[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

Security policy error

I was getting a security error when trying to shell or use Process.Start to run an external program.  This happened when I tried to run it from a network drive.  After giving 'Local Intranet' full trust in the .NET configuration, then it worked, but now when I compile the program and run it from another workstation (launching it from a network drive), I get the following error:

"Application attempted to perform an operation not allowd by the security policy..."

I'm sure I can change the .NET config to make it work (just like what I did on my workstation), but there must be a way in Visual Studio to turn off whatever is causing this.  The program must be saying "don't launch a program if it's not from a trusted site."  Does anyone know what I need to do to disable this?

Thanks for the help!
BPL
0
bpl5000
Asked:
bpl5000
  • 6
  • 6
1 Solution
 
Kinger247Commented:
Hi bpl5000, just for a quick test can you select the security tab in 'My Project'. Then select 'Enable ClickOnce Security Settings' - make sure the 'This is a full trust application' is selected. And see if this works for you .
0
 
bpl5000Author Commented:
I already tried the 'Enable ClickOnce Security Settings" with full trust, but it didn't work.  When running it within the studio, as soon as it tries to launch the external program, it gives the error:

"Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."

But I can change the Local Intranet to Full Trust in the .NET config on my PC and it works.  Any other ideas?
0
 
Kinger247Commented:
As I understand it, the most restrictive will apply with permissions.

We've tried 2 things here:

1. Configuring your machine to make an external assembly safe to run on your machine, and so override the applications permissions whatever they are.

2. Make an application instruct your machine that its safe to run on your machine.

Number 2 is a terrible floor, as that means all rogue apps will execute on your files !

So I reckon number 1 is your only option :)
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
bpl5000Author Commented:
Ok, but I'm not concerned about having the app run on my computer... I'm concerned about having it run on the PC's in our network when launched from the network.  Before when I was using VB6, all I had do is compile it and it worked no matter when I launched it from.

With that said, will option 1 or 2 allow me to do what I want to do, or will this just allow me to run it on my PC?
0
 
Kinger247Commented:
Just one last final question .. when you run the application from the network, how have you saved the files to the network ?
Are they published ?  if not try that.
0
 
bpl5000Author Commented:
It does work if I publish, but then I have to run a setup.exe file that brings up a "Launching Application" box and in the box is says "Verifying application requirements. This may take a few minutes."

Maybe I should explain what it is I want to do.  I am making an app that will give a choice to launch several programs.  Just for an example, lets say the programs are notepad.exe, calc.exe and sol.exe.  There is a button on the form for each program... press the button and the program launches.

Everything works fine until the external program is about to launch.  Then the program says OH MY GOD... BIG SECURITY POLICY VIOLATION HERE!  I don't get it and it's sooooooooo frustrating.  All I want to do is make a simple app that will execute external programs.  Of course if I run the program from my hard drive, it works fine.
0
 
melmersCommented:
Have you tried to map the networkpath to a Driveletter ?
Is yout Network running in a Workgroupenvironment or are you running a domain server with Activedirectory?
0
 
Kinger247Commented:
Ah, then its the setup thats activating the use your application from a network share.
So like I said earlier as point (1) Configuring your machine to make an external assembly safe to run on your machine, and so override the applications permissions whatever they are.

Is creating and using a setup so bad ?

I see your frustration, but then with the new security structure in .net I see the reasons why this needs to be done. Otherwise any malicious app would be able to run on your machine and download and run others without you knowing.
0
 
bpl5000Author Commented:
melmers, it is a mapped drive in a workgroup environment.

Kinger, as for point (1), that would fix it on my PC only, correct?

The other thing that I should note is that I wrote the app in VB6 and it worked fine so I don't see how it promotes security?  If this is suppose to stop people from running malicius apps, then it doesn't work because they can write their apps in VB6 or any other non .net language.

I really think there is some setting in Visual Studio that I need to disable.
0
 
Kinger247Commented:
Vb6 has little or no security it runs on the operating-sys where as .net apps work on the net-clr platform.
Point(1) will work for all stations but you'll need to perform the config on all stations - as they have .net installed.

If there is a setting somewhere I'd be very suprised indeed !
0
 
bpl5000Author Commented:
Well I can't seem to find any setting so I think you are right Kinger.  Looks like I can solve the problem by pushing out the following command to all my workstations:

CasPol.exe -q -m -ag 1.2 -url file://Server/Share* FullTrust -name "Network1"

The "-ag 1.2" refers to the Local Intranet.  If I wanted to trust all shares on the network, I could run

CasPol.exe -q -m -ag 1.2 -url file://* FullTrust -name "Network1"

Thanks for the help Kinger!
0
 
bpl5000Author Commented:
I made a mistake in my last post... there should be a "/" after "file://Server/Share".  It should look like this:

CasPol.exe -q -m -ag 1.2 -url file://Server/Share/* FullTrust -name "Network1"
0
 
Kinger247Commented:
no problem ;)
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now