Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Windows Forms / WinForm General / April 2006

Tip: Looking for answers? Try searching our database.

NET permissions, user objects and IE

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Carlos Lozano - 29 Mar 2006 01:31 GMT
Hi,

I will appreciate any insights to set the right permissions to a Windows
Forms Control that is embedded in an html document. The control will be
downloaded by the html doc to the local system to do its job. It  requires
file system and registry access rights (read/write).

One of the problems is that restricted users will open the html document
(using IE) and the control needs to have enough rights to access the file
system and registry as mentioned above.

I have done the following:
1) Signed the control.
2) Created a NET policy to grant the respective rights to the control using
NET configuration snap-in. (even tried full trust and am having problems)

Attempted granting read access to a subkey as below but failed. The specific
code lines are:
try
{
new RegistryPermission(RegistryPermissionAccess.Read, subKey).Assert();

RegistryKey rk;
RegistryKey sk1 = rk.OpenSubKey(subKey);

// Revert assert here
}
catch (SecurityException e)
{
MessageBox.Show(e.ToString());
}

I get an SecurityException at OpenSubKey above.

The file system security settings are given using:
// Set unrestricted permissions to access the filesystem        
new FileIOPermission(PermissionState.Unrestricted).Assert();
string[] sts = Directory.GetLogicalDrives();
// Revert assert here

I get an SecurityException at above line. However the below code works
(weird!!)
new FileIOPermission(PermissionState.Unrestricted).Assert();
string directoryPath = "c:\\";
string st[] = Directory.GetDirectories(directoryPath);
// Revert assert here

Questions:
What is the best way to do it?
Should I impersonate the access with elevated rights? How?
Can I avoid creating a msi package to have the administrator installing the
control locally, before using it?

Thank you,

Carlos
Reply to this Message
John Parrish - 30 Mar 2006 03:15 GMT
Why must the control be within an HTML page? Within the browser you are
in a sandbox, and unless you write a small stub exe to do some
configuration locally (while running under full trust) and have the end
users decide to execute your stub, you won't be able to accomplish what
you are looking for.

This is a good thing, to protect users from malicious code. You need to
be in a zone where your software is given full trust, and that is not
within the browser.
Reply to this Message
Carlos Lozano - 30 Mar 2006 03:47 GMT
Hello John,

I understand security is a must and welcome all MS efforts. However, this
control will be used in the Intranet where users within the network should be
able to use it on demand regardless of which domain they are.
Distributing the control In a multidomain enterprise may require creating
several different groups depending on what users will use it. This brings
additional tasks to the process as creating specific group policies will be
required.
ie. Using IE to distribute an update of the control will require just
uploading the control to the intranet website and that is all. When they
access it again, the new control will be used instead with no other changes.

Seems like there are no many options to do what I was requested.

Thank you for your comments,

Carlos Lozano

> Why must the control be within an HTML page? Within the browser you are
> in a sandbox, and unless you write a small stub exe to do some
[quoted text clipped - 5 lines]
> be in a zone where your software is given full trust, and that is not
> within the browser.
Reply to this Message
John Parrish - 30 Mar 2006 04:43 GMT
Carlos,

In your circumstance 2 things may be possible. 1. Register your
application certificate with a trusted CA, like verisign, entrust, etc.
One that is already configured as a trusted CA within IE. That would
grant your application an implicit trust since (correct me if I'm wrong)
code signed with a trusted CA cert has higher privilege. I am saying
that from knowledge from way back, so it might not work out for you with
CLR code access.

2. Take a look at click-once deployment with Windows Forms. Refer to the
following.

http://msdn.microsoft.com/msdnmag/issues/04/05/ClickOnce/

Hope this helps.

Regards.

John Parrish

> Hello John,
>
[quoted text clipped - 14 lines]
>
> Carlos Lozano
Reply to this Message
Carlos Lozano - 04 Apr 2006 20:20 GMT
Hello John,

I am attemting using the CA approach, but I am having an issue when
assigning the certificate (a PFX file) to the assembly. I am getting a
compiling error saying "bad version of provider" and fails to build.

By any chance do you know what is it about?

Thank you,

Carlos Lozano

> Carlos,
>
[quoted text clipped - 35 lines]
> >
> > Carlos Lozano
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.