FileIOPermissions question

[KingArgyle]

Okay, I have a problem, and haven't been able to figure it out so I figure somebody with more .NET exeperience than I have can point me in the correct direction. When trying to access a file on a network drive by launching a shell command, I'm getting a .NET security exception when trying to read files from a directory. If I run it though the debugger it works fine. I've tried a couple of different ways to get around it but so far no luck.

Any hints would be appreciated. A working example of code would be helpful.

[KingArgyle]

Well, I figured away around it, but it's not one I'm happy with, and not one I want to release (for now it works, but I'd rather put this in code). Basically, I changed the Runtime Security Policy for the Machine in the .NET Configuration util, and gave All_Code access to everything. Again, not what I really want to do on a machine by machine basis. There has to be something I can setup in the Assembly to get it to work without having to change the .NET Config.

Any ideas?

[jasonf]

I don't think there's a way around this.  I wrote an "ActiveX" control using .NET (hosted and used client-side on a web page), and we had to offer a .bat file on the web site that the user could run to set the runtime security policy (IE won't run the control otherwise).

You can thank all of the Linux folks who bash Microsoft for their lack of security for this feature.  Now the user must explicitly set permissions for all sorts of things (from one extreme to another).

Our batch file was created on the fly, but you can see what is executed from the following line:

<table border="0" align="center" width="95%" cellpadding="0" cellspacing="0"><tr><td>Code Sample </td></tr><tr><td id="CODE">
Response.Write("%windir%\\microsoft.net\\framework\\v1.1.4322\\caspol -ag 1 -site \"" + hostName + "\" FullTrust -name \"" + policyName + "\" -levelfinal on");
[/QUOTE]

Look to documentation for &quot;caspol&quot; for more info.

[KingArgyle]

Thanks for the tidbit, Jason.


Bah...Reven may not like it, but I think I still prefer Java and J2EE.

The funny thing is I figured it probably had something to do with a shared network drive I was trying to access, so I gave that shared folder full priveledges for everybody, and I still got the security issue. Thanks MS. Oh well, this program is only going to be used by 3 or 4 people at work so I have a pretty narrow user group that this will affect so not that big of a deal.

[jasonf]

It's more related to security zones as determined by Internet Explorer (remember that IE is tightly integrated with the operating system, and this is one example). The shared network drive, even though it's not technically the Internet, is probably classified as being in the &quot;Internet&quot; zone in. As such, it has the most strict security policy applied.

You can trust the site, and then you might not need to set the runtime security policy. Go to the Trusted Sites under IE's Internet Options-&gt; Security tab, and then add the site (just enter the UNC path to the \\server or \\server\share to narrow the scope).

Even if trusting the site works, it's still some explicit action that must take place on each client machine.

[reven]

Quote[/b] ]Bah...Reven may not like it, but I think I still prefer Java and J2EE.

you just made my enemies list.:angry:

[KingArgyle]

Actually, of the .NET languages, I like C# the best. VB.NET isn't that bad, a bit wordy, but having worked on COBOL programs in the past VB isn't nearly as bad as COBOL, or even Object Oriented COBOL. &lt;shudder&gt;

The FileIOPermissions, happened when I launched the program from the Eclipse IDE, and executed from an ANT script I had created to do some validation of some XML Files. I think it more than likely had to do with the security that the Eclipse IDE was using when it launched the program, as it didn't deal use the current user's security settings. So similiar to the IE situation, it was opperating under a different security setting than what I was expecting it to operate under.

Reven, my thing against C# and even VB is that I think they have given over too much control the compiler to think how it should best handle something. I like to have more control over how my code is generated (belive it or not I actually liked working in Mainframe Assembler when I took that class 13 years ago). I've seen too many problems that are caused by compilers misinterpreting what the code was supposed to do just because a feature of the language allowed some ambiguity, and the compiler got confused. It's why when I programmed COBOL I used End-Ifs with all my ifs. It told the Compiler exactly where one ended and another began, even though end-ifs aren't a requirement.

Everybody has their own preferences.

[normanr]

KingArgyle: you're perfectly right that it's a security policy setting. The policy is there to stop you doing this exact action. You basically have to ask the policy to allow you program access to network devices etc.

The hard way is you add your executable to the approved list (and re-add it everytime you rebuild it). The easy way is to sign your assebly to make it stronly typed. Then you add your signing key to the policy and grant any programs signed with your key full access.

By the way if you put the files your trying to access in the same directory as the executable it should work.