|
|
You're in the
dotnet security
group:Security problems in .Net web application
dotnet security:
I have a .net user control which purpose is a chat client and I am getting
the error: --- System.Security.SecurityException: Request for the permission of type 'System. Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. At System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) At System.Security.CodeAccessPermission.Demand() At System.Net.Dns.GetHostAddress(String hostNameOrAddress) At System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port) At C43.Net.C43Client.Connect() The action that failed was: Demad The type of the first permission that failed was: System.Net.DnsPermission The Zone of the assembly that failed was: Internet --- When I host the application in a windows form, it works with no problems, it is only when it is hosted in a web page that I am getting the error.
You are seeing a CAS exception here.
Reason is that your evidence shows that you are running in a zone called "Internet". The internet zone has (for a reason!) limited capabilities; among them the ability to call out to other sites/resources. To make this work on your box, you need to (for a start) set full trust to the strongname exposed by your assembly. In the .NET 2.0 configuration MMC snapin, make an entry in the "Internet" zone allowing FullThrust to assemblies exposing your strongname key. A button is present to browse to the assembly in question. After this - you are up and flying again. -- rgds. /Claus Konrad [quoted text, click to view] "vhbil" wrote:
> I have a .net user control which purpose is a chat client and I am getting > the error: > > --- > System.Security.SecurityException: Request for the permission of type 'System. > Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, > PublicKeyToken=b77a5c561934e089' failed. > At System.Security.CodeAccessSecurityEngine.Check(Object demand, > StackCrawlMark& stackMark, Boolean isPermSet) > At System.Security.CodeAccessPermission.Demand() > At System.Net.Dns.GetHostAddress(String hostNameOrAddress) > At System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port) > At C43.Net.C43Client.Connect() > The action that failed was: > Demad > The type of the first permission that failed was: > System.Net.DnsPermission > The Zone of the assembly that failed was: > Internet > --- > > When I host the application in a windows form, it works with no problems, it > is only when it is hosted in a web page that I am getting the error. >
does this mean that everyone thaqt uses this will have to set the trust to
the assembly? Do you think java is better suited for this pupose? Thanks for your reply. [quoted text, click to view] Claus Konrad wrote: >You are seeing a CAS exception here. >Reason is that your evidence shows that you are running in a zone called >"Internet". The internet zone has (for a reason!) limited capabilities; among >them the ability to call out to other sites/resources. > >To make this work on your box, you need to (for a start) set full trust to >the strongname exposed by your assembly. > >In the .NET 2.0 configuration MMC snapin, make an entry in the "Internet" >zone allowing FullThrust to assemblies exposing your strongname key. A button >is present to browse to the assembly in question. > >After this - you are up and flying again. > >> I have a .net user control which purpose is a chat client and I am getting >> the error: >[quoted text clipped - 19 lines] >> When I host the application in a windows form, it works with no problems, it >> is only when it is hosted in a web page that I am getting the error. -- Message posted via http://www.dotnetmonster.com
You are asking this question in a MS related newsgroup. Your replies will be
somewhat biased :-) Whether you want to use .NET or Java is a matter of taste/religion. They both have a concept of CAS, so they will both suffide in these matters. The problems is that you want to let users use your component without taking explicit approval of this. This somewhat contradicts the notion of security, does'nt it? CAS is a very good thing, you just need to be aware of it's behaviour. As long as you are deploying this as a standalone exe (yes?), you can include in the install package a modification/addition to the CAS settings on the client's PC. Alternative, if you copy the standalone to the clients PC, by default it will work as the code will be calling from the local harddrive and hence be part of the CodeGroup called My_Computer_Zone which by default has FULLTRUST. -- rgds. /Claus Konrad [quoted text, click to view] "vhbil via DotNetMonster.com" wrote:
> does this mean that everyone thaqt uses this will have to set the trust to > the assembly? Do you think java is better suited for this pupose? > > Thanks for your reply. > > Claus Konrad wrote: > >You are seeing a CAS exception here. > >Reason is that your evidence shows that you are running in a zone called > >"Internet". The internet zone has (for a reason!) limited capabilities; among > >them the ability to call out to other sites/resources. > > > >To make this work on your box, you need to (for a start) set full trust to > >the strongname exposed by your assembly. > > > >In the .NET 2.0 configuration MMC snapin, make an entry in the "Internet" > >zone allowing FullThrust to assemblies exposing your strongname key. A button > >is present to browse to the assembly in question. > > > >After this - you are up and flying again. > > > >> I have a .net user control which purpose is a chat client and I am getting > >> the error: > >[quoted text clipped - 19 lines] > >> When I host the application in a windows form, it works with no problems, it > >> is only when it is hosted in a web page that I am getting the error. > > -- > Message posted via http://www.dotnetmonster.com >
Sorry for the non MS question, The reason for it is that I have been to many
chat sites that do not require me to change any security settings, and was wondering how to achieve this. To have to adjust the security settings on a assembly would really lowerr the audience the control would get, not just in being annoying but a lot of people would not know how to do this. I really do understand the security aspect of this, and that people would be able to browse to a trojen more or less if this was easy to acheive, but does this mean that sites with a real application for needing a netowork connection from a browser based app can't? [quoted text, click to view] Claus Konrad wrote: >You are asking this question in a MS related newsgroup. Your replies will be >somewhat biased :-) > >Whether you want to use .NET or Java is a matter of taste/religion. They >both have a concept of CAS, so they will both suffide in these matters. The >problems is that you want to let users use your component without taking >explicit approval of this. >This somewhat contradicts the notion of security, does'nt it? CAS is a very >good thing, you just need to be aware of it's behaviour. > >As long as you are deploying this as a standalone exe (yes?), you can >include in the install package a modification/addition to the CAS settings on >the client's PC. >Alternative, if you copy the standalone to the clients PC, by default it >will work as the code will be calling from the local harddrive and hence be >part of the CodeGroup called My_Computer_Zone which by default has FULLTRUST. > >> does this mean that everyone thaqt uses this will have to set the trust to >> the assembly? Do you think java is better suited for this pupose? >[quoted text clipped - 20 lines] >> >> When I host the application in a windows form, it works with no problems, it >> >> is only when it is hosted in a web page that I am getting the error. -- Message posted via DotNetMonster.com http://www.dotnetmonster.com/Uwe/Forums.aspx/dotnet-security/200610/1
The specific problem is that the zone "Internet_Zone" does not allow a
webapplication to query the DNS; for a reason! Allowing an app. to query the DNS would potentially reveal information about the network local to the application (to name an example). However - if you can make the chatclient work without DNS queries, there are no problems in the default security settings of Internet_Zone. Do a search on MS or Google on CAS and Internet_Zone. It is difficult to aid anymore without having been presented with the code itself now... -- rgds. /Claus Konrad MCSD.NET (C#) [quoted text, click to view] "vhbil" wrote:
> I have a .net user control which purpose is a chat client and I am getting > the error: > > --- > System.Security.SecurityException: Request for the permission of type 'System. > Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, > PublicKeyToken=b77a5c561934e089' failed. > At System.Security.CodeAccessSecurityEngine.Check(Object demand, > StackCrawlMark& stackMark, Boolean isPermSet) > At System.Security.CodeAccessPermission.Demand() > At System.Net.Dns.GetHostAddress(String hostNameOrAddress) > At System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port) > At C43.Net.C43Client.Connect() > The action that failed was: > Demad > The type of the first permission that failed was: > System.Net.DnsPermission > The Zone of the assembly that failed was: > Internet > --- > > When I host the application in a windows form, it works with no problems, it > is only when it is hosted in a web page that I am getting the error. >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |