Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Languages / C# / May 2008

Tip: Looking for answers? Try searching our database.

.NET apps not being recognized as being in the Intranet Zone

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
WATYF - 16 May 2008 17:20 GMT
So I had a problem recently... my .NET apps would no longer run from a
particular share, nor could I open them in VS.NET. See:
http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/browse_t
hread/thread/51cb5c13ce875757?hl=en

So I went into Internet Explorer's "zone" area and added the domain
that the network share is on to the "Intranet Sites" list.

But the problem still remains the same. I've got a network share that
is mapped using a full domain (xx.mydomain.xxx), and I've added that
domain to the Internet settings so that it is treated as a "Local
Intranet" site, and I've set the .NET security settings for
LocalIntranet to "FullTrust", and yet it still doesn't work?

Any ideas why? Is there somewhere else that I should be assigning that
domain as an "Intranet" site?

WATYF
Reply to this Message
qglyirnyfgfo@mailinator.com - 16 May 2008 20:21 GMT
Hi,

Not sure if this will help but, the “.Net Framework 2.0 Configuration”
utility has an option called “Evaluate Assembly”. Have you tried
running that utility to see what code groups are you assemblies being
evaluated against?

I realize that this will not solve the problem but it may give you an
idea of what’s going on.

> So I had a problem recently... my .NET apps would no longer run from a
> particular share, nor could I open them in VS.NET. See:http://groups.google.com/group/microsoft.public.dotnet.languages.csha...
[quoted text clipped - 12 lines]
>
> WATYF
Reply to this Message
WATYF - 19 May 2008 17:49 GMT
On May 16, 2:21 pm, qglyirnyf...@mailinator.com wrote:
> Hi,
>
[quoted text clipped - 5 lines]
> I realize that this will not solve the problem but it may give you an
> idea of what’s going on.

Using the "Evaluate Assembly" tool, I can see that all assemblies on
this particular share are showing up as being in the "Internet Zone".
But I already knew this (see previous post linked above).

WATYF
Reply to this Message
james - 18 May 2008 20:20 GMT
> So I had a problem recently... my .NET apps would no longer run from a
> particular share, nor could I open them in VS.NET. See:
[quoted text clipped - 14 lines]
>
> WATYF

IIRC, you need to be using caspol.exe rather than the zones set with
Internet Explorer.  That's what I had to do in my very similar case,
anyway.

Good luck!

Signature

The email address, above, is most certainly munged.  Perhaps you
might reply to the newsgroup, instead?  Thanks!

Reply to this Message
WATYF - 19 May 2008 17:51 GMT
> > So I had a problem recently... my .NET apps would no longer run from a
> > particular share, nor could I open them in VS.NET. See:
[quoted text clipped - 24 lines]
> The email address, above, is most certainly munged.  Perhaps you
> might reply to the newsgroup, instead?  Thanks!

How would I use caspol to do this? I tried running it from command
line, but I got an "access denied" message.

Basically, I just need to tell ".NET" that any assembly that exists on
the drive mapped like so: ( share on 'sub.corpdomain.org\shares' )
belongs to the IntRAnet zone, not the IntERnet zone. How do I do
this??

WATYF
Reply to this Message
james - 21 May 2008 07:18 GMT
>> WATYF <WAT...@gmail.com> wrote
>> innews:b49180b8-f865-4aae-aa4c-6896e6d9f3c8@l64g2000hse.googlegroups.c
>> om:
>>
>> > So I had a problem recently... my .NET apps would no longer run
>> > from a particular share, nor could I open them in VS.NET. See:
[snip]
>> > So I went into Internet Explorer's "zone" area and added the domain
>> > that the network share is on to the "Intranet Sites" list.
>>
>> > But the problem still remains the same. I've got a network share
[snip]
>> IIRC, you need to be using caspol.exe rather than the zones set with
>> Internet Explorer.  That's what I had to do in my very similar case,
[quoted text clipped - 15 lines]
>
> WATYF

It gets complicated.  First, a reference:
http://msdn.microsoft.com/en-us/library/cb6t8dtz(VS.80).aspx

You might also try a:
<dotnetframeworkpath\caspol.exe -list | more
to see what _they_ mean by the groups (some of which share names with
more familiar IE groups).

So, my .Net 2.0 program, to get to run from a network share, required
several things.  First, the person setting up for remote access was a
local admin on the box.  Power User might work, I'm not sure.  The user
has to be able to modify local security policies, though, because that's
what caspol does.  Second, they required caspol.exe, which is usually in
c:\windows\microsoft.net\framework\v<version>\CasPol.exe.  Note that if
side-by-side versions of .Net are installed then you must use the one
that corresponds with the version of .Net framework your program uses.

Then I wrote this command file:
@echo off
echo y|c:\windows\microsoft.net\frameowrk\v2.0.50727\caspol.exe -m -ag
1.2 -url file://server/sharename/path/to/my/program/* FullTrust
exit

That echo y| thing is all one easy-to-read line.  -ag 1.2 is AddGroup for
the Zone - Intranet: LocalIntranet, which is how intranet shares are
classified.  The 1.2 is easily found in the first few lines of caspol -
list | more.

Google is your friend.  Also, I should have named my entry because I seem
to be getting multiple entries, one per program update.  Also, every user
must rerun the caspol command file each time your program version is
updated because that's part of the security (note that the * in my
example allows _all_ code from that location to be run, not necessarily
very secure).

I found my example using google, hopefully this is enough to get you
going.

Signature

The email address, above, is most certainly munged.  Perhaps you
might reply to the newsgroup, instead?  Thanks!

Reply to this Message
WATYF - 29 May 2008 16:15 GMT
> >> WATYF <WAT...@gmail.com> wrote
> >> innews:b49180b8-f865-4aae-aa4c-6896e6d9f3c8@l64g2000hse.googlegroups.c
[quoted text clipped - 68 lines]
> The email address, above, is most certainly munged.  Perhaps you
> might reply to the newsgroup, instead?  Thanks!

Hi there. I appreciate the response. I have, of course, been using
Google to find the answer to this, but it hasn't returned any useful
results as yet. And while your example seemed very promising at first,
unfortunately it doesn't solve my problem.

What you're doing is making a share trusted... which I had already
done, and which was already working well for quite some time. The
issue arose when my IT dept decided to change the way the share is
mapped. It is no longer mapped using the UNC path (\\server\share
\subfolder\). It is now mapped using a domain (sub.corpdomain.org\share
\subfolder). It is this method of mapping that causes the problem,
because, apparently, it doesn't see that share as a network share, but
rather as an internet URL (which is why it puts it in the Internet
zone).

My problem lies with telling .NET that all apps at that URL are
trusted.

WATYF
Reply to this Message
WATYF - 29 May 2008 18:46 GMT
> > >> WATYF <WAT...@gmail.com> wrote
> > >> innews:b49180b8-f865-4aae-aa4c-6896e6d9f3c8@l64g2000hse.googlegroups.c
[quoted text clipped - 88 lines]
>
> WATYF

Well... I mostly found a solution for this.

I tried a million different ways from Sunday to add the domain
(sub.corpdomain.org) as a trusted URL (I used -url, I used -site, with
wildcards, without wildcards, I added the group at the All Code level,
at the Intranet level, at the Internet level, etc) but nothing
worked... so I decided to try the actual drive letter (since this
particular share is always mapped to the same letter)... and lo and
behold... it worked.

So here's what the syntax for caspol would be:

caspol -m -url file:\\Z:/* FullTrust

(where "Z" is the drive letter).

You can do this in the .NET 2.0 configuration tool as well (go to
Runtime Security Policy > Machine > Code Groups > All_Code and add a
new group for URL using that same url (file:\\Z:/*).

Note that I didn't add it at the Intranet level...that's because this
share wasn't showing up in the Intranet level (since that's the source
of my problem in the first place). You could also add this group to
the Internet zone, but I want this to affect all code, even stuff that
somehow falls under another zone (since it used to run as Intranet and
now runs as Internet, I don't want to have to worry about it switching
back and breaking this configuration).

WATYF
Reply to this Message
WATYF - 29 May 2008 18:56 GMT
Crap... I switched up the slashes... the URL would be:

file://Z:\*
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.