|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Security Exception when deploying a VB.NET 2003 solution.Note: This is the full version of a Post that I inadvertently sent before it was complete. About a year ago I wrote a VB.NET 2003 solution that consists of a number of assemblies (1 EXE and 15 DLLS). As I recall, in order to deploy the solution to a testing server I simply copied the contents of the Bin folder in the development area where the compiled assemblies reside. Be patient with me here, because I haven't used .NET since then ... our primary development environment is still VB6, as we have a large application with 6 years devoted to it and are not quite ready to do a complete re-write in ..NET. The .NET project which had been dormant for a year is now back in action. I tried creating an MSI install project from within the solution. It appeared to include the primary EXE all the necessary dependencies (I don't even remember how I created that Installer at the moment). The bottom line is that now when I try to deploy to either a Test Server share or a local workstation (which is a member of a Domain), I get Microsoft .NET security errors upon trying to start the Executable. Examples: Local Workstation: "An unhandled exception has occurred.... "Access to the path 'C:\Program Files\Testing' is denied. Server Share: "The application attempted to perform an operation not allowed by the security policy. The operation required the SecurityException. To grant this application the required permission please contact your system administrator, or use the Microsoft .NET security policy administrator." So, I used the .NET 1.1 and 2.0 Configuration tools to try to create a Runtime Security Code Group to allow the program to run. I don't remember having to do this last year...strangely enough. I was not able to successfully get the program to execute after a few hours of reading documentation and trying different things in the Configuration tools. The documentation and even the tools themselves are somewhat inscrutable to the uninitiated. Even the fact that there are so many membership conditions is confusing. A plain English explanation somewhere would be helpful. I tried using the Wizard in .NET 1.1 to allow premissions for each and every included assembly... no luck there. I then went on tho use caspol.exe... here is an example of a v2.0 bat file... C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.Client.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.ClientModules.Context.Business.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.ClientModules.Context.Configuration.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.ClientModules.Context.Data.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.ClientModules.Core.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.ClientModules.FTP.Business.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.ClientModules.FTP.Config.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.LocalModules.Configuration.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.LocalModules.Data.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.LocalModules.Document.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.LocalModules.Notice.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.LocalModules.PL.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.LocalModules.Sample.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.LocalModules.Session.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.LocalModules.Test.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm c:\dmedi\dmEDI.WebServices.dll Run in a command prompt, every command indicated SUCCESS. But no luck there either. I fillowed up with the v1.1 version of the same. I then tried following instructions from an MSDN lab exercise... @rem - polchgprompt - Enables or disables the prompt that is displayed @rem - whenever Caspol.exe is run using an option that @rem - would cause policy changes. @rem - addgroup - Adds a new code group to the code group hierarchy. @rem - url - Specifies code that originates from the given URL. @rem - name - specifies the scripting name for a code group to add. CD \ PATH=%windir%\microsoft.net\framework\v1.1.4322\ caspol.exe -polchgprompt off -u -addgroup All_Code -url "C:\dmedi\*" FullTrust -name "dmEDI_on_C_run" caspol.exe -polchgprompt on Pause No good there either. Finally I used the caspol commantd to suspend security checking altogether caspol -e off. No luck... I realize I only ran it in the v2.0 .NET folder. There is an .SNK file in the development folder. The project still runs from the Bin directory in the development folder without a problem. For now I just provide my development partner a link to that EXE so he could continue with his part of the project (which he is writing in VB6... long story). I must get back to another VB6 project due in one week. Any help would be appreciated... thanks in advance. Sorry about the double post. John,
It is hard to say how to fix the problem without knowing exactly what your code is doing. Is it possible your program is trying to open a file in c:\program files\testing that does not exist? Does the active directory give the user have the proper permissions to access files in c:\program files\test? Ken --------------------------- Show quoteHide quote "John Kotuby" wrote: > Hello all, > > Note: This is the full version of a Post that I inadvertently sent before it > was complete. > > About a year ago I wrote a VB.NET 2003 solution that consists of a number > of assemblies (1 EXE and 15 DLLS). As I recall, in order to deploy the > solution to a testing server I simply copied the contents of the Bin folder > in the development area where the compiled assemblies reside. Be patient > with me here, because I haven't used .NET since then ... our primary > development environment is still VB6, as we have a large application with 6 > years devoted to it and are not quite ready to do a complete re-write in > ..NET. > > The .NET project which had been dormant for a year is now back in action. I > tried creating an MSI install project from within the solution. It appeared > to include the primary EXE all the necessary dependencies (I don't even > remember how I created that Installer at the moment). > > The bottom line is that now when I try to deploy to either a Test Server > share or a local workstation (which is a member of a Domain), I get > Microsoft .NET security errors upon trying to start the Executable. > > Examples: > Local Workstation: > "An unhandled exception has occurred.... > "Access to the path 'C:\Program Files\Testing' is denied. > > Server Share: > "The application attempted to perform an operation not allowed by the > security policy. The operation required the SecurityException. To grant this > application the required permission please contact your system > administrator, or use the Microsoft .NET security policy administrator." > > So, I used the .NET 1.1 and 2.0 Configuration tools to try to create a > Runtime Security Code Group to allow the program to run. I don't remember > having to do this last year...strangely enough. I was not able to > successfully get the program to execute after a few hours of reading > documentation and trying different things in the Configuration tools. The > documentation and even the tools themselves are somewhat inscrutable to the > uninitiated. Even the fact that there are so many membership conditions is > confusing. A plain English explanation somewhere would be helpful. > > I tried using the Wizard in .NET 1.1 to allow premissions for each and every > included assembly... no luck there. > > I then went on tho use caspol.exe... here is an example of a v2.0 bat > file... > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.Client.exe > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.ClientModules.Context.Business.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.ClientModules.Context.Configuration.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.ClientModules.Context.Data.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.ClientModules.Core.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.ClientModules.FTP.Business.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.ClientModules.FTP.Config.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.LocalModules.Configuration.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.LocalModules.Data.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.LocalModules.Document.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.LocalModules.Notice.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.LocalModules.PL.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.LocalModules.Sample.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.LocalModules.Session.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.LocalModules.Test.dll > C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm > c:\dmedi\dmEDI.WebServices.dll > > Run in a command prompt, every command indicated SUCCESS. But no luck there > either. I fillowed up with the v1.1 version of the same. > > I then tried following instructions from an MSDN lab exercise... > > @rem - polchgprompt - Enables or disables the prompt that is displayed > @rem - whenever Caspol.exe is run using an option that > @rem - would cause policy changes. > @rem - addgroup - Adds a new code group to the code group hierarchy. > @rem - url - Specifies code that originates from the given URL. > @rem - name - specifies the scripting name for a code group to add. > > CD \ > PATH=%windir%\microsoft.net\framework\v1.1.4322\ > caspol.exe -polchgprompt off -u -addgroup All_Code -url "C:\dmedi\*" > FullTrust -name "dmEDI_on_C_run" > > caspol.exe -polchgprompt on > Pause > > No good there either. > > Finally I used the caspol commantd to suspend security checking altogether > caspol -e off. > No luck... I realize I only ran it in the v2.0 .NET folder. > > There is an .SNK file in the development folder. The project still runs from > the Bin directory in the development folder without a problem. For now I > just provide my development > partner a link to that EXE so he could continue with his part of the project > (which he is writing in VB6... long story). > > I must get back to another VB6 project due in one week. > > Any help would be appreciated... thanks in advance. Sorry about the double > post. > > > > > > > Ken,
Thanks for responding. Your question about opening a file that does not exist, got me to thinking about what other files might be needed by the app. I must confess that I did not write the entire .NET app from scratch. We commissioned a consultant to create the template. I just fleshed out the application to meet the requirements of our site. I have just discovered that by copying a folder named Config along with the Bin folder (which contains the compiled assemblies) to the same location (folder) in the Testing share, I can run the application without the error: "Access to the path 'C:\<anyfolder>\Testing' is denied." The Config folder contains the files Local.Config and Context.Config, XML files with <ModuleSettings> entries. Each contains a <ConnectionString> entry that is used to connect to local SQL Server tables. That is why the above error message is so confusing. However, the other error caused by trying to run the application from another workstation pointing to the same share on the network, : "The application attempted to perform an operation not allowed by the security policy. " .... is indeed resolved by configuring the .NET security policy on the local machine, and is apparrently unrelated to the first error. Thanks again for your input Ken. Show quoteHide quote "Ken Tucker [MVP]" <KenTucker***@discussions.microsoft.com> wrote in message news:CBE4D830-8C48-4078-844E-95464453A76B@microsoft.com... > John, > > It is hard to say how to fix the problem without knowing exactly what > your code is doing. Is it possible your program is trying to open a file > in > c:\program files\testing that does not exist? Does the active directory > give > the user have the proper permissions to access files in c:\program > files\test? > > Ken > --------------------------- > > "John Kotuby" wrote: > >> Hello all, >> >> Note: This is the full version of a Post that I inadvertently sent before >> it >> was complete. >> >> About a year ago I wrote a VB.NET 2003 solution that consists of a >> number >> of assemblies (1 EXE and 15 DLLS). As I recall, in order to deploy the >> solution to a testing server I simply copied the contents of the Bin >> folder >> in the development area where the compiled assemblies reside. Be patient >> with me here, because I haven't used .NET since then ... our primary >> development environment is still VB6, as we have a large application with >> 6 >> years devoted to it and are not quite ready to do a complete re-write in >> ..NET. >> >> The .NET project which had been dormant for a year is now back in action. >> I >> tried creating an MSI install project from within the solution. It >> appeared >> to include the primary EXE all the necessary dependencies (I don't even >> remember how I created that Installer at the moment). >> >> The bottom line is that now when I try to deploy to either a Test Server >> share or a local workstation (which is a member of a Domain), I get >> Microsoft .NET security errors upon trying to start the Executable. >> >> Examples: >> Local Workstation: >> "An unhandled exception has occurred.... >> "Access to the path 'C:\Program Files\Testing' is denied. >> >> Server Share: >> "The application attempted to perform an operation not allowed by the >> security policy. The operation required the SecurityException. To grant >> this >> application the required permission please contact your system >> administrator, or use the Microsoft .NET security policy administrator." >> >> So, I used the .NET 1.1 and 2.0 Configuration tools to try to create a >> Runtime Security Code Group to allow the program to run. I don't remember >> having to do this last year...strangely enough. I was not able to >> successfully get the program to execute after a few hours of reading >> documentation and trying different things in the Configuration tools. The >> documentation and even the tools themselves are somewhat inscrutable to >> the >> uninitiated. Even the fact that there are so many membership conditions >> is >> confusing. A plain English explanation somewhere would be helpful. >> >> I tried using the Wizard in .NET 1.1 to allow premissions for each and >> every >> included assembly... no luck there. >> >> I then went on tho use caspol.exe... here is an example of a v2.0 bat >> file... >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.Client.exe >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.ClientModules.Context.Business.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.ClientModules.Context.Configuration.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.ClientModules.Context.Data.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.ClientModules.Core.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.ClientModules.FTP.Business.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.ClientModules.FTP.Config.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.LocalModules.Configuration.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.LocalModules.Data.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.LocalModules.Document.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.LocalModules.Notice.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.LocalModules.PL.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.LocalModules.Sample.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.LocalModules.Session.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.LocalModules.Test.dll >> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -all -resolveperm >> c:\dmedi\dmEDI.WebServices.dll >> >> Run in a command prompt, every command indicated SUCCESS. But no luck >> there >> either. I fillowed up with the v1.1 version of the same. >> >> I then tried following instructions from an MSDN lab exercise... >> >> @rem - polchgprompt - Enables or disables the prompt that is displayed >> @rem - whenever Caspol.exe is run using an option that >> @rem - would cause policy changes. >> @rem - addgroup - Adds a new code group to the code group hierarchy. >> @rem - url - Specifies code that originates from the given URL. >> @rem - name - specifies the scripting name for a code group to add. >> >> CD \ >> PATH=%windir%\microsoft.net\framework\v1.1.4322\ >> caspol.exe -polchgprompt off -u -addgroup All_Code -url "C:\dmedi\*" >> FullTrust -name "dmEDI_on_C_run" >> >> caspol.exe -polchgprompt on >> Pause >> >> No good there either. >> >> Finally I used the caspol commantd to suspend security checking >> altogether >> caspol -e off. >> No luck... I realize I only ran it in the v2.0 .NET folder. >> >> There is an .SNK file in the development folder. The project still runs >> from >> the Bin directory in the development folder without a problem. For now I >> just provide my development >> partner a link to that EXE so he could continue with his part of the >> project >> (which he is writing in VB6... long story). >> >> I must get back to another VB6 project due in one week. >> >> Any help would be appreciated... thanks in advance. Sorry about the >> double >> post. >> >> >> >> >> >> >> 
Other interesting topics
Compress a string
Help needed, Removing duplicate lines in text file Bug in VS 2005 VB "Application Framework"? How do I get COMPLETE response from HttpWebResponse using StreamReader??? "Array" of pictureboxes Adding reference errors... Help me, please view the strange problem!!! retrieve key from collection My form has a hiccup WinForms Designer Grid |
|||||||||||||||||||||||
