"Mike" <unkn***@unknown.tv> wrote in message
news:uB$IYJ64JHA.4672@TK2MSFTNGP05.phx.gbl...
> Hi,
>
> I'm catching up to .NET development and I'll reached a point where the
> security aspects are raising a barrier to usefulness and productivity.
> It appears the CAS have evolved from 1.0 to present and it looks like the
> changing is on going.  So yes, it is overwhelming to try  to make sense of
> it all in a short period.
>
> At the end of the day, we have a high-end secured RPC client/server
> framework.
>
> Of course, the installation of the RPC server and/or RPC clients are not
> restricted to just local machine operations - it can be LAN or WAN as
> well.
>
> I'll written a .NET SDK API class library DLL wrapping our native WIN32
> API and have written new clients, some VB6 ports to .NET as well, using
> the new .NET DLL.
>
> My main issue seems to be a chicken and egg issue.  For the sake of
> illustration, given two files, and EXE and DLL
>
>    Wildcat.Net.Server.DLL  <-- .NET SDK DLL
>    BSMiniReport.exe        <--  Example .NET SDK application
>
> installed on a shared network.
>
> The only way I can get these to load/run is to change the Local Intranset
> zone security to full trust - which is fine, but we can't tell customers
> to do this in general.  We need to sandbox our DLL and EXE to be able to
> run on a LAN or WAN.
>
> I explored various security policy attributes, but none of the MSDN
> examples seem to work for me.  Customizing/disabling the Project Security
> didn't seem to work as well.  As long as the local intranet zone is at its
> default level and the EXE/DLL is on a remote drive, it yields security
> exception.
>
> I wonder if this statement in a MSDN CAS design team blog explains it:
>
>      First of all, Identity permissions are granted to assemblies
>      by Policy not through the process of determining their Code
>      Groups membership, but rather as simple reflection of assembly's
>      identity. So you can't grant ZoneIdentityPermission for
>      MyComputer to a particular Code Group [e.g., Internet] via Policy
>      configuration. Instead, all the code "arriving" from Internet
>      will be automatically granted ZoneIdentityPermission for Internet
>      Zone, no matter how the machine code groups are set up.
>
> Overall, I prefer to have a governing EXE or the DLL control the trust in
> our client/server application which is already a customer FQTA
> (Fully Qualified Trusted Application).  Why is .NET so restrictive (and
> complex) to the point that can defeat the purpose by promoting the
> likelihood of operators and users lowering their guard and simply turn off
> the security at the OS .NET RTE level?
>
> Anyway, if possible, what attributes can I use to sandbox our application
> to be able to be installed and run from a FQTA Secured, Isolated shared
> drives?
>
> I tried to use this simple vanilla example to figure it all out.
>
> 'File: testcas.vb
> ' Chicken and egg thing - need to use MSCORCFG.MSC to change the
> ' Intranet ZONE settings.
>
> Imports System
> Imports System.Security
> Imports system.security.policy
> Imports System.Security.Permissions
> Imports System.Runtime.InteropServices
>
> ' exlored
> #If 0 Then
> <Assembly: ZoneIdentityPermissionAttribute( _
>          SecurityAction.RequestMinimum, _
>          Unrestricted:=True, _
>          Zone:=SecurityZone.Intranet)>
> #End If
>
> <Assembly: AllowPartiallyTrustedCallers()>
>
> Module Module1
>     Structure MEMORYSTATUSEX
>         Public Length As Integer
>         Public MemoryLoad As Integer
>         Public TotalPhys As Long
>         Public AvailPhys As Long
>         Public TotalPageFile As Long
>         Public AvailPageFile As Long
>         Public TotalVirtual As Long
>         Public AvailVirtual As Long
>         Public AvailExtendedVirtual As Long
>     End Structure
>
>     '<SuppressUnmanagedCodeSecurity()> _
>     Declare Ansi Function GlobalMemoryStatusEx Lib "kernel32" _
>           (ByRef ms As MEMORYSTATUSEX) As Boolean
>
>     '<SecurityPermission(SecurityAction.Assert,
> Flags:=SecurityPermissionFlag.UnmanagedCode)> _
>     '<StrongNameIdentityPermission(SecurityAction.LinkDemand,
> unrestricted:=True)> _
>     <ZoneIdentityPermissionAttribute(SecurityAction.Demand,
> Zone:=SecurityZone.MyComputer)> _
>     Sub DotNetSecurity()
>         Try
>             Console.WriteLine("- Step 1")
>             Dim ms As MEMORYSTATUSEX
>             Console.WriteLine("- Step 2")
>             ms.Length = Marshal.SizeOf(ms)
>             Console.WriteLine("- Step 2.1")
>             If GlobalMemoryStatusEx(ms) Then
>                 Console.WriteLine("- Memory Load: {0}%", ms.MemoryLoad)
>             End If
>             Console.WriteLine("- Step 3")
>         Catch ex As System.Security.SecurityException
>             Console.WriteLine("Permission Error")
>             Console.WriteLine("--------------------------------")
>             Console.WriteLine(ex.TargetSite)
>             Console.WriteLine("--------------------------------")
>             Console.WriteLine(ex.Message)
>             Console.WriteLine("--------------------------------")
>             Console.WriteLine(ex.StackTrace)
>             Console.WriteLine("--------------------------------")
>         Catch ex As System.Exception
>             ' React to other exceptions here.
>             Console.WriteLine("Permission Error 2")
>         End Try
>     End Sub
>
>     Sub main()
>         'Dim perm As SecurityPermission = New
> SecurityPermission(SecurityPermissionFlag.UnmanagedCode)
>         'perm.Assert()
>         'Dim level As PolicyLevel = Nothing
>         'Dim ph As System.Collections.IEnumerator =
> System.Security.SecurityManager.PolicyHierarchy()
>         'Dim sl As IList = level.NamedPermissionSets
>
>         'Dim p As StrongNameIdentityPermission = New
> StrongNameIdentityPermission(PermissionState.Unrestricted)
>         'p.Assert()
>
>         'Dim z1 As ZoneIdentityPermission = New
> ZoneIdentityPermission(SecurityZone.MyComputer)
>
>         DotNetSecurity()
>         Console.ReadKey(True)
>     End Sub
>
> End Module
>
> I tried many things, but it seems you can't run this from a share drive
> regardless of what the attributes used.
>
> Is that correct?
>
> Full trust is full trust.  MS needs to stop dumbing down developers making
> it highly restrictive and complex and potentially more dangerous by making
> people turn everything off.  Its not like a BAD GUY couldn't bypass .NET
> if they really really wanted to anyway.  So why so complex?  Thats a
> rhetorical question.
>
> I just need to get going with .NET and this part has been a drag for the
> last week.
>
> Thanks for understanding and any insights you can provide.
>
> --
>
>
>

> Hi,
>
> with the latest updates (.NET 2.0 SP2 or .NET 3.5 SP1) Microsoft has
> relaxed security settings for the Intranet zone. You should be able to
> start a .NET exe file from a file share just like any other executable,
> provided that you have the latest updates.
>
> Kind regards,
> Henning Krause
>
> "Mike" <unkn***@unknown.tv> wrote in message
> news:uB$IYJ64JHA.4672@TK2MSFTNGP05.phx.gbl...
>> Hi,
>>
>> I'm catching up to .NET development and I'll reached a point where the
>> security aspects are raising a barrier to usefulness and productivity.
>> It appears the CAS have evolved from 1.0 to present and it looks like
>> the changing is on going.  So yes, it is overwhelming to try  to make
>> sense of it all in a short period.
>>
>> At the end of the day, we have a high-end secured RPC client/server
>> framework.
>>
>> Of course, the installation of the RPC server and/or RPC clients are
>> not restricted to just local machine operations - it can be LAN or WAN
>> as well.
>>
>> I'll written a .NET SDK API class library DLL wrapping our native
>> WIN32 API and have written new clients, some VB6 ports to .NET as
>> well, using the new .NET DLL.
>>
>> My main issue seems to be a chicken and egg issue.  For the sake of
>> illustration, given two files, and EXE and DLL
>>
>>    Wildcat.Net.Server.DLL  <-- .NET SDK DLL
>>    BSMiniReport.exe        <--  Example .NET SDK application
>>
>> installed on a shared network.
>>
>> The only way I can get these to load/run is to change the Local
>> Intranset zone security to full trust - which is fine, but we can't
>> tell customers to do this in general.  We need to sandbox our DLL and
>> EXE to be able to run on a LAN or WAN.
>>
>> I explored various security policy attributes, but none of the MSDN
>> examples seem to work for me.  Customizing/disabling the Project
>> Security didn't seem to work as well.  As long as the local intranet
>> zone is at its default level and the EXE/DLL is on a remote drive, it
>> yields security exception.
>>
>> I wonder if this statement in a MSDN CAS design team blog explains it:
>>
>>      First of all, Identity permissions are granted to assemblies
>>      by Policy not through the process of determining their Code
>>      Groups membership, but rather as simple reflection of assembly's
>>      identity. So you can't grant ZoneIdentityPermission for
>>      MyComputer to a particular Code Group [e.g., Internet] via Policy
>>      configuration. Instead, all the code "arriving" from Internet
>>      will be automatically granted ZoneIdentityPermission for Internet
>>      Zone, no matter how the machine code groups are set up.
>>
>> Overall, I prefer to have a governing EXE or the DLL control the trust
>> in our client/server application which is already a customer FQTA
>> (Fully Qualified Trusted Application).  Why is .NET so restrictive
>> (and complex) to the point that can defeat the purpose by promoting
>> the likelihood of operators and users lowering their guard and simply
>> turn off the security at the OS .NET RTE level?
>>
>> Anyway, if possible, what attributes can I use to sandbox our
>> application to be able to be installed and run from a FQTA Secured,
>> Isolated shared drives?
>>
>> I tried to use this simple vanilla example to figure it all out.
>>
>> 'File: testcas.vb
>> ' Chicken and egg thing - need to use MSCORCFG.MSC to change the
>> ' Intranet ZONE settings.
>>
>> Imports System
>> Imports System.Security
>> Imports system.security.policy
>> Imports System.Security.Permissions
>> Imports System.Runtime.InteropServices
>>
>> ' exlored
>> #If 0 Then
>> <Assembly: ZoneIdentityPermissionAttribute( _
>>          SecurityAction.RequestMinimum, _
>>          Unrestricted:=True, _
>>          Zone:=SecurityZone.Intranet)>
>> #End If
>>
>> <Assembly: AllowPartiallyTrustedCallers()>
>>
>> Module Module1
>>     Structure MEMORYSTATUSEX
>>         Public Length As Integer
>>         Public MemoryLoad As Integer
>>         Public TotalPhys As Long
>>         Public AvailPhys As Long
>>         Public TotalPageFile As Long
>>         Public AvailPageFile As Long
>>         Public TotalVirtual As Long
>>         Public AvailVirtual As Long
>>         Public AvailExtendedVirtual As Long
>>     End Structure
>>
>>     '<SuppressUnmanagedCodeSecurity()> _
>>     Declare Ansi Function GlobalMemoryStatusEx Lib "kernel32" _
>>           (ByRef ms As MEMORYSTATUSEX) As Boolean
>>
>>     '<SecurityPermission(SecurityAction.Assert,
>> Flags:=SecurityPermissionFlag.UnmanagedCode)> _
>>     '<StrongNameIdentityPermission(SecurityAction.LinkDemand,
>> unrestricted:=True)> _
>>     <ZoneIdentityPermissionAttribute(SecurityAction.Demand,
>> Zone:=SecurityZone.MyComputer)> _
>>     Sub DotNetSecurity()
>>         Try
>>             Console.WriteLine("- Step 1")
>>             Dim ms As MEMORYSTATUSEX
>>             Console.WriteLine("- Step 2")
>>             ms.Length = Marshal.SizeOf(ms)
>>             Console.WriteLine("- Step 2.1")
>>             If GlobalMemoryStatusEx(ms) Then
>>                 Console.WriteLine("- Memory Load: {0}%", ms.MemoryLoad)
>>             End If
>>             Console.WriteLine("- Step 3")
>>         Catch ex As System.Security.SecurityException
>>             Console.WriteLine("Permission Error")
>>             Console.WriteLine("--------------------------------")
>>             Console.WriteLine(ex.TargetSite)
>>             Console.WriteLine("--------------------------------")
>>             Console.WriteLine(ex.Message)
>>             Console.WriteLine("--------------------------------")
>>             Console.WriteLine(ex.StackTrace)
>>             Console.WriteLine("--------------------------------")
>>         Catch ex As System.Exception
>>             ' React to other exceptions here.
>>             Console.WriteLine("Permission Error 2")
>>         End Try
>>     End Sub
>>
>>     Sub main()
>>         'Dim perm As SecurityPermission = New
>> SecurityPermission(SecurityPermissionFlag.UnmanagedCode)
>>         'perm.Assert()
>>         'Dim level As PolicyLevel = Nothing
>>         'Dim ph As System.Collections.IEnumerator =
>> System.Security.SecurityManager.PolicyHierarchy()
>>         'Dim sl As IList = level.NamedPermissionSets
>>
>>         'Dim p As StrongNameIdentityPermission = New
>> StrongNameIdentityPermission(PermissionState.Unrestricted)
>>         'p.Assert()
>>
>>         'Dim z1 As ZoneIdentityPermission = New
>> ZoneIdentityPermission(SecurityZone.MyComputer)
>>
>>         DotNetSecurity()
>>         Console.ReadKey(True)
>>     End Sub
>>
>> End Module
>>
>> I tried many things, but it seems you can't run this from a share
>> drive regardless of what the attributes used.
>>
>> Is that correct?
>>
>> Full trust is full trust.  MS needs to stop dumbing down developers
>> making it highly restrictive and complex and potentially more
>> dangerous by making people turn everything off.  Its not like a BAD
>> GUY couldn't bypass .NET if they really really wanted to anyway.  So
>> why so complex?  Thats a rhetorical question.
>>
>> I just need to get going with .NET and this part has been a drag for
>> the last week.
>>
>> Thanks for understanding and any insights you can provide.
>>
>> --
>>
>>
>>

> Hi,
>
> with the latest updates (.NET 2.0 SP2 or .NET 3.5 SP1) Microsoft has
> relaxed security settings for the Intranet zone. You should be able to
> start a .NET exe file from a file share just like any other executable,
> provided that you have the latest updates.
>
> Kind regards,
> Henning Krause
>
> "Mike" <unkn***@unknown.tv> wrote in message
> news:uB$IYJ64JHA.4672@TK2MSFTNGP05.phx.gbl...
>> Hi,
>>
>> I'm catching up to .NET development and I'll reached a point where the
>> security aspects are raising a barrier to usefulness and productivity.
>> It appears the CAS have evolved from 1.0 to present and it looks like
>> the changing is on going.  So yes, it is overwhelming to try  to make
>> sense of it all in a short period.
>>
>> At the end of the day, we have a high-end secured RPC client/server
>> framework.
>>
>> Of course, the installation of the RPC server and/or RPC clients are
>> not restricted to just local machine operations - it can be LAN or WAN
>> as well.
>>
>> I'll written a .NET SDK API class library DLL wrapping our native
>> WIN32 API and have written new clients, some VB6 ports to .NET as
>> well, using the new .NET DLL.
>>
>> My main issue seems to be a chicken and egg issue.  For the sake of
>> illustration, given two files, and EXE and DLL
>>
>>    Wildcat.Net.Server.DLL  <-- .NET SDK DLL
>>    BSMiniReport.exe        <--  Example .NET SDK application
>>
>> installed on a shared network.
>>
>> The only way I can get these to load/run is to change the Local
>> Intranset zone security to full trust - which is fine, but we can't
>> tell customers to do this in general.  We need to sandbox our DLL and
>> EXE to be able to run on a LAN or WAN.
>>
>> I explored various security policy attributes, but none of the MSDN
>> examples seem to work for me.  Customizing/disabling the Project
>> Security didn't seem to work as well.  As long as the local intranet
>> zone is at its default level and the EXE/DLL is on a remote drive, it
>> yields security exception.
>>
>> I wonder if this statement in a MSDN CAS design team blog explains it:
>>
>>      First of all, Identity permissions are granted to assemblies
>>      by Policy not through the process of determining their Code
>>      Groups membership, but rather as simple reflection of assembly's
>>      identity. So you can't grant ZoneIdentityPermission for
>>      MyComputer to a particular Code Group [e.g., Internet] via Policy
>>      configuration. Instead, all the code "arriving" from Internet
>>      will be automatically granted ZoneIdentityPermission for Internet
>>      Zone, no matter how the machine code groups are set up.
>>
>> Overall, I prefer to have a governing EXE or the DLL control the trust
>> in our client/server application which is already a customer FQTA
>> (Fully Qualified Trusted Application).  Why is .NET so restrictive
>> (and complex) to the point that can defeat the purpose by promoting
>> the likelihood of operators and users lowering their guard and simply
>> turn off the security at the OS .NET RTE level?
>>
>> Anyway, if possible, what attributes can I use to sandbox our
>> application to be able to be installed and run from a FQTA Secured,
>> Isolated shared drives?
>>
>> I tried to use this simple vanilla example to figure it all out.
>>
>> 'File: testcas.vb
>> ' Chicken and egg thing - need to use MSCORCFG.MSC to change the
>> ' Intranet ZONE settings.
>>
>> Imports System
>> Imports System.Security
>> Imports system.security.policy
>> Imports System.Security.Permissions
>> Imports System.Runtime.InteropServices
>>
>> ' exlored
>> #If 0 Then
>> <Assembly: ZoneIdentityPermissionAttribute( _
>>          SecurityAction.RequestMinimum, _
>>          Unrestricted:=True, _
>>          Zone:=SecurityZone.Intranet)>
>> #End If
>>
>> <Assembly: AllowPartiallyTrustedCallers()>
>>
>> Module Module1
>>     Structure MEMORYSTATUSEX
>>         Public Length As Integer
>>         Public MemoryLoad As Integer
>>         Public TotalPhys As Long
>>         Public AvailPhys As Long
>>         Public TotalPageFile As Long
>>         Public AvailPageFile As Long
>>         Public TotalVirtual As Long
>>         Public AvailVirtual As Long
>>         Public AvailExtendedVirtual As Long
>>     End Structure
>>
>>     '<SuppressUnmanagedCodeSecurity()> _
>>     Declare Ansi Function GlobalMemoryStatusEx Lib "kernel32" _
>>           (ByRef ms As MEMORYSTATUSEX) As Boolean
>>
>>     '<SecurityPermission(SecurityAction.Assert,
>> Flags:=SecurityPermissionFlag.UnmanagedCode)> _
>>     '<StrongNameIdentityPermission(SecurityAction.LinkDemand,
>> unrestricted:=True)> _
>>     <ZoneIdentityPermissionAttribute(SecurityAction.Demand,
>> Zone:=SecurityZone.MyComputer)> _
>>     Sub DotNetSecurity()
>>         Try
>>             Console.WriteLine("- Step 1")
>>             Dim ms As MEMORYSTATUSEX
>>             Console.WriteLine("- Step 2")
>>             ms.Length = Marshal.SizeOf(ms)
>>             Console.WriteLine("- Step 2.1")
>>             If GlobalMemoryStatusEx(ms) Then
>>                 Console.WriteLine("- Memory Load: {0}%", ms.MemoryLoad)
>>             End If
>>             Console.WriteLine("- Step 3")
>>         Catch ex As System.Security.SecurityException
>>             Console.WriteLine("Permission Error")
>>             Console.WriteLine("--------------------------------")
>>             Console.WriteLine(ex.TargetSite)
>>             Console.WriteLine("--------------------------------")
>>             Console.WriteLine(ex.Message)
>>             Console.WriteLine("--------------------------------")
>>             Console.WriteLine(ex.StackTrace)
>>             Console.WriteLine("--------------------------------")
>>         Catch ex As System.Exception
>>             ' React to other exceptions here.
>>             Console.WriteLine("Permission Error 2")
>>         End Try
>>     End Sub
>>
>>     Sub main()
>>         'Dim perm As SecurityPermission = New
>> SecurityPermission(SecurityPermissionFlag.UnmanagedCode)
>>         'perm.Assert()
>>         'Dim level As PolicyLevel = Nothing
>>         'Dim ph As System.Collections.IEnumerator =
>> System.Security.SecurityManager.PolicyHierarchy()
>>         'Dim sl As IList = level.NamedPermissionSets
>>
>>         'Dim p As StrongNameIdentityPermission = New
>> StrongNameIdentityPermission(PermissionState.Unrestricted)
>>         'p.Assert()
>>
>>         'Dim z1 As ZoneIdentityPermission = New
>> ZoneIdentityPermission(SecurityZone.MyComputer)
>>
>>         DotNetSecurity()
>>         Console.ReadKey(True)
>>     End Sub
>>
>> End Module
>>
>> I tried many things, but it seems you can't run this from a share
>> drive regardless of what the attributes used.
>>
>> Is that correct?
>>
>> Full trust is full trust.  MS needs to stop dumbing down developers
>> making it highly restrictive and complex and potentially more
>> dangerous by making people turn everything off.  Its not like a BAD
>> GUY couldn't bypass .NET if they really really wanted to anyway.  So
>> why so complex?  Thats a rhetorical question.
>>
>> I just need to get going with .NET and this part has been a drag for
>> the last week.
>>
>> Thanks for understanding and any insights you can provide.
>>
>> --
>>
>>
>>