|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Possible security error loading an Xsl?I've run into a problem that may be security related that I haven't been able to find a whole lot of information on and I'm hoping someone might recognize it enough to give me some pointers. I've got the following code: XslTransform myTransform = new XslTransform(); myTransform.Load(@"M:\MyData\MyTransform.xsl"); When the call to the Load routine executes, I get a system ArgumentException with the description "Invalid Site". Here's the stack trace: at System.Security.Util.SiteString.CreateSeparatedSite(String site) at System.Security.Util.SiteString..ctor(String site) at System.Security.Policy.Site.ParseSiteFromUrl(String name) at System.Security.Policy.Site.CreateFromUrl(String url) at System.Xml.XmlSecureResolver.CreateEvidenceForUrl(String securityUrl) at System.Xml.Xsl.XslTransform.Load(String url, XmlResolver resolver) at System.Xml.Xsl.XslTransform.Load(String url) ... I haven't been able to find much information on CreateSeparatedSite and what I've been able to find on ParseSiteFromUrl doesn't really tell me much. The XSL file is there and teh XSL code is correct (it's been used in other instances with no problems.) This is the first time this code has been tested on this particular laptop running Windows 2003 server, but it's been run on that platform (and other) Windows boxes elsewhere and not received this error. Could this be a system setting under security? In order to test this code, I did have to create a FullTrust Runtime Security policy for the URL file://M:/* under the .NET configuration for Runtime Security Policy > Machine > Code Groups > All_Code. Might there be some other entry I have to make? Got a headache from banging my head against this one, so any help is MUCH appreciated. Regards, Ed This doesn't seem to be related to CAS permissions at all. Instead, it
would appear to be a consequence of how the zone is being evaluated for the specified path on Windows 2003. Only URIs for files in the internet and trusted sites zones result in the code path that includes Site.CreateFromUrl being evaluated. However, it would appear that a mapped drive path ends up being evaluated as falling in one of those zones on Windows 2003, but not on Windows XP. One obvious workaround for the problem would be to use a local copy of the XSL file. HTH, Nicole Show quoteHide quote "Ed Murphy" <Ed Mur***@discussions.microsoft.com> wrote in message news:D25466C0-4402-4724-AD40-EF3A743C9D5D@microsoft.com... > Hi, > > I've run into a problem that may be security related that I haven't been > able to find a whole lot of information on and I'm hoping someone might > recognize it enough to give me some pointers. > > I've got the following code: > > XslTransform myTransform = new XslTransform(); > myTransform.Load(@"M:\MyData\MyTransform.xsl"); > > When the call to the Load routine executes, I get a system > ArgumentException with the description "Invalid Site". > > Here's the stack trace: > at System.Security.Util.SiteString.CreateSeparatedSite(String site) > at System.Security.Util.SiteString..ctor(String site) > at System.Security.Policy.Site.ParseSiteFromUrl(String name) > at System.Security.Policy.Site.CreateFromUrl(String url) > at System.Xml.XmlSecureResolver.CreateEvidenceForUrl(String > securityUrl) > at System.Xml.Xsl.XslTransform.Load(String url, XmlResolver resolver) > at System.Xml.Xsl.XslTransform.Load(String url) > ... > > I haven't been able to find much information on CreateSeparatedSite and > what I've been able to find on ParseSiteFromUrl doesn't really tell me > much. The XSL file is there and teh XSL code is correct (it's been used > in other instances with no problems.) This is the first time this code > has been tested on this particular laptop running Windows 2003 server, > but it's been run on that platform (and other) Windows boxes elsewhere > and not received this error. > > Could this be a system setting under security? In order to test this > code, I did have to create a FullTrust Runtime Security policy for the > URL file://M:/* under the .NET configuration for Runtime Security > Policy > Machine > Code Groups > All_Code. Might there be some other > entry I have to make? > > Got a headache from banging my head against this one, so any help is > MUCH appreciated. > > Regards, > Ed Ah...thanks bunches. When I move the file to the local disk it works. Thanks
for the pointer! Got to make a note in the documentation for the program. :) Show quoteHide quote "Nicole Calinoiu" wrote: > This doesn't seem to be related to CAS permissions at all. Instead, it > would appear to be a consequence of how the zone is being evaluated for the > specified path on Windows 2003. Only URIs for files in the internet and > trusted sites zones result in the code path that includes Site.CreateFromUrl > being evaluated. However, it would appear that a mapped drive path ends up > being evaluated as falling in one of those zones on Windows 2003, but not > on Windows XP. One obvious workaround for the problem would be to use a > local copy of the XSL file. > > HTH, > Nicole > > > "Ed Murphy" <Ed Mur***@discussions.microsoft.com> wrote in message > news:D25466C0-4402-4724-AD40-EF3A743C9D5D@microsoft.com... > > Hi, > > > > I've run into a problem that may be security related that I haven't been > > able to find a whole lot of information on and I'm hoping someone might > > recognize it enough to give me some pointers. > > > > I've got the following code: > > > > XslTransform myTransform = new XslTransform(); > > myTransform.Load(@"M:\MyData\MyTransform.xsl"); > > > > When the call to the Load routine executes, I get a system > > ArgumentException with the description "Invalid Site". > > > > Here's the stack trace: > > at System.Security.Util.SiteString.CreateSeparatedSite(String site) > > at System.Security.Util.SiteString..ctor(String site) > > at System.Security.Policy.Site.ParseSiteFromUrl(String name) > > at System.Security.Policy.Site.CreateFromUrl(String url) > > at System.Xml.XmlSecureResolver.CreateEvidenceForUrl(String > > securityUrl) > > at System.Xml.Xsl.XslTransform.Load(String url, XmlResolver resolver) > > at System.Xml.Xsl.XslTransform.Load(String url) > > ... > > > > I haven't been able to find much information on CreateSeparatedSite and > > what I've been able to find on ParseSiteFromUrl doesn't really tell me > > much. The XSL file is there and teh XSL code is correct (it's been used > > in other instances with no problems.) This is the first time this code > > has been tested on this particular laptop running Windows 2003 server, > > but it's been run on that platform (and other) Windows boxes elsewhere > > and not received this error. > > > > Could this be a system setting under security? In order to test this > > code, I did have to create a FullTrust Runtime Security policy for the > > URL file://M:/* under the .NET configuration for Runtime Security > > Policy > Machine > Code Groups > All_Code. Might there be some other > > entry I have to make? > > > > Got a headache from banging my head against this one, so any help is > > MUCH appreciated. > > > > Regards, > > Ed > > >  
Other interesting topics
Basic question about Public Private Key Pairs
ASP.NET Uploading Security Issue? Distributed winforms application security system.security.securityexception WindowsIdentity role caching in ASP.NET IsInRole groupname with white space. Check for certian privileges High-strength crypto problems Restricting Upload File Types Impersonation code |
|||||||||||||||||||||||
