Falied to grand permission when host a .NET control in IE web page

[Lei Jiang]

I have a winform control hosted in IE web page. When the client side is
Win2000, the page works ok. However, when I view the page from Win2003, it
shows nothing. I could find some error message from the "Temporary Internet
Files" folder :

***** IEHOST Error Log (Tuesday, 06 July 2004 14:14) *****



URL: http://10.147.130.245/dwmweb/Flag.DWM.dll
Zone: 3
Assembly Name: Flag.DWM.dll
Type Name: Flag.DWM.TabDWMControl



----- Thrown Exception -----


System.Reflection.TargetInvocationException: Exception has been thrown by
the target of an invocation. ---> System.IO.FileLoadException: Failed to
grant required minimum permissions to assembly 'MagicLibrary,
Version=1.7.4.0, Culture=neutral, PublicKeyToken=null'.
File name: 'MagicLibrary, Version=1.7.4.0, Culture=neutral,
PublicKeyToken=null' ---> System.Security.Policy.PolicyException: Required
permissions can not be acquired.
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Boolean checkExecutionPermission)
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Int32& grantedIsUnrestricted, Boolean
checkExecutionPermission)
at Flag.DWM.TabDWMControl..ctor()
--- End of inner exception stack trace ---
at System.AppDomain.CreateComInstanceFrom(String assemblyFile, String
typeName, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32 dwFlag,
Int32 dwZone, String pURL, String uniqueIdString, String link, String
licenses)

Pages from other web site can be correctly viewed in my Win2003 machine.I
checked the MagicLibrary.dll and found it has a lot of interop code to
access User32.dll and GDI32.dll. Is that the reason? How to configure my
machine to view the page?Thanks!

 

[M. Zeeshan Mustafa]

Lei,

On your windows 2003 box, you have to set permissions
for 'http://10.147.130.245/dwmweb/Flag.DWM.dll' to execute on
your system under .NET Framework.

First have a look at:
http://support.microsoft.com/?id=311295

and do this:

<quote>
1.. Start the .NET Framework configuration tool, Mscorcfg.msc.
2.. Expand each element in the following path:
My Computer/Runtime Security Policy/Machine/Code Groups/All
Code/LocalIntranet_Zone

Right-click the LocalIntranet_Zone node, and then click new.
3.. Name the new code group TestVBNetCtrl, and then click Next to display
the Choose a condition type dialog box.
4.. Select URL as the condition type, and then type http://ServerName/* in
the URL box.
5.. Click Next to proceed to the Assign a Permission Set to the Code Group
dialog box.
6.. Click Use existing permission set, click FullTrust, and then click
Next to finish.
</quote>

--
Hope this helps,
Zeeshan Mustafa, MCSD

I have a winform control hosted in IE web page. When the client side is
Win2000, the page works ok. However, when I view the page from Win2003, it
shows nothing. I could find some error message from the "Temporary Internet
Files" folder :

***** IEHOST Error Log (Tuesday, 06 July 2004 14:14) *****



URL: http://10.147.130.245/dwmweb/Flag.DWM.dll
Zone: 3
Assembly Name: Flag.DWM.dll
Type Name: Flag.DWM.TabDWMControl



----- Thrown Exception -----


System.Reflection.TargetInvocationException: Exception has been thrown by
the target of an invocation. ---> System.IO.FileLoadException: Failed to
grant required minimum permissions to assembly 'MagicLibrary,
Version=1.7.4.0, Culture=neutral, PublicKeyToken=null'.
File name: 'MagicLibrary, Version=1.7.4.0, Culture=neutral,
PublicKeyToken=null' ---> System.Security.Policy.PolicyException: Required
permissions can not be acquired.
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Boolean checkExecutionPermission)
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Int32& grantedIsUnrestricted, Boolean
checkExecutionPermission)
at Flag.DWM.TabDWMControl..ctor()
--- End of inner exception stack trace ---
at System.AppDomain.CreateComInstanceFrom(String assemblyFile, String
typeName, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32 dwFlag,
Int32 dwZone, String pURL, String uniqueIdString, String link, String
licenses)

Pages from other web site can be correctly viewed in my Win2003 machine.I
checked the MagicLibrary.dll and found it has a lot of interop code to
access User32.dll and GDI32.dll. Is that the reason? How to configure my
machine to view the page?Thanks!

 

[Lei Jiang]

Of course I have configured that. It can't solve the problem.

All the Win2000 client can run it after being configured(just as stated in
the document), but Win2003 client failed in the same situation.

Lei,

On your windows 2003 box, you have to set permissions
for 'http://10.147.130.245/dwmweb/Flag.DWM.dll' to execute on
your system under .NET Framework.

First have a look at:
http://support.microsoft.com/?id=311295

and do this:

<quote>
1.. Start the .NET Framework configuration tool, Mscorcfg.msc.
2.. Expand each element in the following path:
My Computer/Runtime Security Policy/Machine/Code Groups/All
Code/LocalIntranet_Zone

Right-click the LocalIntranet_Zone node, and then click new.
3.. Name the new code group TestVBNetCtrl, and then click Next to display
the Choose a condition type dialog box.
4.. Select URL as the condition type, and then type http://ServerName/* in
the URL box.
5.. Click Next to proceed to the Assign a Permission Set to the Code Group
dialog box.
6.. Click Use existing permission set, click FullTrust, and then click
Next to finish.
</quote>

--
Hope this helps,
Zeeshan Mustafa, MCSD

I have a winform control hosted in IE web page. When the client side is
Win2000, the page works ok. However, when I view the page from Win2003, it
shows nothing. I could find some error message from the "Temporary Internet
Files" folder :

***** IEHOST Error Log (Tuesday, 06 July 2004 14:14) *****



URL: http://10.147.130.245/dwmweb/Flag.DWM.dll
Zone: 3
Assembly Name: Flag.DWM.dll
Type Name: Flag.DWM.TabDWMControl



----- Thrown Exception -----


System.Reflection.TargetInvocationException: Exception has been thrown by
the target of an invocation. ---> System.IO.FileLoadException: Failed to
grant required minimum permissions to assembly 'MagicLibrary,
Version=1.7.4.0, Culture=neutral, PublicKeyToken=null'.
File name: 'MagicLibrary, Version=1.7.4.0, Culture=neutral,
PublicKeyToken=null' ---> System.Security.Policy.PolicyException: Required
permissions can not be acquired.
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Boolean checkExecutionPermission)
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Int32& grantedIsUnrestricted, Boolean
checkExecutionPermission)
at Flag.DWM.TabDWMControl..ctor()
--- End of inner exception stack trace ---
at System.AppDomain.CreateComInstanceFrom(String assemblyFile, String
typeName, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32 dwFlag,
Int32 dwZone, String pURL, String uniqueIdString, String link, String
licenses)

Pages from other web site can be correctly viewed in my Win2003 machine.I
checked the MagicLibrary.dll and found it has a lot of interop code to
access User32.dll and GDI32.dll. Is that the reason? How to configure my
machine to view the page?Thanks!

 

[M. Zeeshan Mustafa]

The problem is as it clearly states in error message that permissions
by Flag.DWM.dll cannot be granted (inherited) to MagicLibrary.

Only fully trusted callers (assemblies) can use strong named assemblies,
unless AllowPartiallyTrustedCallersAttribute is used in sn assemblies
to allow partially trusted callers.

If you give partial trust to your assembly, and your
assembly is calling an assembly which is Full-Trust only assembly,
you may receive exception.

Try giving full-trust permissions to MagicLibrary explicitly...

--
Hope this helps,
Zeeshan Mustafa, MCSD

Of course I have configured that. It can't solve the problem.

All the Win2000 client can run it after being configured(just as stated in
the document), but Win2003 client failed in the same situation.

Lei,

On your windows 2003 box, you have to set permissions
for 'http://10.147.130.245/dwmweb/Flag.DWM.dll' to execute on
your system under .NET Framework.

First have a look at:
http://support.microsoft.com/?id=311295

and do this:

<quote>
1.. Start the .NET Framework configuration tool, Mscorcfg.msc.
2.. Expand each element in the following path:
My Computer/Runtime Security Policy/Machine/Code Groups/All
Code/LocalIntranet_Zone

Right-click the LocalIntranet_Zone node, and then click new.
3.. Name the new code group TestVBNetCtrl, and then click Next to display
the Choose a condition type dialog box.
4.. Select URL as the condition type, and then type

http://ServerName/*

in
the URL box.
5.. Click Next to proceed to the Assign a Permission Set to the Code Group
dialog box.
6.. Click Use existing permission set, click FullTrust, and then click
Next to finish.
</quote>

Win2003,

it

shows nothing. I could find some error message from the "Temporary Internet
Files" folder :

***** IEHOST Error Log (Tuesday, 06 July 2004 14:14) *****



URL: http://10.147.130.245/dwmweb/Flag.DWM.dll
Zone: 3
Assembly Name: Flag.DWM.dll
Type Name: Flag.DWM.TabDWMControl



----- Thrown Exception -----


System.Reflection.TargetInvocationException: Exception has been thrown by
the target of an invocation. ---> System.IO.FileLoadException: Failed to
grant required minimum permissions to assembly 'MagicLibrary,
Version=1.7.4.0, Culture=neutral, PublicKeyToken=null'.
File name: 'MagicLibrary, Version=1.7.4.0, Culture=neutral,
PublicKeyToken=null' ---> System.Security.Policy.PolicyException: Required
permissions can not be acquired.
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Boolean checkExecutionPermission)
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Int32& grantedIsUnrestricted, Boolean
checkExecutionPermission)
at Flag.DWM.TabDWMControl..ctor()
--- End of inner exception stack trace ---
at System.AppDomain.CreateComInstanceFrom(String assemblyFile, String
typeName, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32 dwFlag,
Int32 dwZone, String pURL, String uniqueIdString, String link, String
licenses)

Pages from other web site can be correctly viewed in my Win2003 machine.I
checked the MagicLibrary.dll and found it has a lot of interop code to
access User32.dll and GDI32.dll. Is that the reason? How to configure my
machine to view the page?Thanks!

 

[Lei Jiang]

Thanks. But none of these assemblies is strong named assembly.

BTW: How to give full-trust permissions to MagicLibrary explicitly?

The problem is as it clearly states in error message that permissions
by Flag.DWM.dll cannot be granted (inherited) to MagicLibrary.

Only fully trusted callers (assemblies) can use strong named assemblies,
unless AllowPartiallyTrustedCallersAttribute is used in sn assemblies
to allow partially trusted callers.

If you give partial trust to your assembly, and your
assembly is calling an assembly which is Full-Trust only assembly,
you may receive exception.

Try giving full-trust permissions to MagicLibrary explicitly...

--
Hope this helps,
Zeeshan Mustafa, MCSD

Of course I have configured that. It can't solve the problem.

All the Win2000 client can run it after being configured(just as stated in
the document), but Win2003 client failed in the same situation.

http://ServerName/* Win2003, thrown
by

Failed

to

grant required minimum permissions to assembly 'MagicLibrary,
Version=1.7.4.0, Culture=neutral, PublicKeyToken=null'.
File name: 'MagicLibrary, Version=1.7.4.0, Culture=neutral,
PublicKeyToken=null' ---> System.Security.Policy.PolicyException: Required
permissions can not be acquired.
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Boolean checkExecutionPermission)
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Int32& grantedIsUnrestricted, Boolean
checkExecutionPermission)
at Flag.DWM.TabDWMControl..ctor()
--- End of inner exception stack trace ---
at System.AppDomain.CreateComInstanceFrom(String assemblyFile, String
typeName, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32 dwFlag,
Int32 dwZone, String pURL, String uniqueIdString, String link, String
licenses)

Pages from other web site can be correctly viewed in my Win2003 machine.I
checked the MagicLibrary.dll and found it has a lot of interop code to
access User32.dll and GDI32.dll. Is that the reason? How to

configure

my

 

[M. Zeeshan Mustafa]

Give full trust permissions to your assembly, and it should
be inherited by MagicLibrary.

--
Hope this helps,
Zeeshan Mustafa, MCSD

Thanks. But none of these assemblies is strong named assembly.

BTW: How to give full-trust permissions to MagicLibrary explicitly?

The problem is as it clearly states in error message that permissions
by Flag.DWM.dll cannot be granted (inherited) to MagicLibrary.

Only fully trusted callers (assemblies) can use strong named assemblies,
unless AllowPartiallyTrustedCallersAttribute is used in sn assemblies
to allow partially trusted callers.

If you give partial trust to your assembly, and your
assembly is calling an assembly which is Full-Trust only assembly,
you may receive exception.

Try giving full-trust permissions to MagicLibrary explicitly...

stated

in

the document), but Win2003 client failed in the same situation.

"M. Zeeshan Mustafa" <[email protected]> дÈëÏûÏ¢
Lei,

On your windows 2003 box, you have to set permissions
for 'http://10.147.130.245/dwmweb/Flag.DWM.dll' to execute on
your system under .NET Framework.

First have a look at:
http://support.microsoft.com/?id=311295

and do this:

<quote>
1.. Start the .NET Framework configuration tool, Mscorcfg.msc.
2.. Expand each element in the following path:
My Computer/Runtime Security Policy/Machine/Code Groups/All
Code/LocalIntranet_Zone

Right-click the LocalIntranet_Zone node, and then click new.
3.. Name the new code group TestVBNetCtrl, and then click Next to
display
the Choose a condition type dialog box.
4.. Select URL as the condition type, and then type http://ServerName/*
in
the URL box.
5.. Click Next to proceed to the Assign a Permission Set to the Code
Group
dialog box.
6.. Click Use existing permission set, click FullTrust, and then click
Next to finish.
</quote>

--
Hope this helps,
Zeeshan Mustafa, MCSD


I have a winform control hosted in IE web page. When the client

side
is

Win2000, the page works ok. However, when I view the page from Win2003,
it
shows nothing. I could find some error message from the "Temporary
Internet
Files" folder :

***** IEHOST Error Log (Tuesday, 06 July 2004 14:14) *****



URL: http://10.147.130.245/dwmweb/Flag.DWM.dll
Zone: 3
Assembly Name: Flag.DWM.dll
Type Name: Flag.DWM.TabDWMControl



----- Thrown Exception -----


System.Reflection.TargetInvocationException: Exception has been thrown
by
the target of an invocation. ---> System.IO.FileLoadException:

Failed

to
grant required minimum permissions to assembly 'MagicLibrary,
Version=1.7.4.0, Culture=neutral, PublicKeyToken=null'.
File name: 'MagicLibrary, Version=1.7.4.0, Culture=neutral,
PublicKeyToken=null' ---> System.Security.Policy.PolicyException:
Required
permissions can not be acquired.
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Boolean checkExecutionPermission)
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Int32& grantedIsUnrestricted, Boolean
checkExecutionPermission)
at Flag.DWM.TabDWMControl..ctor()
--- End of inner exception stack trace ---
at System.AppDomain.CreateComInstanceFrom(String assemblyFile, String
typeName, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32
dwFlag,
Int32 dwZone, String pURL, String uniqueIdString, String link, String
licenses)

Pages from other web site can be correctly viewed in my Win2003
machine.I
checked the MagicLibrary.dll and found it has a lot of interop

code

to configure

 

[Lei Jiang]

I have give full-trust permissions to the site where the assemblies come
from, that's not enough?

The biggest problem is : why the applications runs in Win2000 smoothly, but
can't be load in Win2003?

Give full trust permissions to your assembly, and it should
be inherited by MagicLibrary.

--
Hope this helps,
Zeeshan Mustafa, MCSD

Thanks. But none of these assemblies is strong named assembly.

BTW: How to give full-trust permissions to MagicLibrary explicitly?

The problem is as it clearly states in error message that permissions
by Flag.DWM.dll cannot be granted (inherited) to MagicLibrary.

Only fully trusted callers (assemblies) can use strong named assemblies,
unless AllowPartiallyTrustedCallersAttribute is used in sn assemblies
to allow partially trusted callers.

If you give partial trust to your assembly, and your
assembly is calling an assembly which is Full-Trust only assembly,
you may receive exception.

Try giving full-trust permissions to MagicLibrary explicitly...

--
Hope this helps,
Zeeshan Mustafa, MCSD



Of course I have configured that. It can't solve the problem.

All the Win2000 client can run it after being configured(just as

stated

in
the document), but Win2003 client failed in the same situation.

"M. Zeeshan Mustafa" <[email protected]> дÈëÏûÏ¢
Lei,

On your windows 2003 box, you have to set permissions
for 'http://10.147.130.245/dwmweb/Flag.DWM.dll' to execute on
your system under .NET Framework.

First have a look at:
http://support.microsoft.com/?id=311295

and do this:

<quote>
1.. Start the .NET Framework configuration tool, Mscorcfg.msc.
2.. Expand each element in the following path:
My Computer/Runtime Security Policy/Machine/Code Groups/All
Code/LocalIntranet_Zone

Right-click the LocalIntranet_Zone node, and then click new.
3.. Name the new code group TestVBNetCtrl, and then click Next to
display
the Choose a condition type dialog box.
4.. Select URL as the condition type, and then type
http://ServerName/*
in
the URL box.
5.. Click Next to proceed to the Assign a Permission Set to the Code
Group
dialog box.
6.. Click Use existing permission set, click FullTrust, and then click
Next to finish.
</quote>

--
Hope this helps,
Zeeshan Mustafa, MCSD


I have a winform control hosted in IE web page. When the client side
is
Win2000, the page works ok. However, when I view the page from
Win2003,
it
shows nothing. I could find some error message from the "Temporary
Internet
Files" folder :

***** IEHOST Error Log (Tuesday, 06 July 2004 14:14) *****



URL: http://10.147.130.245/dwmweb/Flag.DWM.dll
Zone: 3
Assembly Name: Flag.DWM.dll
Type Name: Flag.DWM.TabDWMControl



----- Thrown Exception -----


System.Reflection.TargetInvocationException: Exception has been thrown
by
the target of an invocation. ---> System.IO.FileLoadException: Failed
to
grant required minimum permissions to assembly 'MagicLibrary,
Version=1.7.4.0, Culture=neutral, PublicKeyToken=null'.
File name: 'MagicLibrary, Version=1.7.4.0, Culture=neutral,
PublicKeyToken=null' ---> System.Security.Policy.PolicyException:
Required
permissions can not be acquired.
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Boolean checkExecutionPermission)
at System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Int32& grantedIsUnrestricted, Boolean
checkExecutionPermission)
at Flag.DWM.TabDWMControl..ctor()
--- End of inner exception stack trace ---
at System.AppDomain.CreateComInstanceFrom(String assemblyFile,
String
typeName, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
at Microsoft.IE.SecureFactory.CreateInstanceWithSecurity(Int32
dwFlag,
Int32 dwZone, String pURL, String uniqueIdString, String link, String
licenses)

Pages from other web site can be correctly viewed in my Win2003
machine.I
checked the MagicLibrary.dll and found it has a lot of interop

code

to
access User32.dll and GDI32.dll. Is that the reason? How to configure
my
machine to view the page?Thanks!