Solved

Security policy error

Posted on 2006-11-02
13
274 Views
Last Modified: 2008-03-17
I was getting a security error when trying to shell or use Process.Start to run an external program.  This happened when I tried to run it from a network drive.  After giving 'Local Intranet' full trust in the .NET configuration, then it worked, but now when I compile the program and run it from another workstation (launching it from a network drive), I get the following error:

"Application attempted to perform an operation not allowd by the security policy..."

I'm sure I can change the .NET config to make it work (just like what I did on my workstation), but there must be a way in Visual Studio to turn off whatever is causing this.  The program must be saying "don't launch a program if it's not from a trusted site."  Does anyone know what I need to do to disable this?

Thanks for the help!
BPL
0
Comment
Question by:bpl5000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 10

Expert Comment

by:Kinger247
ID: 17859723
Hi bpl5000, just for a quick test can you select the security tab in 'My Project'. Then select 'Enable ClickOnce Security Settings' - make sure the 'This is a full trust application' is selected. And see if this works for you .
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17859795
I already tried the 'Enable ClickOnce Security Settings" with full trust, but it didn't work.  When running it within the studio, as soon as it tries to launch the external program, it gives the error:

"Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."

But I can change the Local Intranet to Full Trust in the .NET config on my PC and it works.  Any other ideas?
0
 
LVL 10

Accepted Solution

by:
Kinger247 earned 500 total points
ID: 17861639
As I understand it, the most restrictive will apply with permissions.

We've tried 2 things here:

1. Configuring your machine to make an external assembly safe to run on your machine, and so override the applications permissions whatever they are.

2. Make an application instruct your machine that its safe to run on your machine.

Number 2 is a terrible floor, as that means all rogue apps will execute on your files !

So I reckon number 1 is your only option :)
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 5

Author Comment

by:bpl5000
ID: 17862630
Ok, but I'm not concerned about having the app run on my computer... I'm concerned about having it run on the PC's in our network when launched from the network.  Before when I was using VB6, all I had do is compile it and it worked no matter when I launched it from.

With that said, will option 1 or 2 allow me to do what I want to do, or will this just allow me to run it on my PC?
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17863179
Just one last final question .. when you run the application from the network, how have you saved the files to the network ?
Are they published ?  if not try that.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17863479
It does work if I publish, but then I have to run a setup.exe file that brings up a "Launching Application" box and in the box is says "Verifying application requirements. This may take a few minutes."

Maybe I should explain what it is I want to do.  I am making an app that will give a choice to launch several programs.  Just for an example, lets say the programs are notepad.exe, calc.exe and sol.exe.  There is a button on the form for each program... press the button and the program launches.

Everything works fine until the external program is about to launch.  Then the program says OH MY GOD... BIG SECURITY POLICY VIOLATION HERE!  I don't get it and it's sooooooooo frustrating.  All I want to do is make a simple app that will execute external programs.  Of course if I run the program from my hard drive, it works fine.
0
 
LVL 11

Expert Comment

by:melmers
ID: 17864405
Have you tried to map the networkpath to a Driveletter ?
Is yout Network running in a Workgroupenvironment or are you running a domain server with Activedirectory?
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17865099
Ah, then its the setup thats activating the use your application from a network share.
So like I said earlier as point (1) Configuring your machine to make an external assembly safe to run on your machine, and so override the applications permissions whatever they are.

Is creating and using a setup so bad ?

I see your frustration, but then with the new security structure in .net I see the reasons why this needs to be done. Otherwise any malicious app would be able to run on your machine and download and run others without you knowing.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17865881
melmers, it is a mapped drive in a workgroup environment.

Kinger, as for point (1), that would fix it on my PC only, correct?

The other thing that I should note is that I wrote the app in VB6 and it worked fine so I don't see how it promotes security?  If this is suppose to stop people from running malicius apps, then it doesn't work because they can write their apps in VB6 or any other non .net language.

I really think there is some setting in Visual Studio that I need to disable.
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17866246
Vb6 has little or no security it runs on the operating-sys where as .net apps work on the net-clr platform.
Point(1) will work for all stations but you'll need to perform the config on all stations - as they have .net installed.

If there is a setting somewhere I'd be very suprised indeed !
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17874546
Well I can't seem to find any setting so I think you are right Kinger.  Looks like I can solve the problem by pushing out the following command to all my workstations:

CasPol.exe -q -m -ag 1.2 -url file://Server/Share* FullTrust -name "Network1"

The "-ag 1.2" refers to the Local Intranet.  If I wanted to trust all shares on the network, I could run

CasPol.exe -q -m -ag 1.2 -url file://* FullTrust -name "Network1"

Thanks for the help Kinger!
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17874552
I made a mistake in my last post... there should be a "/" after "file://Server/Share".  It should look like this:

CasPol.exe -q -m -ag 1.2 -url file://Server/Share/* FullTrust -name "Network1"
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17875790
no problem ;)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Kraeven
Introduction Remote Share is a simple remote sharing tool, enabling you to see, add and remove remote or local shares. The application is written in VB.NET targeting the .NET framework 2.0. The source code and the compiled programs have been in…
1.0 - Introduction Converting Visual Basic 6.0 (VB6) to Visual Basic 2008+ (VB.NET). If ever there was a subject full of murkiness and bad decisions, it is this one!   The first problem seems to be that people considering this task of converting…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question