Solved

Security policy error

Posted on 2006-11-02
13
268 Views
Last Modified: 2008-03-17
I was getting a security error when trying to shell or use Process.Start to run an external program.  This happened when I tried to run it from a network drive.  After giving 'Local Intranet' full trust in the .NET configuration, then it worked, but now when I compile the program and run it from another workstation (launching it from a network drive), I get the following error:

"Application attempted to perform an operation not allowd by the security policy..."

I'm sure I can change the .NET config to make it work (just like what I did on my workstation), but there must be a way in Visual Studio to turn off whatever is causing this.  The program must be saying "don't launch a program if it's not from a trusted site."  Does anyone know what I need to do to disable this?

Thanks for the help!
BPL
0
Comment
Question by:bpl5000
  • 6
  • 6
13 Comments
 
LVL 10

Expert Comment

by:Kinger247
ID: 17859723
Hi bpl5000, just for a quick test can you select the security tab in 'My Project'. Then select 'Enable ClickOnce Security Settings' - make sure the 'This is a full trust application' is selected. And see if this works for you .
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17859795
I already tried the 'Enable ClickOnce Security Settings" with full trust, but it didn't work.  When running it within the studio, as soon as it tries to launch the external program, it gives the error:

"Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."

But I can change the Local Intranet to Full Trust in the .NET config on my PC and it works.  Any other ideas?
0
 
LVL 10

Accepted Solution

by:
Kinger247 earned 500 total points
ID: 17861639
As I understand it, the most restrictive will apply with permissions.

We've tried 2 things here:

1. Configuring your machine to make an external assembly safe to run on your machine, and so override the applications permissions whatever they are.

2. Make an application instruct your machine that its safe to run on your machine.

Number 2 is a terrible floor, as that means all rogue apps will execute on your files !

So I reckon number 1 is your only option :)
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17862630
Ok, but I'm not concerned about having the app run on my computer... I'm concerned about having it run on the PC's in our network when launched from the network.  Before when I was using VB6, all I had do is compile it and it worked no matter when I launched it from.

With that said, will option 1 or 2 allow me to do what I want to do, or will this just allow me to run it on my PC?
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17863179
Just one last final question .. when you run the application from the network, how have you saved the files to the network ?
Are they published ?  if not try that.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17863479
It does work if I publish, but then I have to run a setup.exe file that brings up a "Launching Application" box and in the box is says "Verifying application requirements. This may take a few minutes."

Maybe I should explain what it is I want to do.  I am making an app that will give a choice to launch several programs.  Just for an example, lets say the programs are notepad.exe, calc.exe and sol.exe.  There is a button on the form for each program... press the button and the program launches.

Everything works fine until the external program is about to launch.  Then the program says OH MY GOD... BIG SECURITY POLICY VIOLATION HERE!  I don't get it and it's sooooooooo frustrating.  All I want to do is make a simple app that will execute external programs.  Of course if I run the program from my hard drive, it works fine.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 11

Expert Comment

by:melmers
ID: 17864405
Have you tried to map the networkpath to a Driveletter ?
Is yout Network running in a Workgroupenvironment or are you running a domain server with Activedirectory?
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17865099
Ah, then its the setup thats activating the use your application from a network share.
So like I said earlier as point (1) Configuring your machine to make an external assembly safe to run on your machine, and so override the applications permissions whatever they are.

Is creating and using a setup so bad ?

I see your frustration, but then with the new security structure in .net I see the reasons why this needs to be done. Otherwise any malicious app would be able to run on your machine and download and run others without you knowing.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17865881
melmers, it is a mapped drive in a workgroup environment.

Kinger, as for point (1), that would fix it on my PC only, correct?

The other thing that I should note is that I wrote the app in VB6 and it worked fine so I don't see how it promotes security?  If this is suppose to stop people from running malicius apps, then it doesn't work because they can write their apps in VB6 or any other non .net language.

I really think there is some setting in Visual Studio that I need to disable.
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17866246
Vb6 has little or no security it runs on the operating-sys where as .net apps work on the net-clr platform.
Point(1) will work for all stations but you'll need to perform the config on all stations - as they have .net installed.

If there is a setting somewhere I'd be very suprised indeed !
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17874546
Well I can't seem to find any setting so I think you are right Kinger.  Looks like I can solve the problem by pushing out the following command to all my workstations:

CasPol.exe -q -m -ag 1.2 -url file://Server/Share* FullTrust -name "Network1"

The "-ag 1.2" refers to the Local Intranet.  If I wanted to trust all shares on the network, I could run

CasPol.exe -q -m -ag 1.2 -url file://* FullTrust -name "Network1"

Thanks for the help Kinger!
0
 
LVL 5

Author Comment

by:bpl5000
ID: 17874552
I made a mistake in my last post... there should be a "/" after "file://Server/Share".  It should look like this:

CasPol.exe -q -m -ag 1.2 -url file://Server/Share/* FullTrust -name "Network1"
0
 
LVL 10

Expert Comment

by:Kinger247
ID: 17875790
no problem ;)
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This article explains how to create and use a custom WaterMark textbox class.  The custom WaterMark textbox class allows you to set the WaterMark Background Color and WaterMark text at design time.   IMAGE OF WATERMARKS STEPS Create VB …
Microsoft Reports are based on a report definition, which is an XML file that describes data and layout for the report, with a different extension. You can create a client-side report definition language (*.rdlc) file with Visual Studio, and build g…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now