XmlDocument.load Security issue

Hot Topic

Compiler warning CS0728
AspNetSqlProvider
Can this be made more efficient?
Address bar - locked
How do you change the Z-Order?
No Such host is known errror
Binary.Write in C#
blend image use VMR9
Misterious crash due to Listview, Bitmap & TabControl usage.
float datatype gives different result for debug/release build. Bug?

Visual C#

Have an idea for a Windows Desktop Search Technical Chat? Post it here!
Shrinking "if" statment
How do I share a class between projects
Current Form/Make form's size unchangable
Threading in C#
copy datagrid to datatable
WDS and Outlook 2000 crashing on exit issue - open for discussion?
Calculating direction from 1 point in a 3d space to another
combo box display tables
How to extract event method name!

XmlDocument.load Security issue

I have been working this problem for over 2 weeks and have reached the end of my rope.  I have written a web app (in VS2003 hosted on Windows 2003 server) that has an embedded object in one of the HTML pages.  This object contains a method that calls the xmldocument.load method with a path that is on a mapped drive on the server.  When this call is made I get the following error:

Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

I have done some research and have found several suggestions on how to fix the problem but nothing is working.  I have verified that the anonymous web user account has permissions on the file, I have tried using the FileIOPermission class to programmatically give permissions, and I have tried granting permissions using the .Net Framework configuration files. 

I have tried giving the assemblies strong names for using in the .Net Framework configuration files but, when I do this the main application no longer can see the embedded object assembly.  What I mean is that it sees an object is there but I can't access any of the methods or properties of that object.

If anyone out there can help me it would be greatly appreciated.

 

Posted this in the wrong forum have moved it to the C# Language forum.

Answer this question

XmlDocument.load Security issue

  • Gemini II

    Hi,

    Firstly I would like to collect more information so that we can understand your problem more clear.
    1. What is the embedded object Is it a Winform Control or anything else
    2. If yes, I think the Load Behavior is running at the Client side. The scenario is similar as we use a ActiveX Control to load a file from the client hard disk Is that correct
    3. If this is a winform control, it will running under lower trusted zone, which did not have the permission to read/write local hard disk file for security concern.

    I think you may try to perform the steps below to see if that works.
    1.run the caspol tool to turn off the CAS security checking
    caspol -s off

    2. Run the filemon to see if the NTFS file security checking is OK.
    You can get the tool and usage here.
    http://www.sysinternals.com/Utilities/Filemon.html

    3. Try to run the application under Administrator account to see if the problem persists.

    If you still have any concern, please feel free to post here.

    Best regards,
    Peter Huang



  • softgame

    The embedded object is a windows control library and yes it does run at the client machine but, the file I am trying to access is on the server.

    I will try your suggestion but, I don't see this as a permanent fix. I can't just leave the .NET security checking turned off as I don't think my network crew will approve.

    I will post back after I have tried the suggestion.

  • HalfABrick

    Where is this XML document that you are trying to load Does it exist outside of the web folder that this web app is running in

  • AstareGod

    If the object is on the client and the file is on the server, how are you accessing it Are you reading it via a url

  • DB2Question

    It is an XML document and it is under a folder that is at the same level as the web app folder. However I have tried moving the file to a folder on the root of C:\ and still got the same error.

  • Piyush Jain

    You are probably having a permission issue related to the security policy.

    You can try this;
    If you are using 1.1, you will need to add permission set to the location of the file. On the client computer. Open up 1.1 Configuration -> Security Policy ->Machine->Code Groups->All Codes->Local Intranet Zone. Add a new security policy and select URL. You can specify "file://<mapped drive>/*".
  • XmlDocument.load Security issue
Answer this question