Search Results

Search found 8 results on 1 pages for 'linkdemand'.

Page 1/1 | 1 

  • Understanding LinkDemand Security on a webserver

    - by robertpnl
    Hi, After deployment an ASP.Net application on a webserver, I get this error message by using code from a external assembly: "LinkDemand The type of the first permission that failed was: System.Security.PermissionSet The Zone of the assembly that failed was: MyComputer the error ". The assembly is include in the \bin folder and not in the GAC. I try to know what linkdemand exactly is and why this message will raised. But looking for more information, I don't get exactly the problem. I try also to add the PermissionSetAttribute on the class where the exception message happens: [System.Security.Permissions.PermissionSetAttribute(System.Security.Permissions.SecurityAction.LinkDemand, Name = "FullTrust")] Then the exception will be raised on another class of the assembly. And so on.. My questions ares: - what exactly is going wrong here? Is it true that I understand that .Net cannot check the code during Jit? - Is there maybe a security policy that block this (machine.config)? - Can I set the PermissionAttribute for all classes between a assembly? Thanks.

    Read the article

  • LinkDemand error on webserver when using TraceSource

    - by robertpnl
    Hi, On a webserver (shared hosting provider) I published a website with a ADO.Net Framework model in use with MySql Connector 6.3.1. When I request a page, a Security Exception will be happen with this error messages: "LinkDemand The type of the first permission that failed was: System.Security.Permissions.SecurityPermission The Zone of the assembly that failed was: MyComputer ". This exception raised when code collect the listeners of a tracksource: public class MySqlTrace { private static TraceSource source = new TraceSource("mysql"); static MySqlTrace() { foreach (TraceListener listener in source.Listeners) // <-- Exception throw here { // ... } } } The web.config doesn't have any trace data or system.diagnostics. My question is, why will a get a LinkDemand security exception during collecting the source listeners. What can maybe be wrong in here?

    Read the article

  • LinkDemand error on webserver when using TrackSource

    - by robertpnl
    Hi, On a webserver (shared hosting provider) I published a website with a ADO.Net Framework model in use with MySql Connector 6.3.1. When I request a page, a Security Exception will be happen with this error messages: "LinkDemand The type of the first permission that failed was: System.Security.Permissions.SecurityPermission The Zone of the assembly that failed was: MyComputer ". This exception raised when code collect the listeners of a tracksource: public class MySqlTrace { private static TraceSource source = new TraceSource("mysql"); static MySqlTrace() { foreach (TraceListener listener in source.Listeners) // <-- Exception throw here { // ... } } } The web.config doesn't have any trace data or system.diagnostics. My question is, why will a get a LinkDemand security exception during collecting the source listeners. What can maybe be wrong in here?

    Read the article

  • Exam Questions that use .Demand or .LinkDemand COULD NOT BE ANY MORE CONFUSING OR AMBIGIOUS ????

    - by IbrarMumtaz
    I am 110% sure this is WRONG !!!! Q.12) You develop a library, and want to ensure that the functions in the library cannot be either directly or indirectly invoked by applications that are not running on the local intranet. What attribute would you add to each method? A. [UrlIdentityPermission(SecurityAction.RequestRefuse, Url="http://myintranet")] B. [UrlIdentityPermission(SecurityAction.LinkDemand, Url="http://myintranet")] (correct answer) C. [UrlIdentityPermission(SecurityAction.Demand, Url="http://myintranet")] D. [UrlIdentityPermission(SecurityAction.Assert, Url="http://myintranet")] Explanation Link-Demand should be used as it ensures that all callers in the call stack have the necessary permission. In this case it ensures that all callers in the call stack are on the local intranet. There is an indentical question on Transencer so I already had a clue what was goin but Transcender was much more informative that this drivel as it mentioned class level and not assembly level. It also mentioned that some callers maybe coming externally from the company intranet via authroised and authenticated credentials. With information is easy to see why .Demand on would be wong option to go for? So Transcender was right .... so I thgt fine, that makes sense. With think information still fresh in my brain I had a good idea was was going on in the question. To my surprise .Demand was wrong agin !!!! WHAT? I am really starting to hate this setting now? I cannot be any more p*ssed right now!!! :@ Thanks For Reading, Ibrar

    Read the article

  • C++/CLI: CA2123: Requires SecurityCriticalAttribute?

    - by TomTom
    I am a little lost on erros like that: Warning 7 CA2123 : Microsoft.Security : Add the following security attribute to 'RithmicConnector::Connect(String^)' in order to match a LinkDemand on base method 'IConnector::Connect(String^)': 'SecurityCriticalAttribute'. c:\work\nettecture\tradex\source\tradex.connectivity.rithmic\rithmicconnector.cpp 52 Tradex.Connectivity.Rithmic Where do I add the SecurityCriticalAttribute? I tried on the header file - but the error does not disappear. I have one of those pretty much on every exposed method of a (managed C++) interface DLL. And I want CA to run through. How do I fix those? Regards

    Read the article

  • Does ASP.NET need to be configured for Full Trust to implement 'PageHandlerFactory' ?

    - by Kev
    Our hosting platform (running IIS6/ASP.NET 2.0) is configured to run under partial trust. In the machine wide web.config file we set the ASP.NET trust level to Medium (and lock to prevent overrides) and use a modified policy file. When trying to add a custom HttpHandler to handle .aspx requests for a website running in this configuration I get the following security exception: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SecurityException: Request failed.] System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0 System.Reflection.Assembly.GetType(String name, Boolean throwOnError, Boolean ignoreCase) +42 System.Web.Compilation.CompilationUtil.GetTypeFromAssemblies(AssemblyCollection assembliesCollection, String typeName, Boolean ignoreCase) +172 System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) +291 System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) +52 I'm using a class derived from PageHandlerFactory, for example: public class MyPageHandlerFactory : PageHandlerFactory { public override System.Web.IHttpHandler GetHandler(System.Web.HttpContext context, string requestType, string virtualPath, string path) { // CustomPageHandler derives from System.Web.UI.Page return new CustomPageHandler(); } } My web.config httpHandler configuration is as follow: <httpHandlers> <add verb="*" path="*.aspx" type="MyPageHandler.MyPageHandlerFactory" /> </httpHandlers> The documentation for PageHandlerFactory shows that PageHandlerFactory is decorated with the following attributes: [PermissionSetAttribute(SecurityAction.LinkDemand, Unrestricted = true)] [PermissionSetAttribute(SecurityAction.InheritanceDemand, Unrestricted = true)] public class PageHandlerFactory : IHttpHandlerFactory Does this mean that I need to set ASP.NET to run at Full Trust to be able to create my own PageHandlerFactory classes?

    Read the article

  • C# custom control to get internal text as string

    - by Ed Woodcock
    ok, I'm working on a custom control that can contain some javascript, and read this out of the page into a string field. This is a workaround for dynamic javascript inside an updatepanel. At the moment, I've got it working, but if I try to put a server tag inside the block: <custom:control ID="Custom" runat="server"> <%= ControlName.ClientID %> </custom:control> The compiler does not like it. I know these are generated at runtime, and so might not be compatible with what I'm doing, but does anyone have any idea how I can get that working? EDIT Error message is: Code blocks are not supported in this context EDIT 2 The control: [DataBindingHandler("System.Web.UI.Design.TextDataBindingHandler, System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"), ControlValueProperty("Text"), DefaultProperty("Text"), ParseChildren(true, "Text"), AspNetHostingPermission(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal), AspNetHostingPermission(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Minimal)] public class CustomControl : Control, ITextControl { [DefaultValue(""), Bindable(true), Localizable(true)] public string Text { get { return (string)(ViewState["Text"] ?? string.Empty); } set { ViewState["Text"] = value; } } }

    Read the article

  • How to reserve public API to internal usage in .NET?

    - by mark
    Dear ladies and sirs. Let me first present the case, which will explain my question. This is going to be a bit long, so I apologize in advance :-). I have objects and collections, which should support the Merge API (it is my custom API, the signature of which is immaterial for this question). This API must be internal, meaning only my framework should be allowed to invoke it. However, derived types should be able to override the basic implementation. The natural way to implement this pattern as I see it, is this: The Merge API is declared as part of some internal interface, let us say IMergeable. Because the interface is internal, derived types would not be able to implement it directly. Rather they must inherit it from a common base type. So, a common base type is introduced, which would implement the IMergeable interface explicitly, where the interface methods delegate to respective protected virtual methods, providing the default implementation. This way the API is only callable by my framework, but derived types may override the default implementation. The following code snippet demonstrates the concept: internal interface IMergeable { void Merge(object obj); } public class BaseFrameworkObject : IMergeable { protected virtual void Merge(object obj) { // The default implementation. } void IMergeable.Merge(object obj) { Merge(obj); } } public class SomeThirdPartyObject : BaseFrameworkObject { protected override void Merge(object obj) { // A derived type implementation. } } All is fine, provided a single common base type suffices, which is usually true for non collection types. The thing is that collections must be mergeable as well. Collections do not play nicely with the presented concept, because developers do not develop collections from the scratch. There are predefined implementations - observable, filtered, compound, read-only, remove-only, ordered, god-knows-what, ... They may be developed from scratch in-house, but once finished, they serve wide range of products and should never be tailored to some specific product. Which means, that either: they do not implement the IMergeable interface at all, because it is internal to some product the scope of the IMergeable interface is raised to public and the API becomes open and callable by all. Let us refer to these collections as standard collections. Anyway, the first option screws my framework, because now each possible standard collection type has to be paired with the respective framework version, augmenting the standard with the IMergeable interface implementation - this is so bad, I am not even considering it. The second option breaks the framework as well, because the IMergeable interface should be internal for a reason (whatever it is) and now this interface has to open to all. So what to do? My solution is this. make IMergeable public API, but add an extra parameter to the Merge method, I call it a security token. The interface implementation may check that the token references some internal object, which is never exposed to the outside. If this is the case, then the method was called from within the framework, otherwise - some outside API consumer attempted to invoke it and so the implementation can blow up with a SecurityException. Here is the modified code snippet demonstrating this concept: internal static class InternalApi { internal static readonly object Token = new object(); } public interface IMergeable { void Merge(object obj, object token); } public class BaseFrameworkObject : IMergeable { protected virtual void Merge(object obj) { // The default implementation. } public void Merge(object obj, object token) { if (!object.ReferenceEquals(token, InternalApi.Token)) { throw new SecurityException("bla bla bla"); } Merge(obj); } } public class SomeThirdPartyObject : BaseFrameworkObject { protected override void Merge(object obj) { // A derived type implementation. } } Of course, this is less explicit than having an internally scoped interface and the check is moved from the compile time to run time, yet this is the best I could come up with. Now, I have a gut feeling that there is a better way to solve the problem I have presented. I do not know, may be using some standard Code Access Security features? I have only vague understanding of it, but can LinkDemand attribute be somehow related to it? Anyway, I would like to hear other opinions. Thanks.

    Read the article

1