c# applet IE sandbox
-
In your administrative tools folder (in the Control Panel), use the Microsoft .NET Framework Configuration or Microsoft .NET Framework 1.1 Configuration. Also, it's best to leave the defaults alone but add specific code groups to the appropriate policy (Enterprise, Machine (usually), and User). Tip: for code to be run off the Internet via Internet Explorer (and touchless deployment), you can only use host evidence in your membership conditions (Site, Url) because IEExec doesn't gather assembly evidence like X.509 certificates and what-not.
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----
-
In your administrative tools folder (in the Control Panel), use the Microsoft .NET Framework Configuration or Microsoft .NET Framework 1.1 Configuration. Also, it's best to leave the defaults alone but add specific code groups to the appropriate policy (Enterprise, Machine (usually), and User). Tip: for code to be run off the Internet via Internet Explorer (and touchless deployment), you can only use host evidence in your membership conditions (Site, Url) because IEExec doesn't gather assembly evidence like X.509 certificates and what-not.
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----
Did you used .NET Framework 1.0 before? I think I got out of the sendbox with a my custom control. I ran this code and it works (and I think it shouldn't work):
private void button1_Click(object sender, System.EventArgs e) { try { OpenFileDialog dialog = new OpenFileDialog(); if(dialog.ShowDialog() == DialogResult.OK) { System.IO.StreamReader r = new System.IO.StreamReader(dialog.OpenFile()); MessageBox.Show(r.ReadToEnd()); } } catch(Exception ex) { MessageBox.Show(ex.StackTrace); } }I opened a file from the disk. Sergiu. -
Did you used .NET Framework 1.0 before? I think I got out of the sendbox with a my custom control. I ran this code and it works (and I think it shouldn't work):
private void button1_Click(object sender, System.EventArgs e) { try { OpenFileDialog dialog = new OpenFileDialog(); if(dialog.ShowDialog() == DialogResult.OK) { System.IO.StreamReader r = new System.IO.StreamReader(dialog.OpenFile()); MessageBox.Show(r.ReadToEnd()); } } catch(Exception ex) { MessageBox.Show(ex.StackTrace); } }I opened a file from the disk. Sergiu.Yeah, I'm a software architect and have done research deep into the frameworks. It depends from where you're running your code. If you're running it locally, local assemblies have FullTrust which means they can do anything. From a network share, some things are allowed. Just look at the code group - taking into account the appropriate membership conditions - and you'll see what is and what isn't allowed.
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----