Console Application will not run on remote location

I have created a vb.net console application.  It runs fine when I run it locally.  If I try and run it from via rdp or through a mapped drive...the application will not execute.  I am getting a security error message.  I created an snk file and placed it in the same directory as the console application.  I also pointed my assemply to look at this snk and recompiled the exe....I still can not run this from another machine....

Please help...I am running out of ideas
LVL 11
Robb HillSenior .Net DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PockyMasterCommented:
you need to sign your assembly with the snk and add the key to your 'safe' assemblies using the .net configuration tool
0
PockyMasterCommented:
if you don't know how:
 control panel -> administrative tools -> .NET Framework Configuration x.x Configuration
then inside the tool:
my computer -> runtime security policy -> machine -> code groups -> all_code -> create new

then in wizard : condition type for code group: Strong Name

then choose import to import the snk from your assembly (browse to assembly)
then choose demanded permission set and finish the wizard
0
grayeCommented:
Hang on...  this is the classic  "Code Access Permissions" problem and is related to the .Net Framework configuration on the client PC.... it has very little to do with your application.

By default, the .Net Framework's own security settings will not allow any program to run from a network share that requires "significant" access to local resources (files, registry, APIs, etc).  

You must adjust the Framework's security settings on the client PC to allow this to happen.  If you plan to have many such application available from a network share, the most reasonable approach would be to change the settings to allow all applications to run from network shares.

BTW:  If you were comfortable with having non-Framework applications on a network share, you probably won't have any problems with "broad brush" approach described here.   An alternative would be to take a more "surgical approach" and configure .Net Security at the "assembly level".

Unfortuneately,  Microsoft deciced to not deploy the ".Net Framework 2.0 Configuration" applet with the .Net Framework runtime.   This decision forces you to create and deploy an MSI file to set the .Net security on client PCs or to use the CASPOL command-line utility

There are 3 steps to set Code Access Permission on client PCs

1) Configure the settings.  On a developement PC (which does have the Configuration applet), use the applet to set the security settings the way you want via the "Configure Code Access Security Policy" link.  Note:  Make sure you use the 2.0 version of the applet, as changes to the 1.1 configuration have no effect on 2.0 applications.

2) Create an MSI file.  From inside the applet, click on the "Create Deployment Package".   When the Wizard opens, click on the "Machine" security policy, and select a folder/name of the MSI file that will be created.

3) Deploy the MSI file.  Typically you'd drop that MSI file into a GPO and let Active Directory do its thing... or you can deploy it via any number of methods.  
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

PockyMasterCommented:
in addition to my earlier words, don't put the snk file on your network location. it will allow people to create their own (potentially dangerous) applications and sign them with your key.
0
Robb HillSenior .Net DeveloperAuthor Commented:
interesting...well I was able to use the .net configuration wizard and gave my assembly full trust....now I can run it from other machines....
I scheduled the exe to run on my sql server machine...from within a dts package...and now its not running again....

since I am not running it..do you have to do the same thing on this machine to get it to run....on a scheduler...or is this a whole nother ball of wax?
0
Robb HillSenior .Net DeveloperAuthor Commented:
Well the error message is back....it worked fine..but now the application is ran by the network account that run the sql agent service.  This means the exe file is being opened by a user on that machine...so my trust that was working before doesnt seem to be working....I do not have the mscorcfg on my sql server box...I do have the .net framework 2.0 on there.....how do I get past the security error message...

Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.     at System.Security.CodeAccessSecurityEngine.Check ..............................................so on and so on
0
grayeCommented:
The Network Account is a special account that has most of it's privileged "castrated" when authenticating with remote PCs.    However, most of its priviliegs are intact when working on the local PC.

Recall, the .Net Framework Code Access Permission settings only allows you to use permissions that you've already got....  it doesn't add permissions to the account if it doesn't already exist.

The solution would be to deploy your application on the server, so that the Network Account doesn't require anything special to be able to run the program.
0
Robb HillSenior .Net DeveloperAuthor Commented:
Thank you for all your answers....here is my final results.
To get this to work from my pc remotely ..the .net configuration wizard along with the snk file worked like a charm.
Unfortantely when deploying this on my dts package where sql server now became the host...this .net configuration wizard is not on that box.  I also am not the owner of the production box so have limited access to running msi files and caspol.  The solution there for was to let the exe file /console application live on a path within the sql server box which in turn allowed it to be trusted.  
My Admin on the sql server box was unsure the results of what an msi implementation would do...and I was not sure enough to talk him into it.  As far as caspol goes..that seemed more safe...because it seemed to only deal with the assembly in question......either way...the problem is resolved...

If anyone would like to tell me exactly how to deploy this security using "graye's solution with MSI or caspol that would be great....and I would need to know any pro's or cons...and what not....I think that would add much to this blog...

Thanks again....you all get 500 points and a smiley:) and heck...how about some kudos as well
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic.NET

From novice to tech pro — start learning today.