The Thread Security Of It All
-
I wrote my first multi-threaded app in C# and I am having a bit of a problem. Everything works perfectly when the app is run on a users local machine. The problem comes into play when a person runs the app from our network. I'll try to explain this as best as I can, I have a class which creates a member varible of a thread, then starts this thread. The thread goes to a member function in the same class where a new class is created and I call the "worker" member function of this new class. This function enumerates some processes and deletes and renames a file. Basiclly when this is run from the network it hangs/crashes with a security exception when calling the new class member function. The only exception message I get back is "Request failed." that's it... I also get a secuity exception when I call Application.Exit() (Which is the last line before main() ends)
IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode"Strage stuff, cause none of these problems happen when working off a local copy on my HD. One interesting note, if I comment out the code in my "worker" class member function. I don't get the Request failed. Any idea what all this is about?? Cause I am so confused!! :doh: -
I wrote my first multi-threaded app in C# and I am having a bit of a problem. Everything works perfectly when the app is run on a users local machine. The problem comes into play when a person runs the app from our network. I'll try to explain this as best as I can, I have a class which creates a member varible of a thread, then starts this thread. The thread goes to a member function in the same class where a new class is created and I call the "worker" member function of this new class. This function enumerates some processes and deletes and renames a file. Basiclly when this is run from the network it hangs/crashes with a security exception when calling the new class member function. The only exception message I get back is "Request failed." that's it... I also get a secuity exception when I call Application.Exit() (Which is the last line before main() ends)
IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode"Strage stuff, cause none of these problems happen when working off a local copy on my HD. One interesting note, if I comment out the code in my "worker" class member function. I don't get the Request failed. Any idea what all this is about?? Cause I am so confused!! :doh:Working in a local environment (where you also are running as an administrator of your machine) creates a false sense of ... well ... security in your code. ;) No pun intended. Some things to check out: Did you establish security permissions in your project ? Can NT security be part of the problem? Do you have read rights where you really need read/write rights when running on the server? If all of the rights look alright, then did you set your security provider correctly? Default for SecurityProvider is GeneralProvider. You need to specifically change it to have a WindowsProvider as your security. ______________________________ The Tao gave birth to machine language. Machine language gave birth to the assembler. The assembler gave birth to ten thousand languages. Each language has its purpose, however humble. Each language expresses the Yin and Yang of software. Each language has its place within the Tao. Beauty exists because we give a name to C#. Bad exists because we give a name to COBOL.
-
Working in a local environment (where you also are running as an administrator of your machine) creates a false sense of ... well ... security in your code. ;) No pun intended. Some things to check out: Did you establish security permissions in your project ? Can NT security be part of the problem? Do you have read rights where you really need read/write rights when running on the server? If all of the rights look alright, then did you set your security provider correctly? Default for SecurityProvider is GeneralProvider. You need to specifically change it to have a WindowsProvider as your security. ______________________________ The Tao gave birth to machine language. Machine language gave birth to the assembler. The assembler gave birth to ten thousand languages. Each language has its purpose, however humble. Each language expresses the Yin and Yang of software. Each language has its place within the Tao. Beauty exists because we give a name to C#. Bad exists because we give a name to COBOL.
His project and NT security have nothing to do with it. It's .NET Code Access Security, which is a feature of the CLR.
Microsoft MVP, Visual C# My Articles
-
I wrote my first multi-threaded app in C# and I am having a bit of a problem. Everything works perfectly when the app is run on a users local machine. The problem comes into play when a person runs the app from our network. I'll try to explain this as best as I can, I have a class which creates a member varible of a thread, then starts this thread. The thread goes to a member function in the same class where a new class is created and I call the "worker" member function of this new class. This function enumerates some processes and deletes and renames a file. Basiclly when this is run from the network it hangs/crashes with a security exception when calling the new class member function. The only exception message I get back is "Request failed." that's it... I also get a secuity exception when I call Application.Exit() (Which is the last line before main() ends)
IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode"Strage stuff, cause none of these problems happen when working off a local copy on my HD. One interesting note, if I comment out the code in my "worker" class member function. I don't get the Request failed. Any idea what all this is about?? Cause I am so confused!! :doh:The Common Language Runtime (CLR) features Code Access Security - a sandbox environment for .NET, if you will. By default, applications executed from the network (or that use network resources) run without FullTrust permissions. They are limited in what they can do, and local file access is restricted, among many other things. I suggest you first read Understanding .NET Code Access Security[^]. You need to either change the Intranet permission set (not recommended), or create a new CodeGroup that uses a membership condition that will match up with your host or assembly evidence that the CLR would grab (like using a Url membership condition with "file://MYNETSERVER/SOMESHARE/*"). Grant that either FullTrust permissions (not recommended; do things right) or the necessary permissions to run. To help administrators know what permissions your code requires, you should attribute your assembly with certain permission requirements (assembly-level attributes). You should also be mindful that your code may not be granted optional permissions and should check for
SecurityExceptions accordingly (by either catching potential cases, or asserting the permission to see if you can perform a certain action). For that, read Securing Applications[^] in the .NET Framework SDK.Microsoft MVP, Visual C# My Articles
-
The Common Language Runtime (CLR) features Code Access Security - a sandbox environment for .NET, if you will. By default, applications executed from the network (or that use network resources) run without FullTrust permissions. They are limited in what they can do, and local file access is restricted, among many other things. I suggest you first read Understanding .NET Code Access Security[^]. You need to either change the Intranet permission set (not recommended), or create a new CodeGroup that uses a membership condition that will match up with your host or assembly evidence that the CLR would grab (like using a Url membership condition with "file://MYNETSERVER/SOMESHARE/*"). Grant that either FullTrust permissions (not recommended; do things right) or the necessary permissions to run. To help administrators know what permissions your code requires, you should attribute your assembly with certain permission requirements (assembly-level attributes). You should also be mindful that your code may not be granted optional permissions and should check for
SecurityExceptions accordingly (by either catching potential cases, or asserting the permission to see if you can perform a certain action). For that, read Securing Applications[^] in the .NET Framework SDK.Microsoft MVP, Visual C# My Articles
Heath Stewart wrote: or create a new CodeGroup that uses a membership condition that will match up with your host or assembly evidence that the CLR would grab (like using a Url membership condition with "file://MYNETSERVER/SOMESHARE/*"). Grant that either FullTrust permissions (not recommended; do things right) or the necessary permissions to run. Yikes, I've read through the article a few times and still don't quite see what you mean by this. Some of these follow-up questions are probably still due to my misunterstanding but here they are none the less. Can I just grant the program the "fulltrust" or permissions it needs no matter where it's being run from? Cause the file could be run from anywhere on our network. Not a specific location, I just can't seem to figure out how to do this? Is it an assembly directive? It seems like creating a codegroup is just for the local machine and not everyone which is bad for 100+ people that would be running this. P.S. I added:
[assembly:FileIOPermission(SecurityAction.RequestMinimum, Write="C:\\")]To at least throw an exception when it can't do what it needs to do, I just have no clue how to handle the exception. (Where does it throw to?) This is really wild stuff, Thanks for taking the time to help explain it. -
Heath Stewart wrote: or create a new CodeGroup that uses a membership condition that will match up with your host or assembly evidence that the CLR would grab (like using a Url membership condition with "file://MYNETSERVER/SOMESHARE/*"). Grant that either FullTrust permissions (not recommended; do things right) or the necessary permissions to run. Yikes, I've read through the article a few times and still don't quite see what you mean by this. Some of these follow-up questions are probably still due to my misunterstanding but here they are none the less. Can I just grant the program the "fulltrust" or permissions it needs no matter where it's being run from? Cause the file could be run from anywhere on our network. Not a specific location, I just can't seem to figure out how to do this? Is it an assembly directive? It seems like creating a codegroup is just for the local machine and not everyone which is bad for 100+ people that would be running this. P.S. I added:
[assembly:FileIOPermission(SecurityAction.RequestMinimum, Write="C:\\")]To at least throw an exception when it can't do what it needs to do, I just have no clue how to handle the exception. (Where does it throw to?) This is really wild stuff, Thanks for taking the time to help explain it.An application can only tell the CLR what it needs to run. It can't grant itself permissions; that would defeat the purpose. Do you trust someone just because they say they're trustworthy? I certainly don't. If you use an assembly-level permission attribute, the assembly is not even executed so you can't handle an exception (unless you're a different assembly trying to use a type defined in that assembly, when it's loaded for the first itme - you really have to understand how the CLR works). You can grant your assembly or assemblies FullTrust permission (again, that's a big cop-out and not a very good idea) if you use assembly evidence to match up with membership conditions for a code group. Assembly evidence is strong name identity evidence and publisher (x.509) evidence. If you add a CodeGroup using either of those membership conditions, then your assembly will be granted whatever permission set you choose. If you use host-based evidence like URLs or site, then an assembly matching that evidence will be granted those permissions. A codegroup is installed into a machine's policy, yes, which is why you have to install it onto all machines. This is no different that ActiveX security (what little there is) policies and Java sandbox policies. This can be distributed through Windows Installer packages, batch files, start-up scripts, whatever. Distributing a policy is not hard if you no what you're doing. Don't just read the article; read the other links I gave you as well. The article here on CodeProject explains Code Access Security, but there's more information about setting up code groups and why.
Microsoft MVP, Visual C# My Articles