|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Security problems in .Net web applicationthe error: --- System.Security.SecurityException: Request for the permission of type 'System. Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. At System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) At System.Security.CodeAccessPermission.Demand() At System.Net.Dns.GetHostAddress(String hostNameOrAddress) At System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port) At C43.Net.C43Client.Connect() The action that failed was: Demad The type of the first permission that failed was: System.Net.DnsPermission The Zone of the assembly that failed was: Internet --- When I host the application in a windows form, it works with no problems, it is only when it is hosted in a web page that I am getting the error. You are seeing a CAS exception here.
Reason is that your evidence shows that you are running in a zone called "Internet". The internet zone has (for a reason!) limited capabilities; among them the ability to call out to other sites/resources. To make this work on your box, you need to (for a start) set full trust to the strongname exposed by your assembly. In the .NET 2.0 configuration MMC snapin, make an entry in the "Internet" zone allowing FullThrust to assemblies exposing your strongname key. A button is present to browse to the assembly in question. After this - you are up and flying again. -- Show quoteHide quotergds. /Claus Konrad "vhbil" wrote: > I have a .net user control which purpose is a chat client and I am getting > the error: > > --- > System.Security.SecurityException: Request for the permission of type 'System. > Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, > PublicKeyToken=b77a5c561934e089' failed. > At System.Security.CodeAccessSecurityEngine.Check(Object demand, > StackCrawlMark& stackMark, Boolean isPermSet) > At System.Security.CodeAccessPermission.Demand() > At System.Net.Dns.GetHostAddress(String hostNameOrAddress) > At System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port) > At C43.Net.C43Client.Connect() > The action that failed was: > Demad > The type of the first permission that failed was: > System.Net.DnsPermission > The Zone of the assembly that failed was: > Internet > --- > > When I host the application in a windows form, it works with no problems, it > is only when it is hosted in a web page that I am getting the error. > > does this mean that everyone thaqt uses this will have to set the trust to
the assembly? Do you think java is better suited for this pupose? Thanks for your reply. Claus Konrad wrote: Show quoteHide quote >You are seeing a CAS exception here. >Reason is that your evidence shows that you are running in a zone called >"Internet". The internet zone has (for a reason!) limited capabilities; among >them the ability to call out to other sites/resources. > >To make this work on your box, you need to (for a start) set full trust to >the strongname exposed by your assembly. > >In the .NET 2.0 configuration MMC snapin, make an entry in the "Internet" >zone allowing FullThrust to assemblies exposing your strongname key. A button >is present to browse to the assembly in question. > >After this - you are up and flying again. > >> I have a .net user control which purpose is a chat client and I am getting >> the error: >[quoted text clipped - 19 lines] >> When I host the application in a windows form, it works with no problems, it >> is only when it is hosted in a web page that I am getting the error. You are asking this question in a MS related newsgroup. Your replies will be
somewhat biased :-) Whether you want to use .NET or Java is a matter of taste/religion. They both have a concept of CAS, so they will both suffide in these matters. The problems is that you want to let users use your component without taking explicit approval of this. This somewhat contradicts the notion of security, does'nt it? CAS is a very good thing, you just need to be aware of it's behaviour. As long as you are deploying this as a standalone exe (yes?), you can include in the install package a modification/addition to the CAS settings on the client's PC. Alternative, if you copy the standalone to the clients PC, by default it will work as the code will be calling from the local harddrive and hence be part of the CodeGroup called My_Computer_Zone which by default has FULLTRUST. -- Show quoteHide quotergds. /Claus Konrad "vhbil via DotNetMonster.com" wrote: > does this mean that everyone thaqt uses this will have to set the trust to > the assembly? Do you think java is better suited for this pupose? > > Thanks for your reply. > > Claus Konrad wrote: > >You are seeing a CAS exception here. > >Reason is that your evidence shows that you are running in a zone called > >"Internet". The internet zone has (for a reason!) limited capabilities; among > >them the ability to call out to other sites/resources. > > > >To make this work on your box, you need to (for a start) set full trust to > >the strongname exposed by your assembly. > > > >In the .NET 2.0 configuration MMC snapin, make an entry in the "Internet" > >zone allowing FullThrust to assemblies exposing your strongname key. A button > >is present to browse to the assembly in question. > > > >After this - you are up and flying again. > > > >> I have a .net user control which purpose is a chat client and I am getting > >> the error: > >[quoted text clipped - 19 lines] > >> When I host the application in a windows form, it works with no problems, it > >> is only when it is hosted in a web page that I am getting the error. > > -- > Message posted via http://www.dotnetmonster.com > > Sorry for the non MS question, The reason for it is that I have been to many
chat sites that do not require me to change any security settings, and was wondering how to achieve this. To have to adjust the security settings on a assembly would really lowerr the audience the control would get, not just in being annoying but a lot of people would not know how to do this. I really do understand the security aspect of this, and that people would be able to browse to a trojen more or less if this was easy to acheive, but does this mean that sites with a real application for needing a netowork connection from a browser based app can't? Claus Konrad wrote: Show quoteHide quote >You are asking this question in a MS related newsgroup. Your replies will be >somewhat biased :-) > >Whether you want to use .NET or Java is a matter of taste/religion. They >both have a concept of CAS, so they will both suffide in these matters. The >problems is that you want to let users use your component without taking >explicit approval of this. >This somewhat contradicts the notion of security, does'nt it? CAS is a very >good thing, you just need to be aware of it's behaviour. > >As long as you are deploying this as a standalone exe (yes?), you can >include in the install package a modification/addition to the CAS settings on >the client's PC. >Alternative, if you copy the standalone to the clients PC, by default it >will work as the code will be calling from the local harddrive and hence be >part of the CodeGroup called My_Computer_Zone which by default has FULLTRUST. > >> does this mean that everyone thaqt uses this will have to set the trust to >> the assembly? Do you think java is better suited for this pupose? >[quoted text clipped - 20 lines] >> >> When I host the application in a windows form, it works with no problems, it >> >> is only when it is hosted in a web page that I am getting the error. -- Message posted via DotNetMonster.com http://www.dotnetmonster.com/Uwe/Forums.aspx/dotnet-security/200610/1 The specific problem is that the zone "Internet_Zone" does not allow a
webapplication to query the DNS; for a reason! Allowing an app. to query the DNS would potentially reveal information about the network local to the application (to name an example). However - if you can make the chatclient work without DNS queries, there are no problems in the default security settings of Internet_Zone. Do a search on MS or Google on CAS and Internet_Zone. It is difficult to aid anymore without having been presented with the code itself now... -- Show quoteHide quotergds. /Claus Konrad MCSD.NET (C#) "vhbil" wrote: > I have a .net user control which purpose is a chat client and I am getting > the error: > > --- > System.Security.SecurityException: Request for the permission of type 'System. > Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, > PublicKeyToken=b77a5c561934e089' failed. > At System.Security.CodeAccessSecurityEngine.Check(Object demand, > StackCrawlMark& stackMark, Boolean isPermSet) > At System.Security.CodeAccessPermission.Demand() > At System.Net.Dns.GetHostAddress(String hostNameOrAddress) > At System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port) > At C43.Net.C43Client.Connect() > The action that failed was: > Demad > The type of the first permission that failed was: > System.Net.DnsPermission > The Zone of the assembly that failed was: > Internet > --- > > When I host the application in a windows form, it works with no problems, it > is only when it is hosted in a web page that I am getting the error. > > 
Other interesting topics
X.509 Certificate store - getting - creating certs
SecurityException thrown when serializing custom exception class Question on the use of CryptoStream How to deploy a VS2005 VB app without signing the clickonce manifest and assy WinForm user authentication COM+ Security error Credentials Double Hop encryption prob How do I determine if a windows identity is authenticated to the network domain Move.file |
|||||||||||||||||||||||
