search
Twitter Rss Feeds
MicrosoftArticlesForumsGroups
C# .NET
VB.NET
Visual Studio .NET
ADO.NET
Xml/Xslt
VB 6.0
.NET CF
GDI+
LINQ
Deployment
Security
FoxPro
Silverlight / WPF
Entity Framework
RIA Services

Web ProgrammingArticlesForumsGroups
JavaScript
ASP
ASP.NET
Web Services

Non-MicrosoftArticlesForumsGroups
NHibernate
Perl
PHP
Ruby
Java
Linux / Unix
Apple
Open Source

DatabasesArticlesForumsGroups
SQL Server
Access
Oracle
MySQL
Other Databases

OfficeArticlesForumsGroups
Microsoft Excel
Microsoft Word
Microsoft Powerpoint
Publisher
Money

Operating SystemsArticlesForumsGroups
Windows 7
Windows Server
Windows Vista
Windows XP
Windows Update
MAC
Linux / UNIX

Server PlatformsArticlesForumsGroups
Share Point
BizTalk
Site Server
Exhange Server
IIS
Transaction Server

Graphic DesignArticlesForumsGroups
Macromedia Flash
Adobe PhotoShop
Microsoft Expression

OtherArticlesForumsGroups
Subversion / CVS
Ask Dr. Dotnetsky
Active Directory
Networking
Uninstall Virus
Job Openings
Reviews
Search Engines
Resumes

 

Previous Thread:   How to troubleshoot 401 error when connecting using NetworkCredent

3/29/2006 2:49:02 AM    Security issue running unmanaged code in a win form ctrl hosted in
Security problem running unmanaged code (.ocx control) in a windows from  
  
control hosted in IE6  
  
Hi,  
  
I have design a  windows from control which contain a .OCX in one of its  
  
forms.  
  
Component developed in C#2005   --------   .NET2  
  
Now, the control is loaded successful via IIS in my web application. Now  
  
when I try to load the form where the OCX is hosted:  
  
private void button2_Click(object sender, EventArgs e)  
  
{  
  
Form1 a;  
  
a = new Form1();  
  
a.ShowDialog();  
  
}  
  
I got an .NET Excpetion saying:  
  
System.Security.SecurityException: Request failed.  
  
************** Exception Text **************  
  
System.Security.SecurityException: Request failed.  
  
at System.Windows.Forms.AxHost..ctor(String clsid, Int32 flags)  
  
at System.Windows.Forms.AxHost..ctor(String clsid)  
  
at AxAcroPDFLib.AxAcroPDF..ctor()  
  
at WindowsControlLibrary1.Form1.InitializeComponent()  
  
at WindowsControlLibrary1.Form1..ctor()  
  
at WindowsControlLibrary1.UserControl1.button2_Click(Object sender,  
  
EventArgs e)  
  
at System.Windows.Forms.Control.OnClick(EventArgs e)  
  
at System.Windows.Forms.Button.OnClick(EventArgs e)  
  
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)  
  
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons  
  
button, Int32 clicks)  
  
at System.Windows.Forms.Control.WndProc(Message& m)  
  
at System.Windows.Forms.ButtonBase.WndProc(Message& m)  
  
at System.Windows.Forms.Button.WndProc(Message& m)  
  
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)  
  
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)  
  
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg,  
  
IntPtr wparam, IntPtr lparam)  
  
The action that failed was:  
  
Demand  
  
The action that failed was:  
  
Demand  
  
The type of the first permission that failed was:  
  
System.Security.PermissionSet  
  
************** Loaded Assemblies **************  
  
mscorlib  
  
Assembly Version: 2.0.0.0  
  
Win32 Version: 2.0.50727.42 (RTM.050727-4200)  
  
.......................  
  
Now the permissions for the windows from control are set to unrestricted. (I  
  
have Double-checked it via the framework evaluation permission option for  
  
assemblies persent in .NET)  
  
Tried the following in the AssemblyInfo.cs  
  
[assembly: AllowPartiallyTrustedCallers()]  
  
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, Flags  
  
= SecurityPermissionFlag.UnmanagedCode)]  
  
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, Flags  
  
= SecurityPermissionFlag.ControlEvidence)]  
  
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, Flags  
  
= SecurityPermissionFlag.SkipVerification)]  
  
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, Flags  
  
= SecurityPermissionFlag.AllFlags)]  
  
tried:  
  
[SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)]  
  
[SecurityPermission(SecurityAction.Assert, ControlEvidence = true)]  
  
[SecurityPermission(SecurityAction.Assert, Unrestricted = true)]  
  
no luck!!!!  
  
Any idea how to run unmanged code in a window from hosted in IE6?  
  
Many Thanks,  
  
Filippo

3/29/2006 11:01:22 AM    Re: Security issue running unmanaged code in a win form ctrl hosted in
the CAS security policy restricts you from running umnanaged code -  
  
go to mscorcfg.msc - there you can inspect the policy for the machine - the  
  
intranet/internet permission set don't include SecurityPermission/UnmanagedCode  
  
maybe you should create a custom code group for your control - using a StrongNameMembershipCondition,  
  
and grant that necessary permission.  
  
This has to be done on every client.  
  
---------------------------------------  
  
Dominick Baier - DevelopMentor  
  
http://www.leastprivilege.com

3/30/2006 9:57:24 AM    Re: Security issue running unmanaged code in a win form ctrl hosted in
The "Request failed" message is usually due to a failed link demand for full  
  
trust generated because a strongly named assembly one is using (presumably  
  
the interop assembly for the OCX in this case) is not marked by APTCA.  
  
Since your control assembly has an unrestricted permission grant, you should  
  
be able to fulfill the demand by asserting an unrestricted permission set in  
  
the Form1 constructor.  
  
"Filippo Bettinaglio" <FilippoBettinaglio@discussions.microsoft.com> wrote  
  
in message news:296F4EC5-9D2D-426D-8DF1-4B2AB15E710E@microsoft.com...


Pete's Blog   |    Pete's Resume   |    Robbe's Blog   |    Robbe's Resume   |    Archive #2   |    Archive #3   |    Dotnetslackers   |    XmlPitStop   |    Advertise   |   Contact Us   |   Privacy   |   Copyright (c) 2000 - 2009 eggheadcafe.com  All rights reserved.