| Groups | Blog | Home |
asp.net security : Required permissions cannot be acquired?
I have had a very similar problem and what I did to solve it was to add the
everyone group read/write access to this folder and all subfolders. This was on my dev machine and so did not matter. I doubt you want to do this in production. I tried to be more granular than the entire directory by downloading FileMon from SysInternals and watching to see what directory the aspnet_wp process attempted to access when it got an access denied error, but that didn't work in all cases. There is a link - http://www.error-bank.com/microsoft.public.dotnet.framework.adonet/79112_Thread.aspx This thread will tell you the same thing. Look at the last message in the thread. Hope this helps. If not, I feel we should all go back to DBase III+. [quoted text, click to view] "Bradley Plett" wrote:
> I've posted a similar question in the > microsoft.public.sqlserver.reportingsvcs group, but I need to solve > this and it is more of a .NET/permissions issue anyway. However, it > is in the context of RS' forms authentication, which is making it more > difficult for me to understand/debug. > > I have forms authentication in SQL RS working like a charm. (For more > info, see > http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). > However, I am now trying to do some authentication against an Oracle > database. What's very strange is that as soon as I try to bind to > Oracle's client (Oracle.DataAccess in, by default, > C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get > "System.Security.Policy.PolicyException: Required permissions cannot > be acquired." I've definitely narrowed it down to the Oracle binding, > but can't figure out how to make it work. I've looked in "Microsoft > ..NET Framework 1.1 Configuration" under "Runtime Security Policy" and > did an "Evaluate Assembly", which returned "Unrestricted". I also > tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL > Server\MSSQL\Reporting Services\ReportServer\") to add a full trust > for the Oracle.DataAccess.dll, but none of this has helped. Any other > ideas or suggestions? > > Despite being much more capable, I often find .NET permissions much > more confusing, especially trying to debug this type of failure. If > anyone can point me to some good tools and/or techniques on this > topic, I'd MUCH appreciate it. I suppose part of the problem is that > I don't have time to read an entire book - I just want to skip to the > good parts! :-) > > Thanks a lot! > Brad.
I've posted a similar question in the
microsoft.public.sqlserver.reportingsvcs group, but I need to solve this and it is more of a .NET/permissions issue anyway. However, it is in the context of RS' forms authentication, which is making it more difficult for me to understand/debug. I have forms authentication in SQL RS working like a charm. (For more info, see http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). However, I am now trying to do some authentication against an Oracle database. What's very strange is that as soon as I try to bind to Oracle's client (Oracle.DataAccess in, by default, C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get "System.Security.Policy.PolicyException: Required permissions cannot be acquired." I've definitely narrowed it down to the Oracle binding, but can't figure out how to make it work. I've looked in "Microsoft ..NET Framework 1.1 Configuration" under "Runtime Security Policy" and did an "Evaluate Assembly", which returned "Unrestricted". I also tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer\") to add a full trust for the Oracle.DataAccess.dll, but none of this has helped. Any other ideas or suggestions? Despite being much more capable, I often find .NET permissions much more confusing, especially trying to debug this type of failure. If anyone can point me to some good tools and/or techniques on this topic, I'd MUCH appreciate it. I suppose part of the problem is that I don't have time to read an entire book - I just want to skip to the good parts! :-) Thanks a lot!
Thanks for that prompt reply!
It was a good idea, but sadly it didn't make any difference in my case. :-( I did find it somewhat interesting that the permissions on "C:\oracle" already included everyone, but the permissions weren't being inherited by "C:\oracle\ora92". I had only been checking on "C:\oracle", so I was hopeful when I discovered this. Still, when I opened up "C:\oracle\ora92" to everyone, and ensured that everyone definitely had access to read & execute "C:\oracle\ora92\bin\Oracle.DataAccess.dll", there was no change in the behavior of my app, even after a reboot. Brad. P.S. DBase III+?!?!? Well, it's great to hear from another old-timer like myself who actually remembers that! :-) On Thu, 2 Sep 2004 14:35:03 -0700, Popezilla [quoted text, click to view] <Popezilla@discussions.microsoft.com> wrote:
>I have had a very similar problem and what I did to solve it was to add the >everyone group read/write access to this folder and all subfolders. This was >on my dev machine and so did not matter. I doubt you want to do this in >production. > >I tried to be more granular than the entire directory by downloading FileMon >from SysInternals and watching to see what directory the aspnet_wp process >attempted to access when it got an access denied error, but that didn't work >in all cases. > >There is a link - > >http://www.error-bank.com/microsoft.public.dotnet.framework.adonet/79112_Thread.aspx > >This thread will tell you the same thing. Look at the last message in the >thread. > >Hope this helps. If not, I feel we should all go back to DBase III+. > > >"Bradley Plett" wrote: > >> I've posted a similar question in the >> microsoft.public.sqlserver.reportingsvcs group, but I need to solve >> this and it is more of a .NET/permissions issue anyway. However, it >> is in the context of RS' forms authentication, which is making it more >> difficult for me to understand/debug. >> >> I have forms authentication in SQL RS working like a charm. (For more >> info, see >> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). >> However, I am now trying to do some authentication against an Oracle >> database. What's very strange is that as soon as I try to bind to >> Oracle's client (Oracle.DataAccess in, by default, >> C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get >> "System.Security.Policy.PolicyException: Required permissions cannot >> be acquired." I've definitely narrowed it down to the Oracle binding, >> but can't figure out how to make it work. I've looked in "Microsoft >> ..NET Framework 1.1 Configuration" under "Runtime Security Policy" and >> did an "Evaluate Assembly", which returned "Unrestricted". I also >> tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL >> Server\MSSQL\Reporting Services\ReportServer\") to add a full trust >> for the Oracle.DataAccess.dll, but none of this has helped. Any other >> ideas or suggestions? >> >> Despite being much more capable, I often find .NET permissions much >> more confusing, especially trying to debug this type of failure. If >> anyone can point me to some good tools and/or techniques on this >> topic, I'd MUCH appreciate it. I suppose part of the problem is that >> I don't have time to read an entire book - I just want to skip to the >> good parts! :-) >> >> Thanks a lot! >> Brad. >>
Bradley,
The problem probably lies with the Oracle client requiring some permission that your code is not being granted, not with a permission that the Oracle code is not being granted. You can use permview.exe (http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfpermissionsviewtoolpermviewexe.asp) to verify the permission(s) for which a RequestMinimum has been specified in the Oracle.DataAccess.dll assembly. If there are any required permissions, you should then use the "evaluate assembly" functionality in the .NET configuration manager to determine if your assembly has been granted these permissions. HTH, Nicole [quoted text, click to view] "Bradley Plett" <plettb@hotmail.com> wrote in message news:573fj0lnfsrcamqrj33i0ae12tj636fqde@4ax.com... > I've posted a similar question in the > microsoft.public.sqlserver.reportingsvcs group, but I need to solve > this and it is more of a .NET/permissions issue anyway. However, it > is in the context of RS' forms authentication, which is making it more > difficult for me to understand/debug. > > I have forms authentication in SQL RS working like a charm. (For more > info, see > http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). > However, I am now trying to do some authentication against an Oracle > database. What's very strange is that as soon as I try to bind to > Oracle's client (Oracle.DataAccess in, by default, > C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get > "System.Security.Policy.PolicyException: Required permissions cannot > be acquired." I've definitely narrowed it down to the Oracle binding, > but can't figure out how to make it work. I've looked in "Microsoft > .NET Framework 1.1 Configuration" under "Runtime Security Policy" and > did an "Evaluate Assembly", which returned "Unrestricted". I also > tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL > Server\MSSQL\Reporting Services\ReportServer\") to add a full trust > for the Oracle.DataAccess.dll, but none of this has helped. Any other > ideas or suggestions? > > Despite being much more capable, I often find .NET permissions much > more confusing, especially trying to debug this type of failure. If > anyone can point me to some good tools and/or techniques on this > topic, I'd MUCH appreciate it. I suppose part of the problem is that > I don't have time to read an entire book - I just want to skip to the > good parts! :-) > > Thanks a lot! > Brad.
Thanks a lot - this may be getting me closer! :-)
I ran permview on Oracle.DataAccess.dll, and here's the output: ================================================== Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573 Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. minimal permission set: <PermissionSet class="System.Security.PermissionSet" version="1"> <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="SkipVerification"/> </PermissionSet> optional permission set: Not specified refused permission set: Not specified ================================================== Now what? It does appear that the Oracle.DataAccess.dll does require some special permissions, but in my context I don't know how to provide those permissions. Any ideas? Thanks! Brad. On Fri, 3 Sep 2004 08:16:38 -0400, "Nicole Calinoiu" <ngcalinoiu [quoted text, click to view] REMOVETHIS AT gmail DOT com> wrote:
>Bradley, > >The problem probably lies with the Oracle client requiring some permission >that your code is not being granted, not with a permission that the Oracle >code is not being granted. You can use permview.exe >(http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfpermissionsviewtoolpermviewexe.asp) >to verify the permission(s) for which a RequestMinimum has been specified in >the Oracle.DataAccess.dll assembly. If there are any required permissions, >you should then use the "evaluate assembly" functionality in the .NET >configuration manager to determine if your assembly has been granted these >permissions. > >HTH, >Nicole > > > >"Bradley Plett" <plettb@hotmail.com> wrote in message >news:573fj0lnfsrcamqrj33i0ae12tj636fqde@4ax.com... >> I've posted a similar question in the >> microsoft.public.sqlserver.reportingsvcs group, but I need to solve >> this and it is more of a .NET/permissions issue anyway. However, it >> is in the context of RS' forms authentication, which is making it more >> difficult for me to understand/debug. >> >> I have forms authentication in SQL RS working like a charm. (For more >> info, see >> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). >> However, I am now trying to do some authentication against an Oracle >> database. What's very strange is that as soon as I try to bind to >> Oracle's client (Oracle.DataAccess in, by default, >> C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get >> "System.Security.Policy.PolicyException: Required permissions cannot >> be acquired." I've definitely narrowed it down to the Oracle binding, >> but can't figure out how to make it work. I've looked in "Microsoft >> .NET Framework 1.1 Configuration" under "Runtime Security Policy" and >> did an "Evaluate Assembly", which returned "Unrestricted". I also >> tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL >> Server\MSSQL\Reporting Services\ReportServer\") to add a full trust >> for the Oracle.DataAccess.dll, but none of this has helped. Any other >> ideas or suggestions? >> >> Despite being much more capable, I often find .NET permissions much >> more confusing, especially trying to debug this type of failure. If >> anyone can point me to some good tools and/or techniques on this >> topic, I'd MUCH appreciate it. I suppose part of the problem is that >> I don't have time to read an entire book - I just want to skip to the >> good parts! :-) >> >> Thanks a lot! >> Brad. >
I think you may have identified the problem, but my knowledge of
security policy configuration files is too limited to solve it. :-( Looking at the config file, I'm guessing I'm referencing it as a private assembly, whereas I should reference it through the GAC. I'd gladly reference it through the GAC, but how? Here's the relevant snippet of code from the rssrvpolicy.config file: ================================================== <CodeGroup class="UnionCodeGroup" version="1" Name="OracleDataAccess" Description="Code group for Oracle data access" PermissionSetName="FullTrust"> <IMembershipCondition class="UrlMembershipCondition" version="1" Url="C:\oracle\ora92\bin\Oracle.DataAccess.dll" /> </CodeGroup> ================================================== I added this code using another sample, but the sample uses a private assembly. How would I change this to use the copy or Oracle that is registered in the GAC? (I realize there may be tokens in the above snippet that you'll need in order to help me. If so, please let me know - the entire file was a little too big to post.) Thanks again! Brad. On Fri, 3 Sep 2004 12:12:32 -0400, "Nicole Calinoiu" <ngcalinoiu [quoted text, click to view] REMOVETHIS AT gmail DOT com> wrote:
>Whoops, forgot a question... Is your code referencing Oracle.DataAccess.dll >from the GAC or as a private assembly copied into its own location? If the >latter, it probably won't be granted the SkipVerification permission it >requires, thereby explaining the PolicyException. If this is the problem, >referencing it from the GAC should fix it. > > > >"Bradley Plett" <plettb@hotmail.com> wrote in message >news:vn2hj0hd8bv8dp316ddc71s6fpirutgpig@4ax.com... >> Thanks a lot - this may be getting me closer! :-) >> >> I ran permview on Oracle.DataAccess.dll, and here's the output: >> ================================================== >> Microsoft (R) .NET Framework Permission Request Viewer. Version >> 1.1.4322.573 >> Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. >> >> minimal permission set: >> <PermissionSet class="System.Security.PermissionSet" >> version="1"> >> <IPermission class="System.Security.Permissions.SecurityPermission, >> mscorlib, >> Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >> version="1" >> Flags="SkipVerification"/> >> </PermissionSet> >> >> optional permission set: >> Not specified >> >> refused permission set: >> Not specified >> ================================================== >> >> Now what? It does appear that the Oracle.DataAccess.dll does require >> some special permissions, but in my context I don't know how to >> provide those permissions. Any ideas? >> >> Thanks! >> Brad. >> >> >> On Fri, 3 Sep 2004 08:16:38 -0400, "Nicole Calinoiu" <ngcalinoiu >> REMOVETHIS AT gmail DOT com> wrote: >> >>>Bradley, >>> >>>The problem probably lies with the Oracle client requiring some permission >>>that your code is not being granted, not with a permission that the Oracle >>>code is not being granted. You can use permview.exe >>>(http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfpermissionsviewtoolpermviewexe.asp) >>>to verify the permission(s) for which a RequestMinimum has been specified >>>in >>>the Oracle.DataAccess.dll assembly. If there are any required >>>permissions, >>>you should then use the "evaluate assembly" functionality in the .NET >>>configuration manager to determine if your assembly has been granted these >>>permissions. >>> >>>HTH, >>>Nicole >>> >>> >>> >>>"Bradley Plett" <plettb@hotmail.com> wrote in message >>>news:573fj0lnfsrcamqrj33i0ae12tj636fqde@4ax.com... >>>> I've posted a similar question in the >>>> microsoft.public.sqlserver.reportingsvcs group, but I need to solve >>>> this and it is more of a .NET/permissions issue anyway. However, it >>>> is in the context of RS' forms authentication, which is making it more >>>> difficult for me to understand/debug. >>>> >>>> I have forms authentication in SQL RS working like a charm. (For more >>>> info, see >>>> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). >>>> However, I am now trying to do some authentication against an Oracle >>>> database. What's very strange is that as soon as I try to bind to >>>> Oracle's client (Oracle.DataAccess in, by default, >>>> C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get >>>> "System.Security.Policy.PolicyException: Required permissions cannot >>>> be acquired." I've definitely narrowed it down to the Oracle binding, >>>> but can't figure out how to make it work. I've looked in "Microsoft >>>> .NET Framework 1.1 Configuration" under "Runtime Security Policy" and >>>> did an "Evaluate Assembly", which returned "Unrestricted". I also >>>> tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL >>>> Server\MSSQL\Reporting Services\ReportServer\") to add a full trust >>>> for the Oracle.DataAccess.dll, but none of this has helped. Any other >>>> ideas or suggestions? >>>> >>>> Despite being much more capable, I often find .NET permissions much >>>> more confusing, especially trying to debug this type of failure. If >>>> anyone can point me to some good tools and/or techniques on this >>>> topic, I'd MUCH appreciate it. I suppose part of the problem is that >>>> I don't have time to read an entire book - I just want to skip to the >>>> good parts! :-) >>>> >>>> Thanks a lot! >>>> Brad. >>> >> >
SkipVerification isn't going to cause any problems unless the
Oracle.DataAccess.dll assembly isn't granted this permission. Since you mentioned that it's granted unrestricted permissions, which include SkipVerification, this should not be a problem. Unfortunately, this means that the Oracle client is probably demanding a permission that your assembly doesn't possess, which will be a bit harder to track down. Could you please provide the following information: 1. Which version of ODP.NET are you using? 2. On which line of code is the exception raised? 3. What permissions are granted to your own assembly (as per the .NET configuration manager "evaluate assembly" functionality)? [quoted text, click to view] "Bradley Plett" <plettb@hotmail.com> wrote in message news:vn2hj0hd8bv8dp316ddc71s6fpirutgpig@4ax.com... > Thanks a lot - this may be getting me closer! :-) > > I ran permview on Oracle.DataAccess.dll, and here's the output: > ================================================== > Microsoft (R) .NET Framework Permission Request Viewer. Version > 1.1.4322.573 > Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. > > minimal permission set: > <PermissionSet class="System.Security.PermissionSet" > version="1"> > <IPermission class="System.Security.Permissions.SecurityPermission, > mscorlib, > Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > version="1" > Flags="SkipVerification"/> > </PermissionSet> > > optional permission set: > Not specified > > refused permission set: > Not specified > ================================================== > > Now what? It does appear that the Oracle.DataAccess.dll does require > some special permissions, but in my context I don't know how to > provide those permissions. Any ideas? > > Thanks! > Brad. > > > On Fri, 3 Sep 2004 08:16:38 -0400, "Nicole Calinoiu" <ngcalinoiu > REMOVETHIS AT gmail DOT com> wrote: > >>Bradley, >> >>The problem probably lies with the Oracle client requiring some permission >>that your code is not being granted, not with a permission that the Oracle >>code is not being granted. You can use permview.exe >>(http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfpermissionsviewtoolpermviewexe.asp) >>to verify the permission(s) for which a RequestMinimum has been specified >>in >>the Oracle.DataAccess.dll assembly. If there are any required >>permissions, >>you should then use the "evaluate assembly" functionality in the .NET >>configuration manager to determine if your assembly has been granted these >>permissions. >> >>HTH, >>Nicole >> >> >> >>"Bradley Plett" <plettb@hotmail.com> wrote in message >>news:573fj0lnfsrcamqrj33i0ae12tj636fqde@4ax.com... >>> I've posted a similar question in the >>> microsoft.public.sqlserver.reportingsvcs group, but I need to solve >>> this and it is more of a .NET/permissions issue anyway. However, it >>> is in the context of RS' forms authentication, which is making it more >>> difficult for me to understand/debug. >>> >>> I have forms authentication in SQL RS working like a charm. (For more >>> info, see >>> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). >>> However, I am now trying to do some authentication against an Oracle >>> database. What's very strange is that as soon as I try to bind to >>> Oracle's client (Oracle.DataAccess in, by default, >>> C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get >>> "System.Security.Policy.PolicyException: Required permissions cannot >>> be acquired." I've definitely narrowed it down to the Oracle binding, >>> but can't figure out how to make it work. I've looked in "Microsoft >>> .NET Framework 1.1 Configuration" under "Runtime Security Policy" and >>> did an "Evaluate Assembly", which returned "Unrestricted". I also >>> tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL >>> Server\MSSQL\Reporting Services\ReportServer\") to add a full trust >>> for the Oracle.DataAccess.dll, but none of this has helped. Any other >>> ideas or suggestions? >>> >>> Despite being much more capable, I often find .NET permissions much >>> more confusing, especially trying to debug this type of failure. If >>> anyone can point me to some good tools and/or techniques on this >>> topic, I'd MUCH appreciate it. I suppose part of the problem is that >>> I don't have time to read an entire book - I just want to skip to the >>> good parts! :-) >>> >>> Thanks a lot! >>> Brad. >> >
Whoops, forgot a question... Is your code referencing Oracle.DataAccess.dll
from the GAC or as a private assembly copied into its own location? If the latter, it probably won't be granted the SkipVerification permission it requires, thereby explaining the PolicyException. If this is the problem, referencing it from the GAC should fix it. [quoted text, click to view] "Bradley Plett" <plettb@hotmail.com> wrote in message news:vn2hj0hd8bv8dp316ddc71s6fpirutgpig@4ax.com... > Thanks a lot - this may be getting me closer! :-) > > I ran permview on Oracle.DataAccess.dll, and here's the output: > ================================================== > Microsoft (R) .NET Framework Permission Request Viewer. Version > 1.1.4322.573 > Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. > > minimal permission set: > <PermissionSet class="System.Security.PermissionSet" > version="1"> > <IPermission class="System.Security.Permissions.SecurityPermission, > mscorlib, > Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > version="1" > Flags="SkipVerification"/> > </PermissionSet> > > optional permission set: > Not specified > > refused permission set: > Not specified > ================================================== > > Now what? It does appear that the Oracle.DataAccess.dll does require > some special permissions, but in my context I don't know how to > provide those permissions. Any ideas? > > Thanks! > Brad. > > > On Fri, 3 Sep 2004 08:16:38 -0400, "Nicole Calinoiu" <ngcalinoiu > REMOVETHIS AT gmail DOT com> wrote: > >>Bradley, >> >>The problem probably lies with the Oracle client requiring some permission >>that your code is not being granted, not with a permission that the Oracle >>code is not being granted. You can use permview.exe >>(http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfpermissionsviewtoolpermviewexe.asp) >>to verify the permission(s) for which a RequestMinimum has been specified >>in >>the Oracle.DataAccess.dll assembly. If there are any required >>permissions, >>you should then use the "evaluate assembly" functionality in the .NET >>configuration manager to determine if your assembly has been granted these >>permissions. >> >>HTH, >>Nicole >> >> >> >>"Bradley Plett" <plettb@hotmail.com> wrote in message >>news:573fj0lnfsrcamqrj33i0ae12tj636fqde@4ax.com... >>> I've posted a similar question in the >>> microsoft.public.sqlserver.reportingsvcs group, but I need to solve >>> this and it is more of a .NET/permissions issue anyway. However, it >>> is in the context of RS' forms authentication, which is making it more >>> difficult for me to understand/debug. >>> >>> I have forms authentication in SQL RS working like a charm. (For more >>> info, see >>> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). >>> However, I am now trying to do some authentication against an Oracle >>> database. What's very strange is that as soon as I try to bind to >>> Oracle's client (Oracle.DataAccess in, by default, >>> C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get >>> "System.Security.Policy.PolicyException: Required permissions cannot >>> be acquired." I've definitely narrowed it down to the Oracle binding, >>> but can't figure out how to make it work. I've looked in "Microsoft >>> .NET Framework 1.1 Configuration" under "Runtime Security Policy" and >>> did an "Evaluate Assembly", which returned "Unrestricted". I also >>> tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL >>> Server\MSSQL\Reporting Services\ReportServer\") to add a full trust >>> for the Oracle.DataAccess.dll, but none of this has helped. Any other >>> ideas or suggestions? >>> >>> Despite being much more capable, I often find .NET permissions much >>> more confusing, especially trying to debug this type of failure. If >>> anyone can point me to some good tools and/or techniques on this >>> topic, I'd MUCH appreciate it. I suppose part of the problem is that >>> I don't have time to read an entire book - I just want to skip to the >>> good parts! :-) >>> >>> Thanks a lot! >>> Brad. >> >
Did you create a Visual Studio project to build an assembly that is
performing the authentication against the Oracle database? If so, that's where the reference was set to Oracle.DataAccess.dll, not in the rssrvpolicy.config file. If not, could you please identify the sample you are following since there are just too many possibilities for me to keep guessing... [quoted text, click to view] "Bradley Plett" <plettb@hotmail.com> wrote in message news:ob8hj0d7u5elmda60ipnbiu8flel9q3vmv@4ax.com... >I think you may have identified the problem, but my knowledge of > security policy configuration files is too limited to solve it. :-( > > Looking at the config file, I'm guessing I'm referencing it as a > private assembly, whereas I should reference it through the GAC. I'd > gladly reference it through the GAC, but how? > > Here's the relevant snippet of code from the rssrvpolicy.config file: > ================================================== > <CodeGroup > class="UnionCodeGroup" > version="1" > Name="OracleDataAccess" > Description="Code group for Oracle data access" > PermissionSetName="FullTrust"> > <IMembershipCondition > class="UrlMembershipCondition" > version="1" > Url="C:\oracle\ora92\bin\Oracle.DataAccess.dll" > /> > </CodeGroup> > ================================================== > I added this code using another sample, but the sample uses a private > assembly. How would I change this to use the copy or Oracle that is > registered in the GAC? (I realize there may be tokens in the above > snippet that you'll need in order to help me. If so, please let me > know - the entire file was a little too big to post.) > > Thanks again! > Brad. > > > On Fri, 3 Sep 2004 12:12:32 -0400, "Nicole Calinoiu" <ngcalinoiu > REMOVETHIS AT gmail DOT com> wrote: > >>Whoops, forgot a question... Is your code referencing >>Oracle.DataAccess.dll >>from the GAC or as a private assembly copied into its own location? If >>the >>latter, it probably won't be granted the SkipVerification permission it >>requires, thereby explaining the PolicyException. If this is the problem, >>referencing it from the GAC should fix it. >> >> >> >>"Bradley Plett" <plettb@hotmail.com> wrote in message >>news:vn2hj0hd8bv8dp316ddc71s6fpirutgpig@4ax.com... >>> Thanks a lot - this may be getting me closer! :-) >>> >>> I ran permview on Oracle.DataAccess.dll, and here's the output: >>> ================================================== >>> Microsoft (R) .NET Framework Permission Request Viewer. Version >>> 1.1.4322.573 >>> Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. >>> >>> minimal permission set: >>> <PermissionSet class="System.Security.PermissionSet" >>> version="1"> >>> <IPermission class="System.Security.Permissions.SecurityPermission, >>> mscorlib, >>> Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >>> version="1" >>> Flags="SkipVerification"/> >>> </PermissionSet> >>> >>> optional permission set: >>> Not specified >>> >>> refused permission set: >>> Not specified >>> ================================================== >>> >>> Now what? It does appear that the Oracle.DataAccess.dll does require >>> some special permissions, but in my context I don't know how to >>> provide those permissions. Any ideas? >>> >>> Thanks! >>> Brad. >>> >>> >>> On Fri, 3 Sep 2004 08:16:38 -0400, "Nicole Calinoiu" <ngcalinoiu >>> REMOVETHIS AT gmail DOT com> wrote: >>> >>>>Bradley, >>>> >>>>The problem probably lies with the Oracle client requiring some >>>>permission >>>>that your code is not being granted, not with a permission that the >>>>Oracle >>>>code is not being granted. You can use permview.exe >>>>(http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfpermissionsviewtoolpermviewexe.asp) >>>>to verify the permission(s) for which a RequestMinimum has been >>>>specified >>>>in >>>>the Oracle.DataAccess.dll assembly. If there are any required >>>>permissions, >>>>you should then use the "evaluate assembly" functionality in the .NET >>>>configuration manager to determine if your assembly has been granted >>>>these >>>>permissions. >>>> >>>>HTH, >>>>Nicole >>>> >>>> >>>> >>>>"Bradley Plett" <plettb@hotmail.com> wrote in message >>>>news:573fj0lnfsrcamqrj33i0ae12tj636fqde@4ax.com... >>>>> I've posted a similar question in the >>>>> microsoft.public.sqlserver.reportingsvcs group, but I need to solve >>>>> this and it is more of a .NET/permissions issue anyway. However, it >>>>> is in the context of RS' forms authentication, which is making it more >>>>> difficult for me to understand/debug. >>>>> >>>>> I have forms authentication in SQL RS working like a charm. (For more >>>>> info, see >>>>> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). >>>>> However, I am now trying to do some authentication against an Oracle >>>>> database. What's very strange is that as soon as I try to bind to >>>>> Oracle's client (Oracle.DataAccess in, by default, >>>>> C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get >>>>> "System.Security.Policy.PolicyException: Required permissions cannot >>>>> be acquired." I've definitely narrowed it down to the Oracle binding, >>>>> but can't figure out how to make it work. I've looked in "Microsoft >>>>> .NET Framework 1.1 Configuration" under "Runtime Security Policy" and >>>>> did an "Evaluate Assembly", which returned "Unrestricted". I also >>>>> tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL >>>>> Server\MSSQL\Reporting Services\ReportServer\") to add a full trust >>>>> for the Oracle.DataAccess.dll, but none of this has helped. Any other >>>>> ideas or suggestions? >>>>> >>>>> Despite being much more capable, I often find .NET permissions much >>>>> more confusing, especially trying to debug this type of failure. If >>>>> anyone can point me to some good tools and/or techniques on this >>>>> topic, I'd MUCH appreciate it. I suppose part of the problem is that >>>>> I don't have time to read an entire book - I just want to skip to the >>>>> good parts! :-) >>>>> >>>>> Thanks a lot! >>>>> Brad. >>>> >>> >> >
Sorry - I was away from this problem for a while, but I'd still like
to solve it. In answer to your question, I have a Visual Studio project to build the assembly. I don't understand where you're going with this, but the only reference to the Oracle.DataAccess.dll in my vbproj file is as follows: -------------------------------------------------- <Reference Name = "Oracle.DataAccess" AssemblyName = "Oracle.DataAccess" HintPath = "..\..\oracle\ora92\bin\Oracle.DataAccess.dll" AssemblyFolderKey = "hklm\dn\odp.net" /> -------------------------------------------------- As I mentioned in a previous post, I'm guessing I'm referencing it as a private assembly, whereas I should reference it through the GAC. I'd gladly reference it through the GAC, but how? Thanks! Brad. On Fri, 3 Sep 2004 16:11:32 -0400, "Nicole Calinoiu" <ngcalinoiu [quoted text, click to view] REMOVETHIS AT gmail DOT com> wrote:
>Did you create a Visual Studio project to build an assembly that is >performing the authentication against the Oracle database? If so, that's >where the reference was set to Oracle.DataAccess.dll, not in the >rssrvpolicy.config file. If not, could you please identify the sample you >are following since there are just too many possibilities for me to keep >guessing... > > >"Bradley Plett" <plettb@hotmail.com> wrote in message >news:ob8hj0d7u5elmda60ipnbiu8flel9q3vmv@4ax.com... >>I think you may have identified the problem, but my knowledge of >> security policy configuration files is too limited to solve it. :-( >> >> Looking at the config file, I'm guessing I'm referencing it as a >> private assembly, whereas I should reference it through the GAC. I'd >> gladly reference it through the GAC, but how? >> >> Here's the relevant snippet of code from the rssrvpolicy.config file: >> ================================================== >> <CodeGroup >> class="UnionCodeGroup" >> version="1" >> Name="OracleDataAccess" >> Description="Code group for Oracle data access" >> PermissionSetName="FullTrust"> >> <IMembershipCondition >> class="UrlMembershipCondition" >> version="1" >> Url="C:\oracle\ora92\bin\Oracle.DataAccess.dll" >> /> >> </CodeGroup> >> ================================================== >> I added this code using another sample, but the sample uses a private >> assembly. How would I change this to use the copy or Oracle that is >> registered in the GAC? (I realize there may be tokens in the above >> snippet that you'll need in order to help me. If so, please let me >> know - the entire file was a little too big to post.) >> >> Thanks again! >> Brad. >> >> >> On Fri, 3 Sep 2004 12:12:32 -0400, "Nicole Calinoiu" <ngcalinoiu >> REMOVETHIS AT gmail DOT com> wrote: >> >>>Whoops, forgot a question... Is your code referencing >>>Oracle.DataAccess.dll >>>from the GAC or as a private assembly copied into its own location? If >>>the >>>latter, it probably won't be granted the SkipVerification permission it >>>requires, thereby explaining the PolicyException. If this is the problem, >>>referencing it from the GAC should fix it. >>> >>> >>> >>>"Bradley Plett" <plettb@hotmail.com> wrote in message >>>news:vn2hj0hd8bv8dp316ddc71s6fpirutgpig@4ax.com... >>>> Thanks a lot - this may be getting me closer! :-) >>>> >>>> I ran permview on Oracle.DataAccess.dll, and here's the output: >>>> ================================================== >>>> Microsoft (R) .NET Framework Permission Request Viewer. Version >>>> 1.1.4322.573 >>>> Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. >>>> >>>> minimal permission set: >>>> <PermissionSet class="System.Security.PermissionSet" >>>> version="1"> >>>> <IPermission class="System.Security.Permissions.SecurityPermission, >>>> mscorlib, >>>> Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >>>> version="1" >>>> Flags="SkipVerification"/> >>>> </PermissionSet> >>>> >>>> optional permission set: >>>> Not specified >>>> >>>> refused permission set: >>>> Not specified >>>> ================================================== >>>> >>>> Now what? It does appear that the Oracle.DataAccess.dll does require >>>> some special permissions, but in my context I don't know how to >>>> provide those permissions. Any ideas? >>>> >>>> Thanks! >>>> Brad. >>>> >>>> >>>> On Fri, 3 Sep 2004 08:16:38 -0400, "Nicole Calinoiu" <ngcalinoiu >>>> REMOVETHIS AT gmail DOT com> wrote: >>>> >>>>>Bradley, >>>>> >>>>>The problem probably lies with the Oracle client requiring some >>>>>permission >>>>>that your code is not being granted, not with a permission that the >>>>>Oracle >>>>>code is not being granted. You can use permview.exe >>>>>(http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfpermissionsviewtoolpermviewexe.asp) >>>>>to verify the permission(s) for which a RequestMinimum has been >>>>>specified >>>>>in >>>>>the Oracle.DataAccess.dll assembly. If there are any required >>>>>permissions, >>>>>you should then use the "evaluate assembly" functionality in the .NET >>>>>configuration manager to determine if your assembly has been granted >>>>>these >>>>>permissions. >>>>> >>>>>HTH, >>>>>Nicole >>>>> >>>>> >>>>> >>>>>"Bradley Plett" <plettb@hotmail.com> wrote in message >>>>>news:573fj0lnfsrcamqrj33i0ae12tj636fqde@4ax.com... >>>>>> I've posted a similar question in the >>>>>> microsoft.public.sqlserver.reportingsvcs group, but I need to solve >>>>>> this and it is more of a .NET/permissions issue anyway. However, it >>>>>> is in the context of RS' forms authentication, which is making it more >>>>>> difficult for me to understand/debug. >>>>>> >>>>>> I have forms authentication in SQL RS working like a charm. (For more >>>>>> info, see >>>>>> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). >>>>>> However, I am now trying to do some authentication against an Oracle >>>>>> database. What's very strange is that as soon as I try to bind to >>>>>> Oracle's client (Oracle.DataAccess in, by default, >>>>>> C:\oracle\ora92\bin\Oracle.DataAccess.dll), I get >>>>>> "System.Security.Policy.PolicyException: Required permissions cannot >>>>>> be acquired." I've definitely narrowed it down to the Oracle binding, >>>>>> but can't figure out how to make it work. I've looked in "Microsoft >>>>>> .NET Framework 1.1 Configuration" under "Runtime Security Policy" and >>>>>> did an "Evaluate Assembly", which returned "Unrestricted". I also >>>>>> tried editing rssrvpolicy.config (in "C:\Program Files\Microsoft SQL >>>>>> Server\MSSQL\Reporting Services\ReportServer\") to add a full trust >>>>>> for the Oracle.DataAccess.dll, but none of this has helped. Any other >>>>>> ideas or suggestions? >>>>>>
Bradley,
You're already using a referenced to the copy in the GAC. If not, the reference would be marked as private in the vbproj file. Guess this takes us back to square one... Could you please try to answer the following: 1. What are these samples you are using as the basis for your code? 2. Are your assembly, ODP.NET, and Reporting Services all installed and running on the same machine? 3. In what report mode(s) are you seeing the exception? Nicole [quoted text, click to view] "Bradley Plett" <plettb@hotmail.com> wrote in message
news:jp96l0lnm5dch00ipvtfrrcksqq20emqp0@4ax.com... > Sorry - I was away from this problem for a while, but I'd still like > to solve it. > > In answer to your question, I have a Visual Studio project to build > the assembly. I don't understand where you're going with this, but > the only reference to the Oracle.DataAccess.dll in my vbproj file is > as follows: > -------------------------------------------------- > <Reference > Name = "Oracle.DataAccess" > AssemblyName = "Oracle.DataAccess" > HintPath = "..\..\oracle\ora92\bin\Oracle.DataAccess.dll" > AssemblyFolderKey = "hklm\dn\odp.net" > /> > -------------------------------------------------- > > As I mentioned in a previous post, I'm guessing I'm referencing it as > a private assembly, whereas I should reference it through the GAC. > I'd gladly reference it through the GAC, but how? > > Thanks! > Brad. > > > On Fri, 3 Sep 2004 16:11:32 -0400, "Nicole Calinoiu" <ngcalinoiu > REMOVETHIS AT gmail DOT com> wrote: > >>Did you create a Visual Studio project to build an assembly that is >>performing the authentication against the Oracle database? If so, that's >>where the reference was set to Oracle.DataAccess.dll, not in the >>rssrvpolicy.config file. If not, could you please identify the sample you >>are following since there are just too many possibilities for me to keep >>guessing... >> >> >>"Bradley Plett" <plettb@hotmail.com> wrote in message >>news:ob8hj0d7u5elmda60ipnbiu8flel9q3vmv@4ax.com... >>>I think you may have identified the problem, but my knowledge of >>> security policy configuration files is too limited to solve it. :-( >>> >>> Looking at the config file, I'm guessing I'm referencing it as a >>> private assembly, whereas I should reference it through the GAC. I'd >>> gladly reference it through the GAC, but how? >>> >>> Here's the relevant snippet of code from the rssrvpolicy.config file: >>> ================================================== >>> <CodeGroup >>> class="UnionCodeGroup" >>> version="1" >>> Name="OracleDataAccess" >>> Description="Code group for Oracle data access" >>> PermissionSetName="FullTrust"> >>> <IMembershipCondition >>> class="UrlMembershipCondition" >>> version="1" >>> Url="C:\oracle\ora92\bin\Oracle.DataAccess.dll" >>> /> >>> </CodeGroup> >>> ================================================== >>> I added this code using another sample, but the sample uses a private >>> assembly. How would I change this to use the copy or Oracle that is >>> registered in the GAC? (I realize there may be tokens in the above >>> snippet that you'll need in order to help me. If so, please let me >>> know - the entire file was a little too big to post.) >>> >>> Thanks again! >>> Brad. >>> >>> >>> On Fri, 3 Sep 2004 12:12:32 -0400, "Nicole Calinoiu" <ngcalinoiu >>> REMOVETHIS AT gmail DOT com> wrote: >>> >>>>Whoops, forgot a question... Is your code referencing >>>>Oracle.DataAccess.dll >>>>from the GAC or as a private assembly copied into its own location? If >>>>the >>>>latter, it probably won't be granted the SkipVerification permission it >>>>requires, thereby explaining the PolicyException. If this is the >>>>problem, >>>>referencing it from the GAC should fix it. >>>> >>>> >>>> >>>>"Bradley Plett" <plettb@hotmail.com> wrote in message >>>>news:vn2hj0hd8bv8dp316ddc71s6fpirutgpig@4ax.com... >>>>> Thanks a lot - this may be getting me closer! :-) >>>>> >>>>> I ran permview on Oracle.DataAccess.dll, and here's the output: >>>>> ================================================== >>>>> Microsoft (R) .NET Framework Permission Request Viewer. Version >>>>> 1.1.4322.573 >>>>> Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. >>>>> >>>>> minimal permission set: >>>>> <PermissionSet class="System.Security.PermissionSet" >>>>> version="1"> >>>>> <IPermission class="System.Security.Permissions.SecurityPermission, >>>>> mscorlib, >>>>> Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >>>>> version="1" >>>>> Flags="SkipVerification"/> >>>>> </PermissionSet> >>>>> >>>>> optional permission set: >>>>> Not specified >>>>> >>>>> refused permission set: >>>>> Not specified >>>>> ================================================== >>>>> >>>>> Now what? It does appear that the Oracle.DataAccess.dll does require >>>>> some special permissions, but in my context I don't know how to >>>>> provide those permissions. Any ideas? >>>>> >>>>> Thanks! >>>>> Brad. >>>>> >>>>> >>>>> On Fri, 3 Sep 2004 08:16:38 -0400, "Nicole Calinoiu" <ngcalinoiu >>>>> REMOVETHIS AT gmail DOT com> wrote: >>>>> >>>>>>Bradley, >>>>>> >>>>>>The problem probably lies with the Oracle client requiring some >>>>>>permission >>>>>>that your code is not being granted, not with a permission that the >>>>>>Oracle >>>>>>code is not being granted. You can use permview.exe >>>>>>(http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfpermissionsviewtoolpermviewexe.asp) >>>>>>to verify the permission(s) for which a RequestMinimum has been >>>>>>specified >>>>>>in >>>>>>the Oracle.DataAccess.dll assembly. If there are any required >>>>>>permissions, >>>>>>you should then use the "evaluate assembly" functionality in the .NET >>>>>>configuration manager to determine if your assembly has been granted >>>>>>these >>>>>>permissions. >>>>>> >>>>>>HTH, >>>>>>Nicole >>>>>> >>>>>> >>>>>> >>>>>>"Bradley Plett" <plettb@hotmail.com> wrote in message >>>>>>news:573fj0lnfsrcamqrj33i0ae12tj636fqde@4ax.com... >>>>>>> I've posted a similar question in the >>>>>>> microsoft.public.sqlserver.reportingsvcs group, but I need to solve >>>>>>> this and it is more of a .NET/permissions issue anyway. However, it >>>>>>> is in the context of RS' forms authentication, which is making it >>>>>>> more >>>>>>> difficult for me to understand/debug. >>>>>>> >>>>>>> I have forms authentication in SQL RS working like a charm. (For >>>>>>> more >>>>>>> info, see >>>>>>> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp). >>>>>>> However, I am now trying to do some authentication against an Oracle >>>>>>> database. What's very strange is that as soon as I try to bind to >>>>>>> Oracle's client (Oracle.DataAccess in, by default,
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |