 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / July 2005Failed to Load WSE 2.0 Add-in into VS.NET (CAS-problem)
Having done a standard installation of WSE 2.0 (SP3), I'm perfectly able to right-click a project and use the dialog from "WSE Settings...". However - once I change the PermissionSet (CAS) for the CodeGroup called "My_Computer_Zone" from 'FullThrust' -> 'Everything' (effectively to enable CAS!), I am no longer able to run the WSE 2.0 Add-in. The error is: "The Add-in Microsoft WSE 2.0 Settings Tool" failed to load or threw an Exception (Error 8013150a)". Does anybody have an idea of what is going on? The "Everything" CodeGroup is effectively the same as FullThrust (or mayby not?). /Claus Actually, the Everything permission set is quite different from the FullTrust set. There are three key differences in practice: 1. Everything excludes SecurityPermission\SkipVerification. 2. Everything includes only permissions that ship with the .NET Framework, so new permissions deployed with other assemblies are not granted with the Everything set. 3. It is possible for a demand for full trust to be made (e.g.: implicit LinkDemand for FullTrust when calling into a strongly named assembly that is not marked with AllowPartiallyTrustedCallersAttribute). Such demands will not be passed by assemblies that are granted only the Everything set. I suspect that #3 is the culprit here since the add-in assembly references WseSettings2.dll, which is a strongly named assembly that is not marked with AllowPartiallyTrustedCallersAttribute. To work around this problem, you might want to consider granting full trust to assemblies signed with the WSE setting strong name key (similar to the My_Computer_Zone\Microsoft_Strong_Name group). Having done a standard installation of WSE 2.0 (SP3), I'm perfectly able to right-click a project and use the dialog from "WSE Settings...". However - once I change the PermissionSet (CAS) for the CodeGroup called "My_Computer_Zone" from 'FullThrust' -> 'Everything' (effectively to enable CAS!), I am no longer able to run the WSE 2.0 Add-in. The error is: "The Add-in Microsoft WSE 2.0 Settings Tool" failed to load or threw an Exception (Error 8013150a)". Does anybody have an idea of what is going on? The "Everything" CodeGroup is effectively the same as FullThrust (or mayby not?). /Claus Hi Nicole Thanks for the informative input! What I did not specify is that I naturally DID attempt with granting Full_Thrust to the assemblies (see below for a cut-paste from this Codegroup) **************** Description: WSE 2.0 related assemblies. Assembly evidence must match this membership condition to belong to the code group: Url - file://C:/Program Files/Microsoft WSE/v2.0/*. Assemblies matching the membership condition are granted this permission set at the current policy level: FullTrust. Permission Set Description: Allows full access to all resources ********************* You are correct about the AllowPartiallyThrustedCallers - but the caller here is a Microsoft Assembly (VS.NET), and assemblies exibiting strongnameidentity of <Microsoft snkey> does receive Fullthrust, so VS.NET is therefore not partially thrusted. Has it to do with the fact that VS.NET (the caller) is a COM application? Thanks /Claus > Actually, the Everything permission set is quite different from the > FullTrust set. There are three key differences in practice: [quoted text clipped - 29 lines] > > /Claus > Hi Nicole > [quoted text clipped - 9 lines] > Assembly evidence must match this membership condition to belong to the > code group: Url - file://C:/Program Files/Microsoft WSE/v2.0/*. Code groups based on file paths can be tricky. You need to be using the exact path that will be used at runtime, and finding that exact path can require considerable troubleshooting. In this case, I would recommend using a strong name membership condition instead of a URL membership condition when defining the code group. > You are correct about the AllowPartiallyThrustedCallers - but the caller > here is a Microsoft Assembly (VS.NET), Actually, the problem assembly here is probably WseSettingsVS2.dll, which is not signed with the same Microsoft strong naming key that is used for signing the .NET Framework assemblies (which is granted full trust via the My_Computer_Zone\Microsoft_Strong_Name group). > and assemblies exibiting strongnameidentity of <Microsoft snkey> does > receive Fullthrust, so VS.NET is therefore not partially thrusted. WseSettingsVS2.dll (the add-in assembly) is not signed with the same key, so it isn't granted full trust under the My_Computer_Zone\Microsoft_Strong_Name group. I would recommend creating a similar group (e.g.: My_Computer_Zone\MicrosoftWseSettings_Strong_Name) that uses the key from the WseSettingsVS2.dll assembly. Just so you know, I've tested this approach, and it does work. > Has it to do with the fact that VS.NET (the caller) is a COM application? Probably not since granting full trust to the add-in assembly resolves the problem. > Thanks > /Claus [quoted text clipped - 33 lines] >> >> /Claus Thanks a zillion! SN did the trick. Now - I'm just puzzled as to why the built-in CodeGroup (My_Computer_Zone) does not give everything fullthrust as it's condition is Zone = My Computer? I mean - everything on my C-drive fullfils this condition? That MS has made a SN-condition in addition to this group is just to maintain full trust to their own assemblies (maching a cretain sn). Am I totally way out here? /Claus >> Hi Nicole >> [quoted text clipped - 76 lines] >>> >>> /Claus > Thanks a zillion! > SN did the trick. > > Now - I'm just puzzled as to why the built-in CodeGroup (My_Computer_Zone) > does not give everything fullthrust as it's condition is Zone = My > Computer? Back in your first post in this thread, you reported changing the zone code group to use the Everything permission set instead of FullTrust. Why are you surprised that the FullTrust set is no longer being granted in the zone? > I mean - everything on my C-drive fullfils this condition? Almost everything. Assemblies loaded from the network are probably also stored on your C: drive even though they are not assessed as falling in the local zone. > That MS has made a SN-condition in addition to this group is just to > maintain full trust to their own assemblies (maching a cretain sn). The code groups for the Microsoft and ECMA strong names are redundant as long as the local zone is granted full trust. However, if someone alters the permissions grant on the local zone (as you did by changing the grant from FullTrust to Everything), these two code groups help ensure that the core .NET Framework assemblies and supporting utilities will continue to work correctly. > Am I totally way out here? > [quoted text clipped - 82 lines] >>>> >>>> /Claus Or put in another way - the CodeGroup "My_Computer_Zone" with PermissionSet = "Full Trust" simply just trusts everything running from my harddrive, correct? It effectively disables CAS on my local harddrive? /Claus >> Hi Nicole >> [quoted text clipped - 76 lines] >>> >>> /Claus Answered in your new thread... > Or put in another way - the CodeGroup "My_Computer_Zone" with > PermissionSet = "Full Trust" simply just trusts everything running from my [quoted text clipped - 86 lines] >>>> >>>> /Claus
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.