| Groups | Blog | Home |
sql server reporting services : Code Access Security
I am attempting to customize code access security so that a custom assembly
can read from the registry. I added a new permission set like this: <PermissionSet class="NamedPermissionSet" version="1" Name="GPCRegistryPermissionSet"> <IPermission class="RegistryPermission" version="1" Read=" HKEY_LOCAL_MACHINE\SOFTWARE\GPC" /> <IPermission class="SecurityPermission" version="1" Flags="Execution, Assertion" /> </PermissionSet> I added a new code group like this: <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName=" GPCRegistryPermissionSet" Name="GPCCodeGroup" Description="GPC Key Retrieval. "> <IMembershipCondition class="UrlMembershipCondition" version="1" URL="C:\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer\bin\gpc.crypto.dll" /> </CodeGroup> After adding these two entries to rssrvpolicy.config, when I try to access the Reporting Services home page, I get the message "Unable to communicate with report server. Please verify that the report server is operational." After some experimentation, I found that if I remove the new code group section, then the Reporting Services home page will come up fine. So there is something wrong with the format or placement of the new code group section, but I can't figure out what. The full rssrvpolicy.config file is listed below. Please help, thanks. <configuration> <mscorlib> <security> <policy> <PolicyLevel version="1"> <SecurityClasses> <SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="DnsPermission" Description="System.Net.DnsPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="IsolatedStorageFilePermission" Description="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/> <SecurityClass Name="PrintingPermission" Description="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> <SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="RegistryPermission" Description="System.Security.Permissions.RegistryPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="SqlClientPermission" Description="System.Data.SqlClient.SqlClientPermission, System.Data, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> </SecurityClasses> <NamedPermissionSets> <PermissionSet class="NamedPermissionSet" version="1" Unrestricted="true" Name="FullTrust" Description="Allows full access to all resources" /> <PermissionSet class="NamedPermissionSet" version="1" Name="Nothing" Description="Denies all resources, including the right to execute" /> <PermissionSet
I managed to figure out the solution. I didn't have the syntax for the code
group quite right. The correct format should be: <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="GPCRegistry" Name="GPC_Reports" Description="Custom Assemblies for GPC Reports"> <IMembershipCondition class="UrlMembershipCondition" version="1" Url="file://C:/Program Files/Microsoft SQL Server/MSSQL/Reporting Services/ReportServer/bin/gpc.crypto.dll"/> </CodeGroup> I also discovered that editing policy files by hand is the hard way. (I haven't had much experience with code access security.) The easier way is to use the GUI tool mscorcfg.msc and make changes to the the Machine policy file. Then, cut and paste the changes from security.config to rssrvpolicy.config. Be sure to make a backup copy of the .config files before making any changes. You can also access the GUI tool via the Microsoft .NET Framework 1.1 Configuration shortcut in Administrative Tools. BTW - in the code remember to include the correct security attributes like so: [RegistryPermissionAttribute(SecurityAction.Assert, Read=@" HKEY_LOCAL_MACHINE\SOFTWARE\GPC")] public static string getEncryptionKey() { . . . [quoted text, click to view] "Joel Daniels" wrote:
> I am attempting to customize code access security so that a custom assembly > can read from the registry. I added a new permission set like this: > <PermissionSet > class="NamedPermissionSet" > version="1" > Name="GPCRegistryPermissionSet"> > <IPermission class="RegistryPermission" > version="1" > Read=" HKEY_LOCAL_MACHINE\SOFTWARE\GPC" > /> > <IPermission > class="SecurityPermission" > version="1" > Flags="Execution, Assertion" > /> > </PermissionSet> > > I added a new code group like this: > > <CodeGroup > class="UnionCodeGroup" > version="1" > PermissionSetName=" GPCRegistryPermissionSet" > Name="GPCCodeGroup" > Description="GPC Key Retrieval. "> > <IMembershipCondition class="UrlMembershipCondition" > version="1" > URL="C:\Program Files\Microsoft SQL > Server\MSSQL\Reporting Services\ReportServer\bin\gpc.crypto.dll" /> > </CodeGroup> > > After adding these two entries to rssrvpolicy.config, when I try to access > the Reporting Services home page, I get the message "Unable to communicate > with report server. Please verify that the report server is operational." > After some experimentation, I found that if I remove the new code group > section, then the Reporting Services home page will come up fine. So there is > something wrong with the format or placement of the new code group section, > but I can't figure out what. The full rssrvpolicy.config file is listed > below. Please help, thanks. > > > <configuration> > <mscorlib> > <security> > <policy> > <PolicyLevel version="1"> > <SecurityClasses> > <SecurityClass Name="AllMembershipCondition" > Description="System.Security.Policy.AllMembershipCondition, mscorlib, > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="AspNetHostingPermission" > Description="System.Web.AspNetHostingPermission, System, Version=1.0.5000.0, > Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="DnsPermission" > Description="System.Net.DnsPermission, System, Version=1.0.5000.0, > Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="EnvironmentPermission" > Description="System.Security.Permissions.EnvironmentPermission, mscorlib, > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="FileIOPermission" > Description="System.Security.Permissions.FileIOPermission, mscorlib, > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="FirstMatchCodeGroup" > Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="IsolatedStorageFilePermission" > Description="System.Security.Permissions.IsolatedStorageFilePermission, > mscorlib, Version=1.0.5000.0, Culture=neutral, > PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="NamedPermissionSet" > Description="System.Security.NamedPermissionSet"/> > <SecurityClass Name="PrintingPermission" > Description="System.Drawing.Printing.PrintingPermission, System.Drawing, > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> > <SecurityClass Name="ReflectionPermission" > Description="System.Security.Permissions.ReflectionPermission, mscorlib, > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="RegistryPermission" > Description="System.Security.Permissions.RegistryPermission, mscorlib, > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="SecurityPermission" > Description="System.Security.Permissions.SecurityPermission, mscorlib, > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="SocketPermission" > Description="System.Net.SocketPermission, System, Version=1.0.5000.0, > Culture=neutral, PublicKeyToken=b77a5c561934e089"/> > <SecurityClass Name="SqlClientPermission" > Description="System.Data.SqlClient.SqlClientPermission, System.Data,
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |