Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
How to configure CAS policy to run application from anywhere within Intranet Zone
| Article ID | : | 948034 |
| Last Review | : | January 22, 2008 |
| Revision | : | 1.1 |
Source: Microsoft Support
Back to the top
RAPID PUBLISHING
RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
Back to the top
Action
This article applies to an application that is deployed over the intranet. The application may need multiple locations in the intranet from where to run (the dependent assemblies are stored at different locations) or sometimes the entire application is at one location (all the dependencies in the same folder) or the network location from where they load the assembly keeps on changing.
In such scenarios it is very difficult to configure 'Code Access Security' to selectively give FullTrust to particular locations. Also, reconfiguring CAS can become cumbersome as it has to be done on all machines over the network from where it's intended to run the application.
Back to the top
Result
Even when Code Access Security is configured to give fulltrust to selected locations, small changes in the locations can causing System.Security.SecurityException to be thrown when running the remotely deployed application.
Back to the top
Cause
By default .NET Code Acess Security provides 'LocalIntranet Permission Group' to the applications running from within the 'Intranet Zone'. Many times, the applications or their dependent assembly need higher previleges than they get from within 'LocalIntranet Permission Group'.
Whenever such a code is executed from intranet location that needs higher previleges provided by default by 'Local Intranet Permissions', the application throws SecurityException.
Back to the top
Resolution
Configuring FullTrust for all the applications running from within Intranet Zone:1.    Give FullTrust to the 'IntranetZone' under Machine level security configuration:
1.     If you are using .Net configuration wizard MMC available in Control Panel - Administrative Tools, then you can go to '.Net framework configuration' - My Computer - Runtime Security Policy - Machine - Code Groups - LocalIntranet_Zone. In right pane click on 'Edit Code Group Properties'. In the Property Page go to 'Permission Set' and select FullTrust under 'Permission Set' drop down.
2.     If you do not have the .Net configuration wizard MMC, they open command prompt, go to c:\WINDOWS\Microsoft.NET\Framework\v<Version>\ Directory and run following command:
Caspol -m -addgroup 1.2 -url "file:///\\computername\share\*" FullTrust –n test
 2.    Â
Add code group within ‘Intranet Zone’ under ‘Machine’ security configuration to give full trust to a particular public key and sign all your assemblies with the given public key. Caspol -m -addgroup 1.2 –strong -file "< as designated by the file name, the assembly name as a string, and the assembly version in the format major.minor.build.revision>" FullTrust –n test
For example
Caspol -m -addgroup 1.2 –strong -file myAssembly.exe myAssembly 1.2.3.4 FullTrust –n test Back to the top
More Information
DISCLAIMER
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALSâ€) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.
Back to the top
APPLIES TO
| • | Microsoft .NET Framework 1.0 |
| • | Microsoft .NET Framework 1.0 Service Pack 3 |
| • | Microsoft .NET Framework 1.1 Service Pack 1 |
| • | Microsoft .NET Framework 2.0 |
| • | Microsoft .NET Framework 2.0 IA64 Edition |
| • | Microsoft .NET Framework 2.0 x64 Edition |
| • | Microsoft .NET Framework 3.0 |
| • | Microsoft .NET Framework 3.5 |
| • | Microsoft .NET Framework 1.1 |
Back to the top
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please