Trying to run in partial trust (getting a PolicyException)

David Thielen · Nov 6, 2006

Hi;

I am trying to run in partial trust and it will not load my assembly. Can
anyone point me at what the problem is here? Our code is 100% managed code,
strongly named & signed, and I don't think we require any permissions that
would cause a problem.

Required permissions cannot be acquired.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.

Exception Details: System.Security.Policy.PolicyException: Required
permissions cannot be acquired.

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:

[PolicyException: Required permissions cannot be acquired.]
System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Boolean checkExecutionPermission) +2737589
System.Security.SecurityManager.ResolvePolicy(Evidence evidence,
PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset,
PermissionSet& denied, Int32& securitySpecialFlags, Boolean
checkExecutionPermission) +57

[FileLoadException: Could not load file or assembly 'WindwardReports,
Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53' or one of
its dependencies. Failed to grant minimum permission requests. (Exception
from HRESULT: 0x80131417)]
System.Reflection.Assembly.nLoad(AssemblyName fileName, String codeBase,
Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark,
Boolean throwOnFileNotFound, Boolean forIntrospection) +0
System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef,
Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean
forIntrospection) +211
System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence
assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +141
System.Reflection.Assembly.Load(String assemblyString) +25
System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String
assemblyName, Boolean starDirective) +32

[ConfigurationErrorsException: Could not load file or assembly
'WindwardReports, Version=4.1.35.0, Culture=neutral,
PublicKeyToken=34ffe15f4bbb8e53' or one of its dependencies. Failed to grant
minimum permission requests. (Exception from HRESULT: 0x80131417)]
System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String
assemblyName, Boolean starDirective) +596

System.Web.Configuration.CompilationSection.LoadAllAssembliesFromAppDomainBinDirectory() +3487257
System.Web.Configuration.CompilationSection.LoadAssembly(AssemblyInfo ai)
+46

System.Web.Compilation.BuildManager.GetReferencedAssemblies(CompilationSection compConfig) +177
System.Web.Compilation.WebDirectoryBatchCompiler..ctor(VirtualDirectory
vdir) +267

System.Web.Compilation.BuildManager.BatchCompileWebDirectoryInternal(VirtualDirectory vdir, Boolean ignoreErrors) +36

System.Web.Compilation.BuildManager.BatchCompileWebDirectory(VirtualDirectory
vdir, VirtualPath virtualDir, Boolean ignoreErrors) +429
System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath
virtualPath) +73

System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath
virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean
allowBuildInPrecompile) +580

System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext
context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp,
Boolean allowBuildInPrecompile) +93

System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath
virtualPath, HttpContext context, Boolean allowCrossApp, Boolean noAssert)
+111

System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath
virtualPath, Type requiredBaseType, HttpContext context, Boolean
allowCrossApp, Boolean noAssert) +54
System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context,
String requestType, VirtualPath virtualPath, String physicalPath) +31

System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext
context, String requestType, VirtualPath virtualPath, String physicalPath) +40
System.Web.HttpApplication.MapHttpHandler(HttpContext context, String
requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig)
+139

System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +120
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +155

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Steven Cheng[MSFT] · Nov 7, 2006

Hello Dave,

From your description, you have changed the trust level of your ASP.NET web
application(to partial trust) and now you'll encounter .net CAS permission
error when try running the application ,correct?

Based on the exception callstack and message you provided, the problem is
caused by the following assembly:

==============
Could not load file or assembly 'WindwardReports,
Version=4.1.35.0, Culture=neutral, PublicKeyToken=34ffe15f4bbb8e53' or one
of
its dependencies.
==============

The minimal requested permissions are violating the host environment's
trust level. I think you can check the permission through the following two
steps:

** Verify your current ASP.NET application's trust level(high or medium
or...) and find that level's policy file(in framework's config folder
----C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) and verify
whether that assembly contains any code that violate the CAS permissionset
allowed in that policy.

** for assembly, .net 2.0 provide the permcalc.exe tool which can help
verify the minimum permission sandbox in which an application can run.

#Permission Calculator Tool (Permcalc.exe)
http://msdn2.microsoft.com/en-us/library/ms165077(VS.80).aspx

e.g.

Permcalc.exe -sandbox mylib.dll

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

David Thielen · Nov 7, 2006

Ok, this is what I got. How do I find out which are a problem in a partially
trusted system?

<Sandbox>
<PermissionSet version="1" class="System.Security.PermissionSet">
<IPermission version="1"
class="System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.ReflectionPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="MemberAccess" />
<IPermission version="1"
class="System.Security.Permissions.RegistryPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.SecurityPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
<IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
version="1" class="System.Security.Permissions.UIPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<IPermission version="1"
class="System.Security.Permissions.KeyContainerPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1" class="System.Net.SocketPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1" class="System.Net.DnsPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
</PermissionSet>
</Sandbox>

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

David Thielen · Nov 7, 2006

Hi again;

How do I find where something is needed. For example, WindwardReports is a
library and some of the methods accept a file stream. But those methods do
not need to be used. So how do I figure out where
System.Security.Permissions.FileIOPermission is required in it?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Dominick Baier · Nov 7, 2006

where does <Sandbox> come from?

David Thielen · Nov 7, 2006

It's the output from Permcalc.exe -sandbox mylib.dll

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Dominick Baier · Nov 8, 2006

ah - sorry - should have read the whole thread..

do you have any RequestMinimum attributes in your assembly?

Steven Cheng[MSFT] · Nov 8, 2006

Hi Dave,

If the following output is generated through -sandbox option, that means
these are the minimual CAS permissions demanded by your assembly(for
calling appdomain).

===============
<Sandbox>
<PermissionSet version="1" class="System.Security.PermissionSet">
<IPermission version="1"
class="System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.ReflectionPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="MemberAccess" />
<IPermission version="1"
class="System.Security.Permissions.RegistryPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.SecurityPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
<IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
version="1" class="System.Security.Permissions.UIPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<IPermission version="1"
class="System.Security.Permissions.KeyContainerPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1" class="System.Net.SocketPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1" class="System.Net.DnsPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
</PermissionSet>
</Sandbox>

=========================
I am still wondering how does you change your ASP.NET application's trust
level, which leve has you set for the application currently? For a given
trust level, you can view its trust policy file for the available CAS
permissions of that trust level.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

David Thielen · Nov 8, 2006

I have the below in AssemblyInfo.jsl (this is a J# app). I did a grep for
RequestMinimum and the two items below were the only uses in all of my code.

I assume the Dns and Socket permissions are the only ones that matter - but
the original email in this thread lists a lot more items it has problems
with. Also three questions about the request minimum.

1: In a partially trusted environment can it be set to allow these?

2: I only need udp access on a single port - can the SocketPermission be set
to that? I looked but could not find how to set options for this.

3: I only need DNS to get the name of the host system so same question - can
I reduce what this asks for?

/** @assembly AssemblyTitle("WindwardReports") */
/** @assembly AssemblyDescription("Windward Reports .net Reporting Engine") */
/** @assembly AssemblyCompany("Windward Studios, Inc.") */
/** @assembly AssemblyProduct("WindwardReports") */
/** @assembly AssemblyCopyright("Copyright Â© Windward Studios, Inc. 2005,
All Rights Reserved") */
/** @assembly AssemblyTrademark("") */
/** @assembly AssemblyCulture("") */

/** @assembly ComVisible(false) */
/** @assembly CLSCompliant(false) */

/** @assembly AssemblyDelaySign(false) */
/** @assembly AssemblyKeyFile("keypair.snk") */
/** @assembly AssemblyKeyName("") */

/** @assembly AssemblyVersion("4.1.40.0") */

// ones we need for license check
/** @assembly SocketPermission(SecurityAction.RequestMinimum, Unrestricted =
true) */
/** @assembly DnsPermission(SecurityAction.RequestMinimum, Unrestricted =
true) */

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Steven Cheng[MSFT] · Nov 9, 2006

Hello Dave,

What's your current trust level setting for your ASP.NET web application?

=============
..........
<trust level="xxxx"/>
</system.web>
</configuration>
===============

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

David Thielen · Nov 14, 2006

Hi;

He says it is similiar to medium trust and here is his config file. I tried
to figure out what is going on but I couldn't find a good explination
anywhere - I think I just don't understand this well (yet).

<configuration>
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition"
Description="System.Security.Policy.AllMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="AspNetHostingPermission"
Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ConfigurationPermission"
Description="System.Configuration.ConfigurationPermission,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="DnsPermission"
Description="System.Net.DnsPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="EnvironmentPermission"
Description="System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FileIOPermission"
Description="System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FirstMatchCodeGroup"
Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="IsolatedStorageFilePermission"
Description="System.Security.Permissions.IsolatedStorageFilePermission,
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="NamedPermissionSet"
Description="System.Security.NamedPermissionSet"/>
<SecurityClass Name="OleDbPermission"
Description="System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="PrintingPermission"
Description="System.Drawing.Printing.PrintingPermission, System.Drawing,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="ReflectionPermission"
Description="System.Security.Permissions.ReflectionPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="RegistryPermission"
Description="System.Security.Permissions.RegistryPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SecurityPermission"
Description="System.Security.Permissions.SecurityPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SmtpPermission"
Description="System.Net.Mail.SmtpPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SocketPermission"
Description="System.Net.SocketPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SqlClientPermission"
Description="System.Data.SqlClient.SqlClientPermission, System.Data,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="StrongNameMembershipCondition"
Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UnionCodeGroup"
Description="System.Security.Policy.UnionCodeGroup, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UrlMembershipCondition"
Description="System.Security.Policy.UrlMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="WebPermission"
Description="System.Net.WebPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ZoneMembershipCondition"
Description="System.Security.Policy.ZoneMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>
<NamedPermissionSets>
<PermissionSet
class="NamedPermissionSet"
version="1"
Unrestricted="true"
Name="FullTrust"
Description="Allows full access to all
resources"
/>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="Nothing"
Description="Denies all resources, including
the right to execute"
/>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="ASP.Net">
<IPermission
class="AspNetHostingPermission"
version="1"
Level="Medium"
/>
<IPermission
class="ConfigurationPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="DnsPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="EnvironmentPermission"
version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"
/>
<IPermission
class="FileIOPermission"
version="1"
Read="$AppDir$"
Write="$AppDir$"
Append="$AppDir$"
PathDiscovery="$AppDir$"
/>
<IPermission
class="IsolatedStorageFilePermission"
version="1"
Allowed="AssemblyIsolationByUser"
UserQuota="9223372036854775807"
/>
<IPermission
class="OleDbPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="PrintingPermission"
version="1"
Level="DefaultPrinting"
/>
<IPermission
class="ReflectionPermission"
version="1"
Flags="ReflectionEmit, TypeInformation,
MemberAccess"
/>
<IPermission
class="SecurityPermission"
version="1"
Flags="Assertion, Execution,
ControlThread, ControlPrincipal, RemotingConfiguration"
/>
<IPermission
class="SmtpPermission"
version="1"
Access="Connect"
/>
<IPermission
class="SqlClientPermission"
version="1"
Unrestricted="true"
/>
<IPermission
class="WebPermission"
version="1"
Unrestricted="true"
/>
</PermissionSet>
</NamedPermissionSets>
<CodeGroup
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Nothing">
<IMembershipCondition
class="AllMembershipCondition"
version="1"
/>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="ASP.Net">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/*"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="ASP.Net">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$CodeGen$/*"
/>
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="Nothing">
<IMembershipCondition
class="ZoneMembershipCondition"
version="1"
Zone="MyComputer" />
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Microsoft_Strong_Name"
Description="This code group grants code
signed with the Microsoft strong name full trust. ">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"

PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Ecma_Strong_Name"
Description="This code group grants code
signed with the ECMA strong name full trust. ">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"

PublicKeyBlob="00000000000000000400000000000000"
/>
</CodeGroup>
</CodeGroup>
</CodeGroup>
</PolicyLevel>
</policy>
</security>
</mscorlib>
</configuration>

Steven Cheng[MSFT] · Nov 15, 2006

Thanks for your reply Dave,

This policy file is very informative for analyzie the CAS permission issue
here.

From the policy file ,you can get that the main ASP.NET specific
permissions are defined in the following permissionSet:

==========================
<PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net">
<IPermission class="AspNetHostingPermission" version="1"
Level="Medium" />
<IPermission class="ConfigurationPermission" version="1"
Unrestricted="true" />
<IPermission class="DnsPermission" version="1" Unrestricted="true" />
<IPermission class="EnvironmentPermission" version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
<IPermission class="FileIOPermission" version="1" Read="$AppDir$"
Write="$AppDir$" Append="$AppDir$"
PathDiscovery="$AppDir$" />
<IPermission class="IsolatedStorageFilePermission" version="1"
Allowed="AssemblyIsolationByUser"
UserQuota="9223372036854775807" />
<IPermission class="OleDbPermission" version="1" Unrestricted="true"
/>
<IPermission class="PrintingPermission" version="1"
Level="DefaultPrinting" />
<IPermission class="ReflectionPermission" version="1"
Flags="ReflectionEmit, TypeInformation,
MemberAccess" />
<IPermission class="SecurityPermission" version="1"
Flags="Assertion, Execution,
ControlThread, ControlPrincipal, RemotingConfiguration" />
<IPermission class="SmtpPermission" version="1" Access="Connect" />
<IPermission class="SqlClientPermission" version="1"
Unrestricted="true" />
<IPermission class="WebPermission" version="1" Unrestricted="true" />
</PermissionSet>
==========================

you can find that there are serveral permission that is quite restricted,
e.g.

==============
<IPermission class="EnvironmentPermission" version="1"
Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
<IPermission class="FileIOPermission" version="1" Read="$AppDir$"
Write="$AppDir$" Append="$AppDir$"
PathDiscovery="$AppDir$" />

<IPermission class="SecurityPermission" version="1" Flags="Assertion,
Execution,
ControlThread, ControlPrincipal, RemotingConfiguration" />
==================

However, from the minmal permission set you checked through the
PermCalc.exe in former reply(as below), there have some items violate the
policy's permission set:

=====================
<Sandbox>
<PermissionSet version="1" class="System.Security.PermissionSet">
<IPermission version="1"
class="System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.ReflectionPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="MemberAccess" />
<IPermission version="1"
class="System.Security.Permissions.RegistryPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1"
class="System.Security.Permissions.SecurityPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="UnmanagedCode, Execution, ControlThread, ControlEvidence" />
<IPermission Window="SafeSubWindows" Clipboard="OwnClipboard"
version="1" class="System.Security.Permissions.UIPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<IPermission version="1"
class="System.Security.Permissions.KeyContainerPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1" class="System.Net.SocketPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
<IPermission version="1" class="System.Net.DnsPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
</PermissionSet>
</Sandbox>
=================================

I think this should be the problem here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

David Thielen · Nov 15, 2006

Hi;

Ok, that makes sense. To keep this simple, can you help me figure out this
one and then I think I can take it from there. It says I need:
<IPermission version="1"
class="System.Security.Permissions.FileIOPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />

The library does have file calls - but no where do I say that it must be
able to read/write anywhere. And it is easy to use the library with no file
I/O. How do I set it so that it does not require this permission?

I thought by not setting any requirements all permissions were optional, not
demanded by my dll.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

David Thielen · Nov 17, 2006

Asking again - can anyone point me at what I should be looking at?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Dominick Baier · Nov 17, 2006

from that:

// ones we need for license check
/** @assembly SocketPermission(SecurityAction.RequestMinimum, Unrestricted =
true) */
/** @assembly DnsPermission(SecurityAction.RequestMinimum, Unrestricted =
true) */

it looks like you are requesting permissions which are not included in your
permission set - add socketperm to the permission set in the policy file...

Steven Cheng[MSFT] · Nov 20, 2006

Hi Dave,

The CAS permission list(sandbox) is calculated based on the permission
requested by each function entry point in your assembly. You can use the
"permcalc.exe" without "-sandbox" option to display all the perission
requested by each entry point. Thus, you can get it is on which function
that require the certain CAS permission.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

David Thielen · Nov 20, 2006

This is what I needed - thank you.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Required permissions cannot be acquired.	1	Sep 28, 2007
EntLIb 3.1 and Ajax Enabled App hosted in Medium trust Probs	3	Jul 4, 2007
How to run 32bit asp.net application on windows 2003 server in 64b	1	Dec 6, 2007
Cannot create/shadow copy ?	0	Aug 9, 2006
Using native DLLs not in Path	0	Apr 12, 2006
Required Permissions Cannot Be Aquired :-(	1	Sep 5, 2006
Trying to install IIS 7 app on IIS 8	2	Aug 29, 2008
IE Client Side Control Security	0	Mar 1, 2006

Trying to run in partial trust (getting a PolicyException)

David Thielen

Steven Cheng[MSFT]

David Thielen

David Thielen

Dominick Baier

David Thielen

Dominick Baier

Steven Cheng[MSFT]

David Thielen

Steven Cheng[MSFT]

David Thielen

Steven Cheng[MSFT]

David Thielen

David Thielen

Dominick Baier

Steven Cheng[MSFT]

David Thielen

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads