Solved

Security policy error

Posted on 2006-11-02
13
272 Views
Last Modified: 2008-03-17
I was getting a security error when trying to shell or use Process.Start to run an external program.  This happened when I tried to run it from a network drive.  After giving 'Local Intranet' full trust in the .NET configuration, then it worked, but now when I compile the program and run it from another workstation (launching it from a network drive), I get the following error:

"Application attempted to perform an operation not allowd by the security policy..."

I'm sure I can change the .NET config to make it work (just like what I did on my workstation), but there must be a way in Visual Studio to turn off whatever is causing this.  The program must be saying "don't launch a program if it's not from a trusted site."  Does anyone know what I need to do to disable this?

Thanks for the help!
BPL
0
Comment
Question by:bpl5000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 10

Expert Comment

by:Kinger247
ID: 17859723
Hi bpl5000, just for a quick test can you select the security tab in 'My Project'. Then select 'Enable ClickOnce Security Settings' - make sure the 'This is a full trust application' is selected. And see if this works for you .
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17859795
I already tried the 'Enable ClickOnce Security Settings" with full trust, but it didn't work.  When running it within the studio, as soon as it tries to launch the external program, it gives the error:

"Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."

But I can change the Local Intranet to Full Trust in the .NET config on my PC and it works.  Any other ideas?
0
 
LVL 10

Accepted Solution

by:
Kinger247 earned 500 total points
ID: 17861639
As I understand it, the most restrictive will apply with permissions.

We've tried 2 things here:

1. Configuring your machine to make an external assembly safe to run on your machine, and so override the applications permissions whatever they are.

2. Make an application instruct your machine that its safe to run on your machine.

Number 2 is a terrible floor, as that means all rogue apps will execute on your files !

So I reckon number 1 is your only option :)
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 5

Author Comment

by:bpl5000
ID: 17862630
Ok, but I'm not concerned about having the app run on my computer... I'm concerned about having it run on the PC's in our network when launched from the network.  Before when I was using VB6, all I had do is compile it and it worked no matter when I launched it from.

With that said, will option 1 or 2 allow me to do what I want to do, or will this just allow me to run it on my PC?
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17863179
Just one last final question .. when you run the application from the network, how have you saved the files to the network ?
Are they published ?  if not try that.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17863479
It does work if I publish, but then I have to run a setup.exe file that brings up a "Launching Application" box and in the box is says "Verifying application requirements. This may take a few minutes."

Maybe I should explain what it is I want to do.  I am making an app that will give a choice to launch several programs.  Just for an example, lets say the programs are notepad.exe, calc.exe and sol.exe.  There is a button on the form for each program... press the button and the program launches.

Everything works fine until the external program is about to launch.  Then the program says OH MY GOD... BIG SECURITY POLICY VIOLATION HERE!  I don't get it and it's sooooooooo frustrating.  All I want to do is make a simple app that will execute external programs.  Of course if I run the program from my hard drive, it works fine.
0
 
LVL 11

Expert Comment

by:melmers
ID: 17864405
Have you tried to map the networkpath to a Driveletter ?
Is yout Network running in a Workgroupenvironment or are you running a domain server with Activedirectory?
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17865099
Ah, then its the setup thats activating the use your application from a network share.
So like I said earlier as point (1) Configuring your machine to make an external assembly safe to run on your machine, and so override the applications permissions whatever they are.

Is creating and using a setup so bad ?

I see your frustration, but then with the new security structure in .net I see the reasons why this needs to be done. Otherwise any malicious app would be able to run on your machine and download and run others without you knowing.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17865881
melmers, it is a mapped drive in a workgroup environment.

Kinger, as for point (1), that would fix it on my PC only, correct?

The other thing that I should note is that I wrote the app in VB6 and it worked fine so I don't see how it promotes security?  If this is suppose to stop people from running malicius apps, then it doesn't work because they can write their apps in VB6 or any other non .net language.

I really think there is some setting in Visual Studio that I need to disable.
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17866246
Vb6 has little or no security it runs on the operating-sys where as .net apps work on the net-clr platform.
Point(1) will work for all stations but you'll need to perform the config on all stations - as they have .net installed.

If there is a setting somewhere I'd be very suprised indeed !
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17874546
Well I can't seem to find any setting so I think you are right Kinger.  Looks like I can solve the problem by pushing out the following command to all my workstations:

CasPol.exe -q -m -ag 1.2 -url file://Server/Share* FullTrust -name "Network1"

The "-ag 1.2" refers to the Local Intranet.  If I wanted to trust all shares on the network, I could run

CasPol.exe -q -m -ag 1.2 -url file://* FullTrust -name "Network1"

Thanks for the help Kinger!
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17874552
I made a mistake in my last post... there should be a "/" after "file://Server/Share".  It should look like this:

CasPol.exe -q -m -ag 1.2 -url file://Server/Share/* FullTrust -name "Network1"
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17875790
no problem ;)
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question