Permissions Exception with client-side execution of a C# user control and dependent assembly
-
Keywords: client-side execution of a C# user control, security permissions, code groups, strongname. Level: advanced I have a problem with security settings getting a downloaded dependent assembly to run client-side in a web page. The error is: "Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c61934e089 failed." I can't seem to find a narrow enough security/permission settings. Introducing my environment: I'm working on getting a payment device, ATM or whatever it is called in your country (Dutch: PIN apparaat) to work from a Internet Explorer client in an intranet WEB application. - The device is connected to a webterminal PC (COM1 port). The PC has the .Net framework installed. - The two assemblies involved reside on the intranet webserver and are downloaded by Internet Explorer when the HTML page is rendered. I have a Forms.Control derived class in assembly PINControl.dll. The assembly is in the same webfolder as the test.html file which contains an object tag to download the assembly from the webserver and invoke the control client-side: The control loads and starts up just fine and displays some debugging information so I can monitor execution (the control is supposed to run faceless later on and just communicate with the payment device). The control also depends on another assembly Pin.dll, which contains the communication and application level logic to handle a payment transaction using the payment device. So there are TWO assemblies involved: the forms control and the payment logic assembly. Using javascript in test.html, a transaction is initiated (execution blocks while PIN.Transact is working) function Transact() { //var bedrag = document.all.bedrag.value; var amount = 10.50; if (PIN.Transact(amount)) alert("SUCCESS"); else alert("FAILURE"); } Both assemblies have strong names (using different keys) and use the [assembly: System.Security.AllowPartiallyTrustedCallers] attribute. The whole environment ONLY works when the LocalIntranet_Zone CodeGroup has a FullTrust for the ZoneMembershipCondition LocalIntranet zone or URLMembershipCondition "http://localhost/\*". I don't like the idea of fully trusting every assembly that comes from the server (for now locally). Also, to limit per
-
Keywords: client-side execution of a C# user control, security permissions, code groups, strongname. Level: advanced I have a problem with security settings getting a downloaded dependent assembly to run client-side in a web page. The error is: "Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c61934e089 failed." I can't seem to find a narrow enough security/permission settings. Introducing my environment: I'm working on getting a payment device, ATM or whatever it is called in your country (Dutch: PIN apparaat) to work from a Internet Explorer client in an intranet WEB application. - The device is connected to a webterminal PC (COM1 port). The PC has the .Net framework installed. - The two assemblies involved reside on the intranet webserver and are downloaded by Internet Explorer when the HTML page is rendered. I have a Forms.Control derived class in assembly PINControl.dll. The assembly is in the same webfolder as the test.html file which contains an object tag to download the assembly from the webserver and invoke the control client-side: The control loads and starts up just fine and displays some debugging information so I can monitor execution (the control is supposed to run faceless later on and just communicate with the payment device). The control also depends on another assembly Pin.dll, which contains the communication and application level logic to handle a payment transaction using the payment device. So there are TWO assemblies involved: the forms control and the payment logic assembly. Using javascript in test.html, a transaction is initiated (execution blocks while PIN.Transact is working) function Transact() { //var bedrag = document.all.bedrag.value; var amount = 10.50; if (PIN.Transact(amount)) alert("SUCCESS"); else alert("FAILURE"); } Both assemblies have strong names (using different keys) and use the [assembly: System.Security.AllowPartiallyTrustedCallers] attribute. The whole environment ONLY works when the LocalIntranet_Zone CodeGroup has a FullTrust for the ZoneMembershipCondition LocalIntranet zone or URLMembershipCondition "http://localhost/\*". I don't like the idea of fully trusting every assembly that comes from the server (for now locally). Also, to limit per
Working on a intranet webbased Information System, I have a device connected to the COM1 port of one of the clients. Assembly Pin.dll contains all logic to communicate to and handle the device's messages. Assembly PinControl.dll contains a Forms.Control derived control. This control is used client-side in an Internet Explorer webpage (and it uses Pin.dll). THE QUESTION What security permissions, codegroups and measures to I need to take to ONLY allow these two assemblies to run on an intranet IE client, preferably only from the designated Intranet webserver? VictorV
-
Keywords: client-side execution of a C# user control, security permissions, code groups, strongname. Level: advanced I have a problem with security settings getting a downloaded dependent assembly to run client-side in a web page. The error is: "Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c61934e089 failed." I can't seem to find a narrow enough security/permission settings. Introducing my environment: I'm working on getting a payment device, ATM or whatever it is called in your country (Dutch: PIN apparaat) to work from a Internet Explorer client in an intranet WEB application. - The device is connected to a webterminal PC (COM1 port). The PC has the .Net framework installed. - The two assemblies involved reside on the intranet webserver and are downloaded by Internet Explorer when the HTML page is rendered. I have a Forms.Control derived class in assembly PINControl.dll. The assembly is in the same webfolder as the test.html file which contains an object tag to download the assembly from the webserver and invoke the control client-side: The control loads and starts up just fine and displays some debugging information so I can monitor execution (the control is supposed to run faceless later on and just communicate with the payment device). The control also depends on another assembly Pin.dll, which contains the communication and application level logic to handle a payment transaction using the payment device. So there are TWO assemblies involved: the forms control and the payment logic assembly. Using javascript in test.html, a transaction is initiated (execution blocks while PIN.Transact is working) function Transact() { //var bedrag = document.all.bedrag.value; var amount = 10.50; if (PIN.Transact(amount)) alert("SUCCESS"); else alert("FAILURE"); } Both assemblies have strong names (using different keys) and use the [assembly: System.Security.AllowPartiallyTrustedCallers] attribute. The whole environment ONLY works when the LocalIntranet_Zone CodeGroup has a FullTrust for the ZoneMembershipCondition LocalIntranet zone or URLMembershipCondition "http://localhost/\*". I don't like the idea of fully trusting every assembly that comes from the server (for now locally). Also, to limit per
(got it after much, much,much reading and trying) VictorV