tags:

views:

1313

answers:

1
Q: 

CASPOL, FullTrust and running an ActiveX Control in IE with FullTrust based on URL

I've set up an activex control to run on a webpage. The server is able to serve this webpage to itself, but other machines on the intranet and internet aren't able to access it.

The Caspol settings look like this:

Code Groups:

1.  All code: FullTrust
   1.1.  Zone - MyComputer: FullTrust
      1.1.1.  StrongName - (omitted) : FullTrust
      1.1.2.  StrongName - 00000000000000000400000000000000: FullTrust
   1.2.  Zone - Intranet: FullTrust
      1.2.1.  All code: Same site Web
      1.2.2.  All code: Same directory FileIO - 'Read, PathDiscovery'
   1.3.  Zone - Internet: Internet
      1.3.1.  All code: Same site Web
   1.4.  Zone - Untrusted: Nothing
   1.5.  Zone - Trusted: Internet
      1.5.1.  All code: Same site Web
   1.6.  Url - http://MYSERVERNAME/APPLICATIONNAME/*: FullTrust
Success

The application I'm trying to access is group 1.6. Am I doing something wrong here?

[Edit] It's worth mentioning that the IEDebug Error Log on a machine attempting to access the control from the intranet displays a long exception. The most noteworthy of it being:

System.Net.WebPermission
The first permission that failed was:
<IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
+1  A: 

A long time ago I read somewhere that for .Net usercontrols, Url evidence doesn't work. Only Site and Zone evidence work.

caspol -machine -quiet -addgroup Trusted_Zone -site mysite.com FullTrust -name mysite -description "Code group granting trust to code from mysite.com"

You can do this for each Zone.

When using IE8, make sure mysite.com is added to the Trusted Sites list [3]. I'm not sure if Protected Mode has to be off.

When you're on a 64-bit system, there are two caspol's, with separate permissions:

  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe
  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\caspol.exe

I a lot of time setting permissions on the 32-bit caspol, and then banging my head against the wall because it wouldn't work. Turns out I used 64-bit IE8 because that made a IEDebug.log. Best to set the permissions on both versions.

 2009-08-10 05:36:57

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?