I generated a program to read an xml file from a network drive, and display the information in a form. The program doesn't quite work until I change the security level in Visual studio (right click on the project name under solution explorer -> properties -> security -> This is a full trust program). So now, when I complie it, it runs, reads and displays data from share drive.
Then I close visual studio, run the .exe program under bin\Debug, and I got an error. I don't understand why it reads the network drive file when I am in visual studio environment but not with the .exe file. Can anyone give me a hand on this
The error message is as follow:
"Application attempted to perform an operation not allowed by security policy. To grant this application the required permission, contact your system administrator, or use the Microsoft .NET Framework Configuration tool.
"If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.
"Request for permission of type
"'System.Security.Permission.FileIOPermission. mscorlib.
"Version = 2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'"
The Details tag has the following information:
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text **************
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize)
at System.IO.StreamReader..ctor(String path)
at FacilityInfoLoader.display.btnSearch_Click(Object sender, EventArgs e)
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The Zone of the assembly that failed was:
Intranet
************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
FacilityInfoLoader
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///H:/Visual%20Studio%202005/Projects/tutorial/FacilityInfoLoader/FacilityInfoLoader/bin/Debug/FacilityInfoLoader.exe
----------------------------------------
Microsoft.VisualBasic
Assembly Version: 8.0.0.0
Win32 Version: 8.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.
For example:
<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>
When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.
Question about Security Permission FileIOPermission
EBN
tabish
Cathal
Darren Myher
When you run in from the network, from a command line or explorer shell, the .NET Frameworks runtime is applying the Code Acess Security (CAS) policy based on it's location, i.e. it get's Intranet permissions.
Copying the exe to your local drive, ClickOnce publishing and then installing the app, or adding the app to the machine/local code groups and giving it permissions are all ways to get it to work.
HTH. We can find more details of any of the above approaches if you need.
simsdn
I've been having a similar problem, and I'm still really confused.
When I write a simple application in Visual Basic 6.0, my users can run the .exe file from wherever they want, and it does whatever I wrote it to do. If I create a settings file, it gets created... so long as the user has permission to write where my program tries to write
With my application I am writing in VB.NET 2005, no matter what settings I mark in VS -- or even if I turn off the security settings entirely -- no user -- even system administrator -- can run my program from anything except the local hard drive. The get security errors because my program is trying to write a file. Well, naturally, my program is trying to write it's default settings file since one isn't present, but that's apparently not allowed
This feature -- which I can't figure out how to turn off -- makes my program useless. I can't run it anywhere except on the local hard drive. It's totally unaceptable for my users to see confusing-and-scary security crash boxes just because they run programs over the network.
How do I turn the code access security stuff off for my application Or, failing that, how do I get the application to be allowed to do what it does regardless of where my user runs it from... without my users having to learn how to alter the .NET Framework settings on their machine (which I'm sure would require administrator privilages, which they may not have)
(I apologize if this comes across as antagonistic -- that's not at all my intent. I'm just extremely frustrated because I've wasted a lot of time trying to use VS 2005 for what would have been a 2 hour project in VB6. And the code-security-hamstrings-you-by-default thing seems really annoying. Seems like the overwhelming majority of applications need to access the file system. And programs should really work no matter where the .exe is on the file system... That seems like by far the least meaningful way to restrict stuff)
Anyway, any explanations, pointers, ... anything ... would be greatly appreciated.
-- Andrew
zer0punk2600akakevin
Other than havign a strong reason to keep running the exe itself for debuggin purposes, I'm not sure why you wouldn't just keep running it inside of the IDE until it's finished.
ClickOnce, as suggested, gets your program ready for someone else to use from three different locations, User's computer, a network share, or used right off the internet. That should automate it somewhat. But i've got bad news about this, personally I haven't seen clickonce work on any level.
Here's an oversimplified security enviroment with different levels.
Local Computer- Any local drive for any user.
Local Computer/User- Any local drive with a speicifc user (Logged into windows)
Intranet zone & Local network - Any drive/any user on the local Network, including share drives.
Intranet & Nework/Local user -Anyone logged in from within the network, specific to the user.
Internet- Downloaded from a server where the user decides wether or not to run it each time. Full trust is not granted automatically. Running a program from an Inet sever has all the layers leading up to this as further permissions, such as accessing local drive, network drives, downloading more files from the internet or writing to shares at intranet or internet levels.
In other words, it's as complicated as you want it to be. Just keep in mind that security is for the end user. In most cases they would recieve a setup program that installs on thier local machine under thier user name and applies full trust.
Randy
phoebe0078
So, the .NET Frameworks is asked to load your .exe and it determines you loaded it from a URL, so it kicks into HREF Exe, or "No Touch Deployment" mode, which is more secure than your VB6 application, as far as the local machine is concerned :-)
There are two ways around it. The first I recommend is to use ClickOnce deployment. Users can run your app off a web site, it doesn't even have to "install", and you can give your app the permissions it needs. The user knows if you are asking for more than is normal from an app coming from that zone and gives the user a chance to approve it.
The other way is to add your assembly to a Code Security Group (or something like that). You can't easily make this automatic. You need to use the .NET Frameworks Config tool in the Adminstator Tools in Control Panel. You add your assembly to a code group and give it full trust. Needless to say, this is painful to put on each of your cusotmer's computers, usually. There are ways to distribute this via an MSI and using something like SMS, but it's a bit of effort compared to ClickOnce :-)
SZKHAN
Thank you very much for the help. I tried moving the file to local drive (C:) and it works! However, as a first time visual studio user, I am really interested in learning more about the security permission issue instead just get one problem solved. I appreciate if you can point me into some readings or give me more advice.
The problem I have originally is runing .exe file in the Debug/bin directory. To give more background, there is three hard drives I used:
1. My local drive: the visual studio and other application stored here
2. My home directory: the programs, projects, etc. stored here. It is a network drive, and only the admin and I have the read/ write permission.
3. Share drive: the database stores here. It is also a network drive, share by many people.
My program reads data from the database in share drive, the executable can be in the local drive and the home directory for whoever use it. The problem I had was the program runs in the visual studio environment, doesn't run when I run the .exe in the Debug/bin, but runs again if I copy the .exe over the my local drive. So here is my question:
How can I tell which drive my program can execute without a security problem What kind of permission I really needed and where can I look up if I have all of them Because the application will end up into different users' hands, can I write a code to check if they have enough permission to run it
Also, the security permission in visual studio is aimed to protect what Protect the file we read in, the code itself, or something else I found it very difficult to debug when there is a problem with security issue.
Thank you very much.
OliMagoo
pu
Generally, the zone is determined by where you launch the executable from, so if it's on the user's hard drive, then it will get full permissions, and you won't get any security issues. (Which means the machine is also not protected by Code Access Security)
ClickOnce installed apps, while technically are run from the local drive, are run as if they came from the web site
If you are developing a ClickOnce application, or any application that will be run off the network, you can go to the "Security" tab on the project properties and turn on the ClickOnce security settings, select the zone you are expecting the app to run and you will turn on a set of features to help you.
The first is "Intellisense in Zone". Which means as you use intellisense while writing code, methods you can't use in the zone will be grey. You can still use them, but the intellisense will also pop up info about which permission that method requires.
The second is "Debug in Zone". Which means that when you press F5, your app will be debugged and run as if it came from a web site and is in the zone you sepcified. This way, if there is a security exception, you will be able to see and debug it.
Finally, (this one is actually always on), the Exception Helper will pop up when you get an exception, and it will provide help on how to work around or add the permission needed when a secuirty exception is hit.
pbjorge12