security Security issue running unmanaged code in a win form ctrl hosted in

Previous Thread: How to troubleshoot 401 error when connecting using NetworkCredent

3/29/2006 2:49:02 AM Security issue running unmanaged code in a win form ctrl hosted in

Security problem running unmanaged code (.ocx control) in a windows from  
  
control hosted in IE6  
  
Hi,  
  
I have design a  windows from control which contain a .OCX in one of its  
  
forms.  
  
Component developed in C#2005   --------   .NET2  
  
Now, the control is loaded successful via IIS in my web application. Now  
  
when I try to load the form where the OCX is hosted:  
  
private void button2_Click(object sender, EventArgs e)  
  
{  
  
Form1 a;  
  
a = new Form1();  
  
a.ShowDialog();  
  
}  
  
I got an .NET Excpetion saying:  
  
System.Security.SecurityException: Request failed.  
  
************** Exception Text **************  
  
System.Security.SecurityException: Request failed.  
  
at System.Windows.Forms.AxHost..ctor(String clsid, Int32 flags)  
  
at System.Windows.Forms.AxHost..ctor(String clsid)  
  
at AxAcroPDFLib.AxAcroPDF..ctor()  
  
at WindowsControlLibrary1.Form1.InitializeComponent()  
  
at WindowsControlLibrary1.Form1..ctor()  
  
at WindowsControlLibrary1.UserControl1.button2_Click(Object sender,  
  
EventArgs e)  
  
at System.Windows.Forms.Control.OnClick(EventArgs e)  
  
at System.Windows.Forms.Button.OnClick(EventArgs e)  
  
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)  
  
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons  
  
button, Int32 clicks)  
  
at System.Windows.Forms.Control.WndProc(Message& m)  
  
at System.Windows.Forms.ButtonBase.WndProc(Message& m)  
  
at System.Windows.Forms.Button.WndProc(Message& m)  
  
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)  
  
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)  
  
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg,  
  
IntPtr wparam, IntPtr lparam)  
  
The action that failed was:  
  
Demand  
  
The action that failed was:  
  
Demand  
  
The type of the first permission that failed was:  
  
System.Security.PermissionSet  
  
************** Loaded Assemblies **************  
  
mscorlib  
  
Assembly Version: 2.0.0.0  
  
Win32 Version: 2.0.50727.42 (RTM.050727-4200)  
  
.......................  
  
Now the permissions for the windows from control are set to unrestricted. (I  
  
have Double-checked it via the framework evaluation permission option for  
  
assemblies persent in .NET)  
  
Tried the following in the AssemblyInfo.cs  
  
[assembly: AllowPartiallyTrustedCallers()]  
  
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, Flags  
  
= SecurityPermissionFlag.UnmanagedCode)]  
  
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, Flags  
  
= SecurityPermissionFlag.ControlEvidence)]  
  
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, Flags  
  
= SecurityPermissionFlag.SkipVerification)]  
  
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, Flags  
  
= SecurityPermissionFlag.AllFlags)]  
  
tried:  
  
[SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)]  
  
[SecurityPermission(SecurityAction.Assert, ControlEvidence = true)]  
  
[SecurityPermission(SecurityAction.Assert, Unrestricted = true)]  
  
no luck!!!!  
  
Any idea how to run unmanged code in a window from hosted in IE6?  
  
Many Thanks,  
  
Filippo

3/29/2006 11:01:22 AM Re: Security issue running unmanaged code in a win form ctrl hosted in

the CAS security policy restricts you from running umnanaged code -  
  
go to mscorcfg.msc - there you can inspect the policy for the machine - the  
  
intranet/internet permission set don't include SecurityPermission/UnmanagedCode  
  
maybe you should create a custom code group for your control - using a StrongNameMembershipCondition,  
  
and grant that necessary permission.  
  
This has to be done on every client.  
  
---------------------------------------  
  
Dominick Baier - DevelopMentor  
  
http://www.leastprivilege.com

3/30/2006 9:57:24 AM Re: Security issue running unmanaged code in a win form ctrl hosted in

The "Request failed" message is usually due to a failed link demand for full  
  
trust generated because a strongly named assembly one is using (presumably  
  
the interop assembly for the OCX in this case) is not marked by APTCA.  
  
Since your control assembly has an unrestricted permission grant, you should  
  
be able to fulfill the demand by asserting an unrestricted permission set in  
  
the Form1 constructor.  
  
"Filippo Bettinaglio" <FilippoBettinaglio@discussions.microsoft.com> wrote  
  
in message news:296F4EC5-9D2D-426D-8DF1-4B2AB15E710E@microsoft.com...


Pete's Blog	Pete's Resume	Robbe's Blog	Robbe's Resume	ASP.NET Resources	Archive #2	Archive #3
All Categories	.NET	BizTalk	Exchange	IIS	IE	ISA Server	Misc
Networking	SharePoint	SQL Server	Sys Mgmt Server	Win32	Mobile Dev	MSN	WinFX
Windows 2003	Windows Media	Windows NT	Windows Vista	Windows XP	XmlPitStop	Recent	DotNetSlackers

ASP.NET, SQL Server, WPF, C#, VB.NET