Here are the specifics.
I have a network share that is on a machine without the .NET Framework (1.1). My workstation has .NET 1.1 and I've used regasm to register a VB .NET DLL (COM Interop) in my application folder. I have a VB6 application that calls the DLL for some socket communication.
I am fine when I run the VB6 app from the workstation. However, if I move the VB6 executable to the network and access it from the workstation, I get a message
System.Net.SocketPermission System Version 1.0.5000 -2146233078 (8013150a)
As soon as I turned off security, everything worked smoothly.
What are the correct ways to ensure my application will work on LANs without potentially opening security gaps in the Framework
Thanks in advance for your thoughts.
correct use of caspol.exe for network shares
EdSF
Thanks for your response. This is definitely getting me started in the right direction.
I have a couple of follow-up questions if you have a moment to respond.
1. Do I need a unique crypto key pair for each strong name assembly I create If so, does it ever make sense to reuse one
2. The documentation says that a strong name assembly can only be referenced by another strong name component. If I'm going to be calling my .NET DLL from a VB6 COM project, it that an exception
Thanks.
John
Al_xx
1. How to "Strong name the assembly"
2. What is the "assembly" here
3. I could not find any ddl file in my application directory. I know a ddl file is created for Web Application. But, how to create a ddl file for a Windows Application
Any help will be much appreciated. Thanks in advance.
Vigilante
Hello,
Here is the recommendation for any scenario where you need to elevate permissions for a single app on a network share:
1) Strong name the assembly. (Your dll.)
2) Using either caspol or the .NET Configuration MMC tool (I like this one better), create a new code group.
3) Assign the strong name of your assembly as a membership condition of the code group.
4) Make sure the grant set of the code group has everything you see in the intranet code group plus only the extra permission you need. (In your case you need some subset of SocketPermission.)
The theory here is that you never want to give anything on a remote share full permissions. You only want to give it just what it needs. (This is sort of like never running an app as admin unless you really need to.)
If you are new to Code Access Security, you should read the developer docs here: http://msdn.microsoft.com/library/default.asp url=/library/en-us/cpguide/html/cpconcodeaccesssecurity.asp
You will find the admin docs here: http://msdn.microsoft.com/library/default.asp url=/library/en-us/cpguide/html/cpconsecuritypolicyadministrationoverview.asp
Also, you should turn security back on ASAP. :)
I hope this helps.< xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
Stephen