What do you if you need multiple CAS permissions asserted at the same time?

Hot Topic

.net applications don't run
asp remoting
Active Directory Syntax
Problems with Resource
OdbcDataReader and Null Values
Problem with Constructor
How to start the scheduled task in the remote computer?
ADO.NET/Access DB Insertion Exception
Best database choice?
Threading Problem

.NET Development

Using an XSD to Validate an XmlDocument
Why doesn't my background worker threads update my main thread data variables?
VB6 to VS.Net 2003 change
Windows Service Not Starting on W2K
Getting IP Addresses
How to create a single instance Data set?
TableAdapters BaseClass
Problem with Datetime type in MS Access
Unable to restart remote server
What's a good way to add record to an xml file

What do you if you need multiple CAS permissions asserted at the same time?

I need more than one CAS permission asserted.  You can only do one assert per stack frame.  What is the solution

Thanks


Answer this question

What do you if you need multiple CAS permissions asserted at the same time?

  • r-droll

    Thank you very much.

    I found an article that indicates the following line of code will allow code in a fully trusted assembly to do anything that it wants regradless of the AppDomain or previous deny settings.

        (new PermissionSet(System.Security.Permissions.PermissionState.Unrestricted)).Assert();

    AS A TEST
    I have put this code in the Main() of an application that is being hosted in IEEXEC.  I have also put this code at the begining of the function FinishCreateServerCAO (see stack below).

    This application (the one hosted in IEEXEC) is using remoting to connect to a server and the server is connecting back to handle leases and remote events.
    FinishCreateServerCAO is the lastpoint in the 'connect back path' before the connection is done.

    I receive the following stack trace.  Please point me in the right direction.
    (PS.  This code works if the .exe is run locally either from the local drive or from a remote server share.)

    Exception:
    An error occurred while processing the request on the server: System.Security.SecurityException: Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
       at System.Security.PermissionListSet.CheckDemand(CodeAccessPermission demand, PermissionToken permToken)
       at System.Security.CodeAccessSecurityEngine.Check(PermissionToken permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 checkFrames, Int32 unrestrictedOverride)
       at System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap, StackCrawlMark& stackMark, PermissionType permType)
       at System.Security.CodeAccessPermission.DemandInternal(PermissionType permissionType)
       at System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck)
       at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck)
       at System.Runtime.Remoting.Channels.CoreChannel.SerializeBinaryMessage(IMessage msg, Boolean includeVersions)
       at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)
       at System.Runtime.Remoting.Channels.Tcp.TcpServerTransportSink.ServiceRequest(Object state)
       at System.Runtime.Remoting.Channels.SocketHandler.ProcessRequestNow()

    Server stack trace:
       at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadToEndOfHeaders(BaseTransportHeaders headers)
       at System.Runtime.Remoting.Channels.Tcp.TcpClientSocketHandler.ReadHeaders()
       at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
       at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)

    Exception rethrown at [0]:
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at KMS.Core.Remoting.Shared.SponsoredCAOSponsor.Register(ILease lease, SponsoredCAOBase cao)
       at KMS.Core.Remoting.Shared.RemotingManagerBase.FinishCreateServerCAO(Type cao_type, SponsoredCAOSponsor cao_sponsor, Object[] args_to_pass)
       at KMS.Core.Remoting.Shared.RemotingManagerBase.CreateServerCAO(String cao_type_name, SponsoredCAOSponsor cao_sponsor, LeaseTime cao_lease_time, Object[] args)
       at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(MethodBase mb, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
       at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [1]:
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at KMS.Core.Remoting.Shared.RemotingManagerBase.CreateServerCAO(String cao_type_name, SponsoredCAOSponsor cao_sponsor, LeaseTime cao_lease_time, Object[] args)
       at KMS.HGS.Admin.MonitorPanel.ConnectToServer(String server_name, Int32 remote_port)
       at KMS.HGS.Admin.AdminMonitorMain.mnu_File_Connect_Click(Object sender, EventArgs e)

    Thanks



  • mrwise

    Hello Roy,

    Assert is performed on PermissionSet classes, which can contain multiple individual permissions. To build a PermissionSet, you can union or intersect other sets or add individual Permissions, depending on your scenario.

    You can find examples on MSDN at: http://msdn.microsoft.com/library/default.asp url=/library/en-us/cpguide/html/cpconAssert.asp

    It is true that you can only have one Assert in place on the stack frame at a time. However, we HIGHLY recommend that you place the Assert around the absolute smallest region of code as possible. So for example, if you are making a dozen call outs from a method, and you only need to assert around the fifth callout, then the Assert should be made immediately preceding that callout and RevertAssert should be called immediately following that callout.

    With Assert and RevertAssert, you can place multiple Assert calls within a single method, Asserting tighting around individual callouts.

    If possible, we recommend using mutiple localized Assert/RevertAssert calls rather than one large/combination Assert [with multiple permissions asserted] at the method-scope level.

    Hope that helps,
    Stephen [Microsoft Common Language Runtime: Security - Developer]
    http://blogs.msdn.com/stfisher

  • What do you if you need multiple CAS permissions asserted at the same time?
Answer this question