.BatchCompileWebDirectory(VirtualDirectory
    vdir, VirtualPath virtualDir, Boolean ignoreErrors) +429
    System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath
    virtualPath) +73

    System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath
    virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean
    allowBuildInPrecompile) +580

    System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext
    context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp,
    Boolean allowBuildInPrecompile) +93

    System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath
    virtualPath, HttpContext context, Boolean allowCrossApp, Boolean noAssert)
    +111

    System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath
    virtualPath, Type requiredBaseType, HttpContext context, Boolean
    allowCrossApp, Boolean noAssert) +54
    System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context,
    String requestType, VirtualPath virtualPath, String physicalPath) +31

    System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext
    context, String requestType, VirtualPath virtualPath, String physicalPath) +40
    System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
    requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig)
    +139

    System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +120
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    completedSynchronously) +155




    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm
     
    David Thielen, Nov 6, 2006
    #1
    1. Advertising

  2. Hello Dave,

    From your description, you have changed the trust level of your ASP.NET web
    application(to partial trust) and now you'll encounter .net CAS permission
    error when try running the application ,correct?

    Based on the exception callstack and message you provided, the problem is
    caused by the following assembly:

    ==============
    Could not load file or assembly 'WindwardReports,
    Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53' or one
    of
    its dependencies.
    ==============

    The minimal requested permissions are violating the host environment's
    trust level. I think you can check the permission through the following two
    steps:

    ** Verify your current ASP.NET application's trust level(high or medium
    or...) and find that level's policy file(in framework's config folder
    ----C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) and verify
    whether that assembly contains any code that violate the CAS permissionset
    allowed in that policy.

    ** for assembly, .net 2.0 provide the permcalc.exe tool which can help
    verify the minimum permission sandbox in which an application can run.


    #Permission Calculator Tool (Permcalc.exe)
    http://msdn2.microsoft.com/en-us/library/ms165077(VS.80).aspx


    e.g.

    Permcalc.exe -sandbox mylib.dll

    Hope this helps.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    ==================================================

    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.



    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.

    ==================================================



    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Nov 7, 2006
    #2
    1. Advertising

  3. Ok, this is what I got. How do I find out which are a problem in a partially
    trusted system?

    <Sandbox>
    <PermissionSet version="1" class="System.Security.PermissionSet">
    <IPermission version="1"
    class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1"
    class="System.Security.Permissions.FileIOPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1"
    class="System.Security.Permissions.ReflectionPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Flags="MemberAccess" />
    <IPermission version="1"
    class="System.Security.Permissions.RegistryPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1"
    class="System.Security.Permissions.SecurityPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    version="1" class="System.Security.Permissions.UIPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <IPermission version="1"
    class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1" class="System.Net.SocketPermission, System,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1" class="System.Net.DnsPermission, System,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    </PermissionSet>
    </Sandbox>


    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Steven Cheng[MSFT]" wrote:

    > Hello Dave,
    >
    > From your description, you have changed the trust level of your ASP.NET web
    > application(to partial trust) and now you'll encounter .net CAS permission
    > error when try running the application ,correct?
    >
    > Based on the exception callstack and message you provided, the problem is
    > caused by the following assembly:
    >
    > ==============
    > Could not load file or assembly 'WindwardReports,
    > Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53' or one
    > of
    > its dependencies.
    > ==============
    >
    > The minimal requested permissions are violating the host environment's
    > trust level. I think you can check the permission through the following two
    > steps:
    >
    > ** Verify your current ASP.NET application's trust level(high or medium
    > or...) and find that level's policy file(in framework's config folder
    > ----C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) and verify
    > whether that assembly contains any code that violate the CAS permissionset
    > allowed in that policy.
    >
    > ** for assembly, .net 2.0 provide the permcalc.exe tool which can help
    > verify the minimum permission sandbox in which an application can run.
    >
    >
    > #Permission Calculator Tool (Permcalc.exe)
    > http://msdn2.microsoft.com/en-us/library/ms165077(VS.80).aspx
    >
    >
    > e.g.
    >
    > Permcalc.exe -sandbox mylib.dll
    >
    > Hope this helps.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    >
    > ==================================================
    >
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    >
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >
    > ==================================================
    >
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
    >
    >
    >
     
    David Thielen, Nov 7, 2006
    #3
  4. Hi again;

    How do I find where something is needed. For example, WindwardReports is a
    library and some of the methods accept a file stream. But those methods do
    not need to be used. So how do I figure out where
    System.Security.Permissions.FileIOPermission is required in it?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Steven Cheng[MSFT]" wrote:

    > Hello Dave,
    >
    > From your description, you have changed the trust level of your ASP.NET web
    > application(to partial trust) and now you'll encounter .net CAS permission
    > error when try running the application ,correct?
    >
    > Based on the exception callstack and message you provided, the problem is
    > caused by the following assembly:
    >
    > ==============
    > Could not load file or assembly 'WindwardReports,
    > Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53' or one
    > of
    > its dependencies.
    > ==============
    >
    > The minimal requested permissions are violating the host environment's
    > trust level. I think you can check the permission through the following two
    > steps:
    >
    > ** Verify your current ASP.NET application's trust level(high or medium
    > or...) and find that level's policy file(in framework's config folder
    > ----C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) and verify
    > whether that assembly contains any code that violate the CAS permissionset
    > allowed in that policy.
    >
    > ** for assembly, .net 2.0 provide the permcalc.exe tool which can help
    > verify the minimum permission sandbox in which an application can run.
    >
    >
    > #Permission Calculator Tool (Permcalc.exe)
    > http://msdn2.microsoft.com/en-us/library/ms165077(VS.80).aspx
    >
    >
    > e.g.
    >
    > Permcalc.exe -sandbox mylib.dll
    >
    > Hope this helps.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    >
    > ==================================================
    >
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    >
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >
    > ==================================================
    >
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
    >
    >
    >
     
    David Thielen, Nov 7, 2006
    #4
  5. where does <Sandbox> come from?

    ---
    Dominick Baier, DevelopMentor
    http://www.leastprivilege.com

    > Ok, this is what I got. How do I find out which are a problem in a
    > partially trusted system?
    >
    > <Sandbox>
    > <PermissionSet version="1" class="System.Security.PermissionSet">
    > <IPermission version="1"
    > class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1"
    > class="System.Security.Permissions.FileIOPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1"
    > class="System.Security.Permissions.ReflectionPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Flags="MemberAccess" />
    > <IPermission version="1"
    > class="System.Security.Permissions.RegistryPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1"
    > class="System.Security.Permissions.SecurityPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    > <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    > version="1" class="System.Security.Permissions.UIPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    > <IPermission version="1"
    > class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1" class="System.Net.SocketPermission,
    > System,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1" class="System.Net.DnsPermission, System,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > </PermissionSet>
    > </Sandbox>
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    > "Steven Cheng[MSFT]" wrote:
    >
    >> Hello Dave,
    >>
    >> From your description, you have changed the trust level of your
    >> ASP.NET web application(to partial trust) and now you'll encounter
    >> .net CAS permission error when try running the application ,correct?
    >>
    >> Based on the exception callstack and message you provided, the
    >> problem is caused by the following assembly:
    >>
    >> ==============
    >> Could not load file or assembly 'WindwardReports,
    >> Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53'
    >> or one
    >> of
    >> its dependencies.
    >> ==============
    >> The minimal requested permissions are violating the host
    >> environment's trust level. I think you can check the permission
    >> through the following two steps:
    >>
    >> ** Verify your current ASP.NET application's trust level(high or
    >> medium or...) and find that level's policy file(in framework's config
    >> folder ----C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) and
    >> verify whether that assembly contains any code that violate the CAS
    >> permissionset allowed in that policy.
    >>
    >> ** for assembly, .net 2.0 provide the permcalc.exe tool which can
    >> help verify the minimum permission sandbox in which an application
    >> can run.
    >>
    >> #Permission Calculator Tool (Permcalc.exe)
    >> http://msdn2.microsoft.com/en-us/library/ms165077(VS.80).aspx
    >>
    >> e.g.
    >>
    >> Permcalc.exe -sandbox mylib.dll
    >>
    >> Hope this helps.
    >>
    >> Sincerely,
    >>
    >> Steven Cheng
    >>
    >> Microsoft MSDN Online Support Lead
    >>
    >> ==================================================
    >>
    >> Get notification to my posts through email? Please refer to
    >> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp
    >> x#notif ications.
    >>
    >> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    >> issues where an initial response from the community or a Microsoft
    >> Support Engineer within 1 business day is acceptable. Please note
    >> that each follow up response may take approximately 2 business days
    >> as the support professional working with you may need further
    >> investigation to reach the most efficient resolution. The offering is
    >> not appropriate for situations that require urgent, real-time or
    >> phone-based interactions or complex project analysis and dump
    >> analysis issues. Issues of this nature are best handled working with
    >> a dedicated Microsoft Support Engineer by contacting Microsoft
    >> Customer Support Services (CSS) at
    >> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >>
    >> ==================================================
    >>
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
     
    Dominick Baier, Nov 7, 2006
    #5
  6. It's the output from Permcalc.exe -sandbox mylib.dll

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Dominick Baier" wrote:

    > where does <Sandbox> come from?
    >
    > ---
    > Dominick Baier, DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Ok, this is what I got. How do I find out which are a problem in a
    > > partially trusted system?
    > >
    > > <Sandbox>
    > > <PermissionSet version="1" class="System.Security.PermissionSet">
    > > <IPermission version="1"
    > > class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.FileIOPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.ReflectionPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Flags="MemberAccess" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.RegistryPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.SecurityPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    > > <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    > > version="1" class="System.Security.Permissions.UIPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1" class="System.Net.SocketPermission,
    > > System,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1" class="System.Net.DnsPermission, System,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > </PermissionSet>
    > > </Sandbox>
    > > Cubicle Wars - http://www.windwardreports.com/film.htm
    > >
    > > "Steven Cheng[MSFT]" wrote:
    > >
    > >> Hello Dave,
    > >>
    > >> From your description, you have changed the trust level of your
    > >> ASP.NET web application(to partial trust) and now you'll encounter
    > >> .net CAS permission error when try running the application ,correct?
    > >>
    > >> Based on the exception callstack and message you provided, the
    > >> problem is caused by the following assembly:
    > >>
    > >> ==============
    > >> Could not load file or assembly 'WindwardReports,
    > >> Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53'
    > >> or one
    > >> of
    > >> its dependencies.
    > >> ==============
    > >> The minimal requested permissions are violating the host
    > >> environment's trust level. I think you can check the permission
    > >> through the following two steps:
    > >>
    > >> ** Verify your current ASP.NET application's trust level(high or
    > >> medium or...) and find that level's policy file(in framework's config
    > >> folder ----C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) and
    > >> verify whether that assembly contains any code that violate the CAS
    > >> permissionset allowed in that policy.
    > >>
    > >> ** for assembly, .net 2.0 provide the permcalc.exe tool which can
    > >> help verify the minimum permission sandbox in which an application
    > >> can run.
    > >>
    > >> #Permission Calculator Tool (Permcalc.exe)
    > >> http://msdn2.microsoft.com/en-us/library/ms165077(VS.80).aspx
    > >>
    > >> e.g.
    > >>
    > >> Permcalc.exe -sandbox mylib.dll
    > >>
    > >> Hope this helps.
    > >>
    > >> Sincerely,
    > >>
    > >> Steven Cheng
    > >>
    > >> Microsoft MSDN Online Support Lead
    > >>
    > >> ==================================================
    > >>
    > >> Get notification to my posts through email? Please refer to
    > >> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp
    > >> x#notif ications.
    > >>
    > >> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    > >> issues where an initial response from the community or a Microsoft
    > >> Support Engineer within 1 business day is acceptable. Please note
    > >> that each follow up response may take approximately 2 business days
    > >> as the support professional working with you may need further
    > >> investigation to reach the most efficient resolution. The offering is
    > >> not appropriate for situations that require urgent, real-time or
    > >> phone-based interactions or complex project analysis and dump
    > >> analysis issues. Issues of this nature are best handled working with
    > >> a dedicated Microsoft Support Engineer by contacting Microsoft
    > >> Customer Support Services (CSS) at
    > >> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > >>
    > >> ==================================================
    > >>
    > >> This posting is provided "AS IS" with no warranties, and confers no
    > >> rights.
    > >>

    >
    >
    >
     
    David Thielen, Nov 7, 2006
    #6
  7. ah - sorry - should have read the whole thread..

    do you have any RequestMinimum attributes in your assembly?

    ---
    Dominick Baier, DevelopMentor
    http://www.leastprivilege.com

    > It's the output from Permcalc.exe -sandbox mylib.dll
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    > "Dominick Baier" wrote:
    >
    >> where does <Sandbox> come from?
    >>
    >> ---
    >> Dominick Baier, DevelopMentor
    >> http://www.leastprivilege.com
    >>> Ok, this is what I got. How do I find out which are a problem in a
    >>> partially trusted system?
    >>>
    >>> <Sandbox>
    >>> <PermissionSet version="1" class="System.Security.PermissionSet">
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.FileIOPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.ReflectionPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Flags="MemberAccess" />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.RegistryPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.SecurityPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    >>> <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    >>> version="1" class="System.Security.Permissions.UIPermission,
    >>> mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1" class="System.Net.SocketPermission,
    >>> System,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1" class="System.Net.DnsPermission, System,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> </PermissionSet>
    >>> </Sandbox>
    >>> Cubicle Wars - http://www.windwardreports.com/film.htm
    >>> "Steven Cheng[MSFT]" wrote:
    >>>
    >>>> Hello Dave,
    >>>>
    >>>> From your description, you have changed the trust level of your
    >>>> ASP.NET web application(to partial trust) and now you'll encounter
    >>>> .net CAS permission error when try running the application
    >>>> ,correct?
    >>>>
    >>>> Based on the exception callstack and message you provided, the
    >>>> problem is caused by the following assembly:
    >>>>
    >>>> ==============
    >>>> Could not load file or assembly 'WindwardReports,
    >>>> Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53'
    >>>> or one
    >>>> of
    >>>> its dependencies.
    >>>> ==============
    >>>> The minimal requested permissions are violating the host
    >>>> environment's trust level. I think you can check the permission
    >>>> through the following two steps:
    >>>> ** Verify your current ASP.NET application's trust level(high or
    >>>> medium or...) and find that level's policy file(in framework's
    >>>> config folder
    >>>> ----C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) and
    >>>> verify whether that assembly contains any code that violate the CAS
    >>>> permissionset allowed in that policy.
    >>>>
    >>>> ** for assembly, .net 2.0 provide the permcalc.exe tool which can
    >>>> help verify the minimum permission sandbox in which an application
    >>>> can run.
    >>>>
    >>>> #Permission Calculator Tool (Permcalc.exe)
    >>>> http://msdn2.microsoft.com/en-us/library/ms165077(VS.80).aspx
    >>>> e.g.
    >>>>
    >>>> Permcalc.exe -sandbox mylib.dll
    >>>>
    >>>> Hope this helps.
    >>>>
    >>>> Sincerely,
    >>>>
    >>>> Steven Cheng
    >>>>
    >>>> Microsoft MSDN Online Support Lead
    >>>>
    >>>> ==================================================
    >>>>
    >>>> Get notification to my posts through email? Please refer to
    >>>> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.a
    >>>> sp x#notif ications.
    >>>>
    >>>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    >>>> issues where an initial response from the community or a Microsoft
    >>>> Support Engineer within 1 business day is acceptable. Please note
    >>>> that each follow up response may take approximately 2 business days
    >>>> as the support professional working with you may need further
    >>>> investigation to reach the most efficient resolution. The offering
    >>>> is not appropriate for situations that require urgent, real-time or
    >>>> phone-based interactions or complex project analysis and dump
    >>>> analysis issues. Issues of this nature are best handled working
    >>>> with a dedicated Microsoft Support Engineer by contacting Microsoft
    >>>> Customer Support Services (CSS) at
    >>>> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >>>>
    >>>> ==================================================
    >>>>
    >>>> This posting is provided "AS IS" with no warranties, and confers no
    >>>> rights.
    >>>>
     
    Dominick Baier, Nov 8, 2006
    #7
  8. Hi Dave,

    If the following output is generated through -sandbox option, that means
    these are the minimual CAS permissions demanded by your assembly(for
    calling appdomain).

    ===============
    <Sandbox>
    <PermissionSet version="1" class="System.Security.PermissionSet">
    <IPermission version="1"
    class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1"
    class="System.Security.Permissions.FileIOPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1"
    class="System.Security.Permissions.ReflectionPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Flags="MemberAccess" />
    <IPermission version="1"
    class="System.Security.Permissions.RegistryPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1"
    class="System.Security.Permissions.SecurityPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    version="1" class="System.Security.Permissions.UIPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <IPermission version="1"
    class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1" class="System.Net.SocketPermission, System,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1" class="System.Net.DnsPermission, System,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    </PermissionSet>
    </Sandbox>

    =========================
    I am still wondering how does you change your ASP.NET application's trust
    level, which leve has you set for the application currently? For a given
    trust level, you can view its trust policy file for the available CAS
    permissions of that trust level.


    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Nov 8, 2006
    #8
  9. I have the below in AssemblyInfo.jsl (this is a J# app). I did a grep for
    RequestMinimum and the two items below were the only uses in all of my code.

    I assume the Dns and Socket permissions are the only ones that matter - but
    the original email in this thread lists a lot more items it has problems
    with. Also three questions about the request minimum.

    1: In a partially trusted environment can it be set to allow these?

    2: I only need udp access on a single port - can the SocketPermission be set
    to that? I looked but could not find how to set options for this.

    3: I only need DNS to get the name of the host system so same question - can
    I reduce what this asks for?


    /** @assembly AssemblyTitle("WindwardReports") */
    /** @assembly AssemblyDescription("Windward Reports .net Reporting Engine") */
    /** @assembly AssemblyCompany("Windward Studios, Inc.") */
    /** @assembly AssemblyProduct("WindwardReports") */
    /** @assembly AssemblyCopyright("Copyright © Windward Studios, Inc. 2005,
    All Rights Reserved") */
    /** @assembly AssemblyTrademark("") */
    /** @assembly AssemblyCulture("") */

    /** @assembly ComVisible(false) */
    /** @assembly CLSCompliant(false) */

    /** @assembly AssemblyDelaySign(false) */
    /** @assembly AssemblyKeyFile("keypair.snk") */
    /** @assembly AssemblyKeyName("") */

    /** @assembly AssemblyVersion("4.1.40.0") */

    // ones we need for license check
    /** @assembly SocketPermission(SecurityAction.RequestMinimum, Unrestricted =
    true) */
    /** @assembly DnsPermission(SecurityAction.RequestMinimum, Unrestricted =
    true) */

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Dominick Baier" wrote:

    > ah - sorry - should have read the whole thread..
    >
    > do you have any RequestMinimum attributes in your assembly?
    >
    > ---
    > Dominick Baier, DevelopMentor
    > http://www.leastprivilege.com
    >
    > > It's the output from Permcalc.exe -sandbox mylib.dll
    > >
    > > Cubicle Wars - http://www.windwardreports.com/film.htm
    > >
    > > "Dominick Baier" wrote:
    > >
    > >> where does <Sandbox> come from?
    > >>
    > >> ---
    > >> Dominick Baier, DevelopMentor
    > >> http://www.leastprivilege.com
    > >>> Ok, this is what I got. How do I find out which are a problem in a
    > >>> partially trusted system?
    > >>>
    > >>> <Sandbox>
    > >>> <PermissionSet version="1" class="System.Security.PermissionSet">
    > >>> <IPermission version="1"
    > >>> class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    > >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > >>> Unrestricted="true" />
    > >>> <IPermission version="1"
    > >>> class="System.Security.Permissions.FileIOPermission, mscorlib,
    > >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > >>> Unrestricted="true" />
    > >>> <IPermission version="1"
    > >>> class="System.Security.Permissions.ReflectionPermission, mscorlib,
    > >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > >>> Flags="MemberAccess" />
    > >>> <IPermission version="1"
    > >>> class="System.Security.Permissions.RegistryPermission, mscorlib,
    > >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > >>> Unrestricted="true" />
    > >>> <IPermission version="1"
    > >>> class="System.Security.Permissions.SecurityPermission, mscorlib,
    > >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > >>> Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    > >>> <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    > >>> version="1" class="System.Security.Permissions.UIPermission,
    > >>> mscorlib,
    > >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > >>> />
    > >>> <IPermission version="1"
    > >>> class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    > >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > >>> Unrestricted="true" />
    > >>> <IPermission version="1" class="System.Net.SocketPermission,
    > >>> System,
    > >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > >>> Unrestricted="true" />
    > >>> <IPermission version="1" class="System.Net.DnsPermission, System,
    > >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > >>> Unrestricted="true" />
    > >>> </PermissionSet>
    > >>> </Sandbox>
    > >>> Cubicle Wars - http://www.windwardreports.com/film.htm
    > >>> "Steven Cheng[MSFT]" wrote:
    > >>>
    > >>>> Hello Dave,
    > >>>>
    > >>>> From your description, you have changed the trust level of your
    > >>>> ASP.NET web application(to partial trust) and now you'll encounter
    > >>>> .net CAS permission error when try running the application
    > >>>> ,correct?
    > >>>>
    > >>>> Based on the exception callstack and message you provided, the
    > >>>> problem is caused by the following assembly:
    > >>>>
    > >>>> ==============
    > >>>> Could not load file or assembly 'WindwardReports,
    > >>>> Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53'
    > >>>> or one
    > >>>> of
    > >>>> its dependencies.
    > >>>> ==============
    > >>>> The minimal requested permissions are violating the host
    > >>>> environment's trust level. I think you can check the permission
    > >>>> through the following two steps:
    > >>>> ** Verify your current ASP.NET application's trust level(high or
    > >>>> medium or...) and find that level's policy file(in framework's
    > >>>> config folder
    > >>>> ----C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) and
    > >>>> verify whether that assembly contains any code that violate the CAS
    > >>>> permissionset allowed in that policy.
    > >>>>
    > >>>> ** for assembly, .net 2.0 provide the permcalc.exe tool which can
    > >>>> help verify the minimum permission sandbox in which an application
    > >>>> can run.
    > >>>>
    > >>>> #Permission Calculator Tool (Permcalc.exe)
    > >>>> http://msdn2.microsoft.com/en-us/library/ms165077(VS.80).aspx
    > >>>> e.g.
    > >>>>
    > >>>> Permcalc.exe -sandbox mylib.dll
    > >>>>
    > >>>> Hope this helps.
    > >>>>
    > >>>> Sincerely,
    > >>>>
    > >>>> Steven Cheng
    > >>>>
    > >>>> Microsoft MSDN Online Support Lead
    > >>>>
    > >>>> ==================================================
    > >>>>
    > >>>> Get notification to my posts through email? Please refer to
    > >>>> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.a
    > >>>> sp x#notif ications.
    > >>>>
    > >>>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    > >>>> issues where an initial response from the community or a Microsoft
    > >>>> Support Engineer within 1 business day is acceptable. Please note
    > >>>> that each follow up response may take approximately 2 business days
    > >>>> as the support professional working with you may need further
    > >>>> investigation to reach the most efficient resolution. The offering
    > >>>> is not appropriate for situations that require urgent, real-time or
    > >>>> phone-based interactions or complex project analysis and dump
    > >>>> analysis issues. Issues of this nature are best handled working
    > >>>> with a dedicated Microsoft Support Engineer by contacting Microsoft
    > >>>> Customer Support Services (CSS) at
    > >>>> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > >>>>
    > >>>> ==================================================
    > >>>>
    > >>>> This posting is provided "AS IS" with no warranties, and confers no
    > >>>> rights.
    > >>>>

    >
    >
    >
     
    David Thielen, Nov 8, 2006
    #9
  10. Hello Dave,

    What's your current trust level setting for your ASP.NET web application?

    =============
    ..........
    <trust level="xxxx"/>
    </system.web>
    </configuration>
    ===============

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Nov 9, 2006
    #10
  11. Hi;

    He says it is similiar to medium trust and here is his config file. I tried
    to figure out what is going on but I couldn't find a good explination
    anywhere - I think I just don't understand this well (yet).

    <configuration>
    <mscorlib>
    <security>
    <policy>
    <PolicyLevel version="1">
    <SecurityClasses>
    <SecurityClass Name="AllMembershipCondition"
    Description="System.Security.Policy.AllMembershipCondition, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="AspNetHostingPermission"
    Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="ConfigurationPermission"
    Description="System.Configuration.ConfigurationPermission,
    System.Configuration, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a"/>
    <SecurityClass Name="DnsPermission"
    Description="System.Net.DnsPermission, System, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="EnvironmentPermission"
    Description="System.Security.Permissions.EnvironmentPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="FileIOPermission"
    Description="System.Security.Permissions.FileIOPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="FirstMatchCodeGroup"
    Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="IsolatedStorageFilePermission"
    Description="System.Security.Permissions.IsolatedStorageFilePermission,
    mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="NamedPermissionSet"
    Description="System.Security.NamedPermissionSet"/>
    <SecurityClass Name="OleDbPermission"
    Description="System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="PrintingPermission"
    Description="System.Drawing.Printing.PrintingPermission, System.Drawing,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
    <SecurityClass Name="ReflectionPermission"
    Description="System.Security.Permissions.ReflectionPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="RegistryPermission"
    Description="System.Security.Permissions.RegistryPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="SecurityPermission"
    Description="System.Security.Permissions.SecurityPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="SmtpPermission"
    Description="System.Net.Mail.SmtpPermission, System, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="SocketPermission"
    Description="System.Net.SocketPermission, System, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="SqlClientPermission"
    Description="System.Data.SqlClient.SqlClientPermission, System.Data,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="StrongNameMembershipCondition"
    Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="UnionCodeGroup"
    Description="System.Security.Policy.UnionCodeGroup, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="UrlMembershipCondition"
    Description="System.Security.Policy.UrlMembershipCondition, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="WebPermission"
    Description="System.Net.WebPermission, System, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="ZoneMembershipCondition"
    Description="System.Security.Policy.ZoneMembershipCondition, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    </SecurityClasses>
    <NamedPermissionSets>
    <PermissionSet
    class="NamedPermissionSet"
    version="1"
    Unrestricted="true"
    Name="FullTrust"
    Description="Allows full access to all
    resources"
    />
    <PermissionSet
    class="NamedPermissionSet"
    version="1"
    Name="Nothing"
    Description="Denies all resources, including
    the right to execute"
    />
    <PermissionSet
    class="NamedPermissionSet"
    version="1"
    Name="ASP.Net">
    <IPermission
    class="AspNetHostingPermission"
    version="1"
    Level="Medium"
    />
    <IPermission
    class="ConfigurationPermission"
    version="1"
    Unrestricted="true"
    />
    <IPermission
    class="DnsPermission"
    version="1"
    Unrestricted="true"
    />
    <IPermission
    class="EnvironmentPermission"
    version="1"
    Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"
    />
    <IPermission
    class="FileIOPermission"
    version="1"
    Read="$AppDir$"
    Write="$AppDir$"
    Append="$AppDir$"
    PathDiscovery="$AppDir$"
    />
    <IPermission
    class="IsolatedStorageFilePermission"
    version="1"
    Allowed="AssemblyIsolationByUser"
    UserQuota="9223372036854775807"
    />
    <IPermission
    class="OleDbPermission"
    version="1"
    Unrestricted="true"
    />
    <IPermission
    class="PrintingPermission"
    version="1"
    Level="DefaultPrinting"
    />
    <IPermission
    class="ReflectionPermission"
    version="1"
    Flags="ReflectionEmit, TypeInformation,
    MemberAccess"
    />
    <IPermission
    class="SecurityPermission"
    version="1"
    Flags="Assertion, Execution,
    ControlThread, ControlPrincipal, RemotingConfiguration"
    />
    <IPermission
    class="SmtpPermission"
    version="1"
    Access="Connect"
    />
    <IPermission
    class="SqlClientPermission"
    version="1"
    Unrestricted="true"
    />
    <IPermission
    class="WebPermission"
    version="1"
    Unrestricted="true"
    />
    </PermissionSet>
    </NamedPermissionSets>
    <CodeGroup
    class="FirstMatchCodeGroup"
    version="1"
    PermissionSetName="Nothing">
    <IMembershipCondition
    class="AllMembershipCondition"
    version="1"
    />
    <CodeGroup
    class="UnionCodeGroup"
    version="1"
    PermissionSetName="ASP.Net">
    <IMembershipCondition
    class="UrlMembershipCondition"
    version="1"
    Url="$AppDirUrl$/*"
    />
    </CodeGroup>
    <CodeGroup
    class="UnionCodeGroup"
    version="1"
    PermissionSetName="ASP.Net">
    <IMembershipCondition
    class="UrlMembershipCondition"
    version="1"
    Url="$CodeGen$/*"
    />
    </CodeGroup>
    <CodeGroup class="UnionCodeGroup" version="1"
    PermissionSetName="Nothing">
    <IMembershipCondition
    class="ZoneMembershipCondition"
    version="1"
    Zone="MyComputer" />
    <CodeGroup
    class="UnionCodeGroup"
    version="1"
    PermissionSetName="FullTrust"
    Name="Microsoft_Strong_Name"
    Description="This code group grants code
    signed with the Microsoft strong name full trust. ">
    <IMembershipCondition
    class="StrongNameMembershipCondition"
    version="1"

    PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"
    />
    </CodeGroup>
    <CodeGroup
    class="UnionCodeGroup"
    version="1"
    PermissionSetName="FullTrust"
    Name="Ecma_Strong_Name"
    Description="This code group grants code
    signed with the ECMA strong name full trust. ">
    <IMembershipCondition
    class="StrongNameMembershipCondition"
    version="1"

    PublicKeyBlob="00000000000000000400000000000000"
    />
    </CodeGroup>
    </CodeGroup>
    </CodeGroup>
    </PolicyLevel>
    </policy>
    </security>
    </mscorlib>
    </configuration>
     
    David Thielen, Nov 14, 2006
    #11
  12. Thanks for your reply Dave,

    This policy file is very informative for analyzie the CAS permission issue
    here.

    From the policy file ,you can get that the main ASP.NET specific
    permissions are defined in the following permissionSet:

    ==========================
    <PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net">
    <IPermission class="AspNetHostingPermission" version="1"
    Level="Medium" />
    <IPermission class="ConfigurationPermission" version="1"
    Unrestricted="true" />
    <IPermission class="DnsPermission" version="1" Unrestricted="true" />
    <IPermission class="EnvironmentPermission" version="1"
    Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
    <IPermission class="FileIOPermission" version="1" Read="$AppDir$"
    Write="$AppDir$" Append="$AppDir$"
    PathDiscovery="$AppDir$" />
    <IPermission class="IsolatedStorageFilePermission" version="1"
    Allowed="AssemblyIsolationByUser"
    UserQuota="9223372036854775807" />
    <IPermission class="OleDbPermission" version="1" Unrestricted="true"
    />
    <IPermission class="PrintingPermission" version="1"
    Level="DefaultPrinting" />
    <IPermission class="ReflectionPermission" version="1"
    Flags="ReflectionEmit, TypeInformation,
    MemberAccess" />
    <IPermission class="SecurityPermission" version="1"
    Flags="Assertion, Execution,
    ControlThread, ControlPrincipal, RemotingConfiguration" />
    <IPermission class="SmtpPermission" version="1" Access="Connect" />
    <IPermission class="SqlClientPermission" version="1"
    Unrestricted="true" />
    <IPermission class="WebPermission" version="1" Unrestricted="true" />
    </PermissionSet>
    ==========================

    you can find that there are serveral permission that is quite restricted,
    e.g.

    ==============
    <IPermission class="EnvironmentPermission" version="1"
    Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
    <IPermission class="FileIOPermission" version="1" Read="$AppDir$"
    Write="$AppDir$" Append="$AppDir$"
    PathDiscovery="$AppDir$" />

    <IPermission class="SecurityPermission" version="1" Flags="Assertion,
    Execution,
    ControlThread, ControlPrincipal, RemotingConfiguration" />
    ==================

    However, from the minmal permission set you checked through the
    PermCalc.exe in former reply(as below), there have some items violate the
    policy's permission set:

    =====================
    <Sandbox>
    <PermissionSet version="1" class="System.Security.PermissionSet">
    <IPermission version="1"
    class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1"
    class="System.Security.Permissions.FileIOPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1"
    class="System.Security.Permissions.ReflectionPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Flags="MemberAccess" />
    <IPermission version="1"
    class="System.Security.Permissions.RegistryPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1"
    class="System.Security.Permissions.SecurityPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    version="1" class="System.Security.Permissions.UIPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <IPermission version="1"
    class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1" class="System.Net.SocketPermission, System,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    <IPermission version="1" class="System.Net.DnsPermission, System,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />
    </PermissionSet>
    </Sandbox>
    =================================

    I think this should be the problem here.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    ==================================================

    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.



    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.

    ==================================================



    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Nov 15, 2006
    #12
  13. Hi;

    Ok, that makes sense. To keep this simple, can you help me figure out this
    one and then I think I can take it from there. It says I need:
    <IPermission version="1"
    class="System.Security.Permissions.FileIOPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    Unrestricted="true" />

    The library does have file calls - but no where do I say that it must be
    able to read/write anywhere. And it is easy to use the library with no file
    I/O. How do I set it so that it does not require this permission?

    I thought by not setting any requirements all permissions were optional, not
    demanded by my dll.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Steven Cheng[MSFT]" wrote:

    > Thanks for your reply Dave,
    >
    > This policy file is very informative for analyzie the CAS permission issue
    > here.
    >
    > From the policy file ,you can get that the main ASP.NET specific
    > permissions are defined in the following permissionSet:
    >
    > ==========================
    > <PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net">
    > <IPermission class="AspNetHostingPermission" version="1"
    > Level="Medium" />
    > <IPermission class="ConfigurationPermission" version="1"
    > Unrestricted="true" />
    > <IPermission class="DnsPermission" version="1" Unrestricted="true" />
    > <IPermission class="EnvironmentPermission" version="1"
    > Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
    > <IPermission class="FileIOPermission" version="1" Read="$AppDir$"
    > Write="$AppDir$" Append="$AppDir$"
    > PathDiscovery="$AppDir$" />
    > <IPermission class="IsolatedStorageFilePermission" version="1"
    > Allowed="AssemblyIsolationByUser"
    > UserQuota="9223372036854775807" />
    > <IPermission class="OleDbPermission" version="1" Unrestricted="true"
    > />
    > <IPermission class="PrintingPermission" version="1"
    > Level="DefaultPrinting" />
    > <IPermission class="ReflectionPermission" version="1"
    > Flags="ReflectionEmit, TypeInformation,
    > MemberAccess" />
    > <IPermission class="SecurityPermission" version="1"
    > Flags="Assertion, Execution,
    > ControlThread, ControlPrincipal, RemotingConfiguration" />
    > <IPermission class="SmtpPermission" version="1" Access="Connect" />
    > <IPermission class="SqlClientPermission" version="1"
    > Unrestricted="true" />
    > <IPermission class="WebPermission" version="1" Unrestricted="true" />
    > </PermissionSet>
    > ==========================
    >
    > you can find that there are serveral permission that is quite restricted,
    > e.g.
    >
    > ==============
    > <IPermission class="EnvironmentPermission" version="1"
    > Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
    > <IPermission class="FileIOPermission" version="1" Read="$AppDir$"
    > Write="$AppDir$" Append="$AppDir$"
    > PathDiscovery="$AppDir$" />
    >
    > <IPermission class="SecurityPermission" version="1" Flags="Assertion,
    > Execution,
    > ControlThread, ControlPrincipal, RemotingConfiguration" />
    > ==================
    >
    > However, from the minmal permission set you checked through the
    > PermCalc.exe in former reply(as below), there have some items violate the
    > policy's permission set:
    >
    > =====================
    > <Sandbox>
    > <PermissionSet version="1" class="System.Security.PermissionSet">
    > <IPermission version="1"
    > class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1"
    > class="System.Security.Permissions.FileIOPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1"
    > class="System.Security.Permissions.ReflectionPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Flags="MemberAccess" />
    > <IPermission version="1"
    > class="System.Security.Permissions.RegistryPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1"
    > class="System.Security.Permissions.SecurityPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    > <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    > version="1" class="System.Security.Permissions.UIPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    > <IPermission version="1"
    > class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1" class="System.Net.SocketPermission, System,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > <IPermission version="1" class="System.Net.DnsPermission, System,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    > </PermissionSet>
    > </Sandbox>
    > =================================
    >
    > I think this should be the problem here.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    >
    > ==================================================
    >
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    >
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >
    > ==================================================
    >
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
    >
    >
     
    David Thielen, Nov 15, 2006
    #13
  14. Asking again - can anyone point me at what I should be looking at?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "David Thielen" wrote:

    > Hi;
    >
    > Ok, that makes sense. To keep this simple, can you help me figure out this
    > one and then I think I can take it from there. It says I need:
    > <IPermission version="1"
    > class="System.Security.Permissions.FileIOPermission, mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > Unrestricted="true" />
    >
    > The library does have file calls - but no where do I say that it must be
    > able to read/write anywhere. And it is easy to use the library with no file
    > I/O. How do I set it so that it does not require this permission?
    >
    > I thought by not setting any requirements all permissions were optional, not
    > demanded by my dll.
    >
    > --
    > thanks - dave
    > david_at_windward_dot_net
    > http://www.windwardreports.com
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    >
    >
    >
    > "Steven Cheng[MSFT]" wrote:
    >
    > > Thanks for your reply Dave,
    > >
    > > This policy file is very informative for analyzie the CAS permission issue
    > > here.
    > >
    > > From the policy file ,you can get that the main ASP.NET specific
    > > permissions are defined in the following permissionSet:
    > >
    > > ==========================
    > > <PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net">
    > > <IPermission class="AspNetHostingPermission" version="1"
    > > Level="Medium" />
    > > <IPermission class="ConfigurationPermission" version="1"
    > > Unrestricted="true" />
    > > <IPermission class="DnsPermission" version="1" Unrestricted="true" />
    > > <IPermission class="EnvironmentPermission" version="1"
    > > Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
    > > <IPermission class="FileIOPermission" version="1" Read="$AppDir$"
    > > Write="$AppDir$" Append="$AppDir$"
    > > PathDiscovery="$AppDir$" />
    > > <IPermission class="IsolatedStorageFilePermission" version="1"
    > > Allowed="AssemblyIsolationByUser"
    > > UserQuota="9223372036854775807" />
    > > <IPermission class="OleDbPermission" version="1" Unrestricted="true"
    > > />
    > > <IPermission class="PrintingPermission" version="1"
    > > Level="DefaultPrinting" />
    > > <IPermission class="ReflectionPermission" version="1"
    > > Flags="ReflectionEmit, TypeInformation,
    > > MemberAccess" />
    > > <IPermission class="SecurityPermission" version="1"
    > > Flags="Assertion, Execution,
    > > ControlThread, ControlPrincipal, RemotingConfiguration" />
    > > <IPermission class="SmtpPermission" version="1" Access="Connect" />
    > > <IPermission class="SqlClientPermission" version="1"
    > > Unrestricted="true" />
    > > <IPermission class="WebPermission" version="1" Unrestricted="true" />
    > > </PermissionSet>
    > > ==========================
    > >
    > > you can find that there are serveral permission that is quite restricted,
    > > e.g.
    > >
    > > ==============
    > > <IPermission class="EnvironmentPermission" version="1"
    > > Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
    > > <IPermission class="FileIOPermission" version="1" Read="$AppDir$"
    > > Write="$AppDir$" Append="$AppDir$"
    > > PathDiscovery="$AppDir$" />
    > >
    > > <IPermission class="SecurityPermission" version="1" Flags="Assertion,
    > > Execution,
    > > ControlThread, ControlPrincipal, RemotingConfiguration" />
    > > ==================
    > >
    > > However, from the minmal permission set you checked through the
    > > PermCalc.exe in former reply(as below), there have some items violate the
    > > policy's permission set:
    > >
    > > =====================
    > > <Sandbox>
    > > <PermissionSet version="1" class="System.Security.PermissionSet">
    > > <IPermission version="1"
    > > class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.FileIOPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.ReflectionPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Flags="MemberAccess" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.RegistryPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.SecurityPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    > > <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    > > version="1" class="System.Security.Permissions.UIPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    > > <IPermission version="1"
    > > class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1" class="System.Net.SocketPermission, System,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > <IPermission version="1" class="System.Net.DnsPermission, System,
    > > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    > > Unrestricted="true" />
    > > </PermissionSet>
    > > </Sandbox>
    > > =================================
    > >
    > > I think this should be the problem here.
    > >
    > > Sincerely,
    > >
    > > Steven Cheng
    > >
    > > Microsoft MSDN Online Support Lead
    > >
    > >
    > >
    > > ==================================================
    > >
    > > Get notification to my posts through email? Please refer to
    > > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > > ications.
    > >
    > >
    > >
    > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > > where an initial response from the community or a Microsoft Support
    > > Engineer within 1 business day is acceptable. Please note that each follow
    > > up response may take approximately 2 business days as the support
    > > professional working with you may need further investigation to reach the
    > > most efficient resolution. The offering is not appropriate for situations
    > > that require urgent, real-time or phone-based interactions or complex
    > > project analysis and dump analysis issues. Issues of this nature are best
    > > handled working with a dedicated Microsoft Support Engineer by contacting
    > > Microsoft Customer Support Services (CSS) at
    > > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > >
    > > ==================================================
    > >
    > >
    > >
    > > This posting is provided "AS IS" with no warranties, and confers no rights.
    > >
    > >
    > >
    > >
    > >
    > >
     
    David Thielen, Nov 17, 2006
    #14
  15. from that:

    // ones we need for license check
    /** @assembly SocketPermission(SecurityAction.RequestMinimum, Unrestricted =
    true) */
    /** @assembly DnsPermission(SecurityAction.RequestMinimum, Unrestricted =
    true) */


    it looks like you are requesting permissions which are not included in your
    permission set - add socketperm to the permission set in the policy file...

    ---
    Dominick Baier, DevelopMentor
    http://www.leastprivilege.com

    > Asking again - can anyone point me at what I should be looking at?
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
    > "David Thielen" wrote:
    >
    >> Hi;
    >>
    >> Ok, that makes sense. To keep this simple, can you help me figure out
    >> this
    >> one and then I think I can take it from there. It says I need:
    >> <IPermission version="1"
    >> class="System.Security.Permissions.FileIOPermission, mscorlib,
    >> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >> Unrestricted="true" />
    >> The library does have file calls - but no where do I say that it must
    >> be able to read/write anywhere. And it is easy to use the library
    >> with no file I/O. How do I set it so that it does not require this
    >> permission?
    >>
    >> I thought by not setting any requirements all permissions were
    >> optional, not demanded by my dll.
    >>
    >> --
    >> thanks - dave
    >> david_at_windward_dot_net
    >> http://www.windwardreports.com
    >> Cubicle Wars - http://www.windwardreports.com/film.htm
    >>
    >> "Steven Cheng[MSFT]" wrote:
    >>
    >>> Thanks for your reply Dave,
    >>>
    >>> This policy file is very informative for analyzie the CAS permission
    >>> issue here.
    >>>
    >>> From the policy file ,you can get that the main ASP.NET specific
    >>> permissions are defined in the following permissionSet:
    >>>
    >>> ==========================
    >>> <PermissionSet class="NamedPermissionSet" version="1"
    >>> Name="ASP.Net">
    >>> <IPermission class="AspNetHostingPermission" version="1"
    >>> Level="Medium" />
    >>> <IPermission class="ConfigurationPermission" version="1"
    >>> Unrestricted="true" />
    >>> <IPermission class="DnsPermission" version="1" Unrestricted="true"
    >>> />
    >>> <IPermission class="EnvironmentPermission" version="1"
    >>> Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
    >>> <IPermission class="FileIOPermission" version="1" Read="$AppDir$"
    >>> Write="$AppDir$" Append="$AppDir$"
    >>> PathDiscovery="$AppDir$" />
    >>> <IPermission class="IsolatedStorageFilePermission" version="1"
    >>> Allowed="AssemblyIsolationByUser"
    >>> UserQuota="9223372036854775807" />
    >>> <IPermission class="OleDbPermission" version="1" Unrestricted="true"
    >>> />
    >>> <IPermission class="PrintingPermission" version="1"
    >>> Level="DefaultPrinting" />
    >>> <IPermission class="ReflectionPermission" version="1"
    >>> Flags="ReflectionEmit, TypeInformation,
    >>> MemberAccess" />
    >>> <IPermission class="SecurityPermission" version="1"
    >>> Flags="Assertion, Execution,
    >>> ControlThread, ControlPrincipal, RemotingConfiguration" />
    >>> <IPermission class="SmtpPermission" version="1" Access="Connect" />
    >>> <IPermission class="SqlClientPermission" version="1"
    >>> Unrestricted="true" />
    >>> <IPermission class="WebPermission" version="1" Unrestricted="true"
    >>> />
    >>> </PermissionSet>
    >>> ==========================
    >>> you can find that there are serveral permission that is quite
    >>> restricted, e.g.
    >>>
    >>> ==============
    >>> <IPermission class="EnvironmentPermission" version="1"
    >>> Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
    >>> <IPermission class="FileIOPermission" version="1" Read="$AppDir$"
    >>> Write="$AppDir$" Append="$AppDir$"
    >>> PathDiscovery="$AppDir$" />
    >>> <IPermission class="SecurityPermission" version="1"
    >>> Flags="Assertion,
    >>> Execution,
    >>> ControlThread, ControlPrincipal, RemotingConfiguration" />
    >>> ==================
    >>> However, from the minmal permission set you checked through the
    >>> PermCalc.exe in former reply(as below), there have some items
    >>> violate the policy's permission set:
    >>>
    >>> =====================
    >>> <Sandbox>
    >>> <PermissionSet version="1" class="System.Security.PermissionSet">
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.EnvironmentPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.FileIOPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.ReflectionPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Flags="MemberAccess" />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.RegistryPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.SecurityPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
    >>> <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
    >>> version="1" class="System.Security.Permissions.UIPermission,
    >>> mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> />
    >>> <IPermission version="1"
    >>> class="System.Security.Permissions.KeyContainerPermission, mscorlib,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1" class="System.Net.SocketPermission, System,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> <IPermission version="1" class="System.Net.DnsPermission, System,
    >>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    >>> Unrestricted="true" />
    >>> </PermissionSet>
    >>> </Sandbox>
    >>> =================================
    >>> I think this should be the problem here.
    >>>
    >>> Sincerely,
    >>>
    >>> Steven Cheng
    >>>
    >>> Microsoft MSDN Online Support Lead
    >>>
    >>> ==================================================
    >>>
    >>> Get notification to my posts through email? Please refer to
    >>> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.as
    >>> px#notif ications.
    >>>
    >>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    >>> issues where an initial response from the community or a Microsoft
    >>> Support Engineer within 1 business day is acceptable. Please note
    >>> that each follow up response may take approximately 2 business days
    >>> as the support professional working with you may need further
    >>> investigation to reach the most efficient resolution. The offering
    >>> is not appropriate for situations that require urgent, real-time or
    >>> phone-based interactions or complex project analysis and dump
    >>> analysis issues. Issues of this nature are best handled working with
    >>> a dedicated Microsoft Support Engineer by contacting Microsoft
    >>> Customer Support Services (CSS) at
    >>> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >>>
    >>> ==================================================
    >>>
    >>> This posting is provided "AS IS" with no warranties, and confers no
    >>> rights.
    >>>
     
    Dominick Baier, Nov 17, 2006
    #15
  16. Hi Dave,

    The CAS permission list(sandbox) is calculated based on the permission
    requested by each function entry point in your assembly. You can use the
    "permcalc.exe" without "-sandbox" option to display all the perission
    requested by each entry point. Thus, you can get it is on which function
    that require the certain CAS permission.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Nov 20, 2006
    #16
  17. This is what I needed - thank you.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Steven Cheng[MSFT]" wrote:

    > Hi Dave,
    >
    > The CAS permission list(sandbox) is calculated based on the permission
    > requested by each function entry point in your assembly. You can use the
    > "permcalc.exe" without "-sandbox" option to display all the perission
    > requested by each entry point. Thus, you can get it is on which function
    > that require the certain CAS permission.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
     
    David Thielen, Nov 20, 2006
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Cox [Microsoft MVP]

    ASP.NET 2.0 and Partial Trust with VSTO

    Ken Cox [Microsoft MVP], Jun 12, 2006, in forum: ASP .Net
    Replies:
    6
    Views:
    2,418
    Steven Cheng[MSFT]
    Jun 14, 2006
  2. Atul Thombre

    Custom provider in partial trust mode

    Atul Thombre, Jun 29, 2007, in forum: ASP .Net
    Replies:
    0
    Views:
    372
    Atul Thombre
    Jun 29, 2007
  3. Replies:
    1
    Views:
    998
  4. David
    Replies:
    2
    Views:
    139
    Teemu Keiski
    Dec 18, 2003
  5. Linda
    Replies:
    1
    Views:
    550
    Dominick Baier
    Aug 31, 2006
Loading...

Share This Page