Hello all,

  I am using C# Express 2005 that parses a log file then generates a
report in another file. When I run the application from a network drive
it throws a SecurityException when I attempt to create a StreamWriter
instance. It fails at the following line..

sw = new StreamWriter( reportFile );

the exception reported is

{"Request for the permission of type
'System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed."}    System.Exception {System.Security.SecurityException}

I have tried to set the Permissions for the file, but it still throws
an exception. What do I need to do in order for the StreamWriter to
open the file for writing? Here is the code that I have so far..

string  reportFile = Directory.GetCurrentDirectory() + "\\" +
m_LogFileName + ".rpt";
StreamWriter sw;
/*
* Open the report file for writing
*/
if ( File.Exists( reportFile ) )
{
  File.Delete( reportFile );
}

try
{
  System.Security.SecurityManager.SecurityEnabled = false;
  FileIOPermission FilePermission = new FileIOPermission(
FileIOPermissionAccess.Write, reportFile );
  FilePermission.Assert();

  sw = new StreamWriter( reportFile );

  // Log information that I need

  sw.Flush();
  sw.Close();

}
{
  Console.WriteLine( "There was an error creating the report file. The
error returned was" );
  Console.WriteLine( "  " + e.Message );
}

Any suggestions is greatly appreciated. Thanks

Mark

See the thread at
http://groups-beta.google.com/group/microsoft.public.dotnet.security/browse_frm/thread/68dea33651b79cae/69cdc12950f553d5?hl=en#69cdc12950f553d5
for some possible workarounds.




<Lord***@hotmail.com> wrote in message
Show quoteHide quote

Nicole,

  Thanks for the link and I checked it out. Since the project is a
console application I don't think I can use the SaveFileDialog which
was listed as item 3. As far as the CAS (code access security) I don't
know in advanced which people might use this and from where (desktops,
lab computers, laptops taken to the qual labs or off-site locations) so
adjust the CAS for each station might be hard to accomplish.

  Regarding the last item which is " isolated storage" I am not sure
exactly what this is. Ideally I would like to write the log file in the
same folder as the log file is in which might be a network drive in
this case.

Mark

<Lord***@hotmail.com> wrote in message
This shouldn't be a problem.  Have you tried adding a reference to
System.Windows.Forms.dll?


That depends.  If you are on a Windows domain, CAS policy changes can be
deployed via group policy.  Even if you are on a non-Windows network,
automated deployment may still be possible via login scripts.


Isolated storage definitely won't do the trick if you want to write to a
specific location.  However, I really don't get what "write the log in the
same folder as the log file is in" is meant to represent... <g>




Show quoteHide quote

Nicole,

  I will try the adding the System.Windows.Forms.dll as a reference and
try the SaveFileDialog. I just assumed since this was a console
application any type of GUI items wouldn't work.

same folder as the log file is in" is meant to represent... <g>

Sorry, the file that I am parsing is in fact a log file from an unit
which has ran through qaulifications lab. The UUT (unit under test)
sends about 190 bytes of information per 50 Hz frame. The files get
rather large for a human to read through them, hence this application I
am trying to develop. Any how, I really should have stated it as "write
the report in the same location as the log file". I hope that helps
clear it up. I still don't think the CAS will work since I can control
the computers at the qual lab nor a customers network. So setting the
CAS might prove to be rather difficult.

  Is there a way to turn off the security checking or inform the
application to fully trust its location?

Mark

<Lord***@hotmail.com> wrote in message
<snip>
Where is this relative to the location of the executable?


While you can't personally do this, might you be able to enlist the help of
their network administrators in order to deploy a CAS policy modification?
If not, is there any reason that your application must be deployed to
network instead of the end users' machines?


Yes, but applying such changes require elevated CAS permissions (as well as
administrative user permissions).  If your application possessed the
required CAS permissions for these operations, it wouldn't have any problems
writing to the disk either. <g>

Applying these changes outside your application would involve the same sorts
of deployment schemes as changing the CAS policy, so it's not really worth
pursuing such workarounds from an ease of deployement perspective either.


Show quoteHide quote

Nicole,

The executable's location will depend upon where the end user places
it. More than likely they will end up using a lab computer, but the
files will be placed on a network drive. This will be more convenient
for the person using the application.

Since I still very new to C# development I have been using smaller
projects as in the case with this one to build me skills in C#. I work
in an embedded environment and most people will not look at the
benefits of using .NET. I have already seen critism for using .NET
technologies for smaller/side projects I have done. This behavior of
not being able to write to a network drive will probably force a halt
to any future development of C# or .NET on my part. I understand the
security aspect, but I don't understand why I can't simply turn this
security check off with an attribute or a compiler switch. Then again,
this would defeat the purpose of the checks as some bad person would
simply switch the checks off.

It is encounters/pitfalls like this one that I wish .NET was more like
VB6 or even C++. Thanks for all the help so far.

Mark

<Lord***@hotmail.com> wrote in message
If your executable is running on the user's local machine then, under
default CAS policy settings, they should have no problems saving files to a
network drive (assuming, of course, that the user's Windows account has
adequate permissions to the target file location).



A locally installed executable should be able to write to a network drive.
The problem you described before was encountered when running an executable
running from the network, not from the local machine.  If you are
encountering a similar problem when running from the local machine, is it
possible that you modified your CAS policy?



Then you don't understand the security aspect properly. <g>  The CAS
permissions verification is meant to protect users from potentially
malicious actions (such as messing about with files) that code might attempt
to perform.  If that same potentially malicious code could simply "turn off"
the permissions verifications, the CAS system would offer no protection at
all.


Ah, so you've got it after all. <g>  This is why such modifications to CAS
policy can only be done by highly privileged code run by a highly privileged
user.  If you want to run your code from a potentially dangerous source
(e.g.: the intranet or internet as opposed to the local machine), then
you'll need to either keep within the actions allowed in that zone under CAS
policy or take the steps necessary to modify the CAS policy on the clients.



I suspect that you, like most of the rest of us <g>, may have run into quite
a few gotchas while learning VB and C++ as well.  And, like most of the rest
of us, you've probably managed to forget the pain of it all over time...

Nicole,

  Since I probably will not be able to accomplish executing the
application from a network and then write a report file to a network
drive, how do I go about checking before hand if the application has
security permission to open then write to a file?

Oh, no. I relive the frustration from time to time during sustaining
activites. ;) There are times when I think it would be cool to be an
applications programmer, but then again writing low level code for the
embedded world has its advantages. Then again, getting the a low level
driver working correctly can get frustrating also. Just the every day
activity of a software person.

Mark

<Lord***@hotmail.com> wrote in message
The most suitable approach would probably be to demand the necessary
FileIOPermission in your code, presumably when your application loads.  (I'm
guessing that you'll probably want to demand unrestricted FileIOPermission
given that it sounds like you want the user to be able to save to any local
or network location at any time.)  Just be careful to call into a separate
method to make the demand since the Demand method only evaluates the higher
level callers, not the method from which the Demand call itself is made.

Just so you know, it's also possible to prevent the loading of your
application if it does not have the appropriate permissions.  Since you'll
presumably want to actually run the assembly in order to display a custom
message to the users in case of missing permissions, this probably isn't the
approach you'll want to take.  However, just in case you would prefer it for
some reason, the basic approach is to add a "request minimum" security
attribute at the assembly level.  e.g.:

[assembly: FileIOPermission(SecurityAction.RequestMinimum, Unrestricted =
true)]



Show quoteHide quote

Sandboxing AppDomain
can you put a strong name assembly in a role?
Can't determine if a file exists
'System.Security.SecurityException' when running .exe file from ot
Strong Name broken?
windows forms UserControl compiled with beta 2 doesn't work with IE
VS2005 - X509 key not loaded correctly for FTPS server authentication ?
CAS Permission Sets
CryptGenKey & CryptImportKey slow in certain situations
Forms Authentication - how to proceed when valid login?