We help IT Professionals succeed at work.

Console Application will not run on remote location

Medium Priority
Last Modified: 2012-05-05
I have created a vb.net console application.  It runs fine when I run it locally.  If I try and run it from via rdp or through a mapped drive...the application will not execute.  I am getting a security error message.  I created an snk file and placed it in the same directory as the console application.  I also pointed my assemply to look at this snk and recompiled the exe....I still can not run this from another machine....

Please help...I am running out of ideas
Watch Question

you need to sign your assembly with the snk and add the key to your 'safe' assemblies using the .net configuration tool
if you don't know how:
 control panel -> administrative tools -> .NET Framework Configuration x.x Configuration
then inside the tool:
my computer -> runtime security policy -> machine -> code groups -> all_code -> create new

then in wizard : condition type for code group: Strong Name

then choose import to import the snk from your assembly (browse to assembly)
then choose demanded permission set and finish the wizard
Hang on...  this is the classic  "Code Access Permissions" problem and is related to the .Net Framework configuration on the client PC.... it has very little to do with your application.

By default, the .Net Framework's own security settings will not allow any program to run from a network share that requires "significant" access to local resources (files, registry, APIs, etc).  

You must adjust the Framework's security settings on the client PC to allow this to happen.  If you plan to have many such application available from a network share, the most reasonable approach would be to change the settings to allow all applications to run from network shares.

BTW:  If you were comfortable with having non-Framework applications on a network share, you probably won't have any problems with "broad brush" approach described here.   An alternative would be to take a more "surgical approach" and configure .Net Security at the "assembly level".

Unfortuneately,  Microsoft deciced to not deploy the ".Net Framework 2.0 Configuration" applet with the .Net Framework runtime.   This decision forces you to create and deploy an MSI file to set the .Net security on client PCs or to use the CASPOL command-line utility

There are 3 steps to set Code Access Permission on client PCs

1) Configure the settings.  On a developement PC (which does have the Configuration applet), use the applet to set the security settings the way you want via the "Configure Code Access Security Policy" link.  Note:  Make sure you use the 2.0 version of the applet, as changes to the 1.1 configuration have no effect on 2.0 applications.

2) Create an MSI file.  From inside the applet, click on the "Create Deployment Package".   When the Wizard opens, click on the "Machine" security policy, and select a folder/name of the MSI file that will be created.

3) Deploy the MSI file.  Typically you'd drop that MSI file into a GPO and let Active Directory do its thing... or you can deploy it via any number of methods.  
in addition to my earlier words, don't put the snk file on your network location. it will allow people to create their own (potentially dangerous) applications and sign them with your key.
Robb HillSenior .Net Full Stack Developer


interesting...well I was able to use the .net configuration wizard and gave my assembly full trust....now I can run it from other machines....
I scheduled the exe to run on my sql server machine...from within a dts package...and now its not running again....

since I am not running it..do you have to do the same thing on this machine to get it to run....on a scheduler...or is this a whole nother ball of wax?
Robb HillSenior .Net Full Stack Developer


Well the error message is back....it worked fine..but now the application is ran by the network account that run the sql agent service.  This means the exe file is being opened by a user on that machine...so my trust that was working before doesnt seem to be working....I do not have the mscorcfg on my sql server box...I do have the .net framework 2.0 on there.....how do I get past the security error message...

Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.     at System.Security.CodeAccessSecurityEngine.Check ..............................................so on and so on
The Network Account is a special account that has most of it's privileged "castrated" when authenticating with remote PCs.    However, most of its priviliegs are intact when working on the local PC.

Recall, the .Net Framework Code Access Permission settings only allows you to use permissions that you've already got....  it doesn't add permissions to the account if it doesn't already exist.

The solution would be to deploy your application on the server, so that the Network Account doesn't require anything special to be able to run the program.
Robb HillSenior .Net Full Stack Developer


Thank you for all your answers....here is my final results.
To get this to work from my pc remotely ..the .net configuration wizard along with the snk file worked like a charm.
Unfortantely when deploying this on my dts package where sql server now became the host...this .net configuration wizard is not on that box.  I also am not the owner of the production box so have limited access to running msi files and caspol.  The solution there for was to let the exe file /console application live on a path within the sql server box which in turn allowed it to be trusted.  
My Admin on the sql server box was unsure the results of what an msi implementation would do...and I was not sure enough to talk him into it.  As far as caspol goes..that seemed more safe...because it seemed to only deal with the assembly in question......either way...the problem is resolved...

If anyone would like to tell me exactly how to deploy this security using "graye's solution with MSI or caspol that would be great....and I would need to know any pro's or cons...and what not....I think that would add much to this blog...

Thanks again....you all get 500 points and a smiley:) and heck...how about some kudos as well

Explore More ContentExplore courses, solutions, and other research materials related to this topic.