views:

1313

answers:

1

I've set up an activex control to run on a webpage. The server is able to serve this webpage to itself, but other machines on the intranet and internet aren't able to access it.

The Caspol settings look like this:

Code Groups:

1.  All code: FullTrust
   1.1.  Zone - MyComputer: FullTrust
      1.1.1.  StrongName - (omitted) : FullTrust
      1.1.2.  StrongName - 00000000000000000400000000000000: FullTrust
   1.2.  Zone - Intranet: FullTrust
      1.2.1.  All code: Same site Web
      1.2.2.  All code: Same directory FileIO - 'Read, PathDiscovery'
   1.3.  Zone - Internet: Internet
      1.3.1.  All code: Same site Web
   1.4.  Zone - Untrusted: Nothing
   1.5.  Zone - Trusted: Internet
      1.5.1.  All code: Same site Web
   1.6.  Url - http://MYSERVERNAME/APPLICATIONNAME/*: FullTrust
Success

The application I'm trying to access is group 1.6. Am I doing something wrong here?

[Edit] It's worth mentioning that the IEDebug Error Log on a machine attempting to access the control from the intranet displays a long exception. The most noteworthy of it being:

System.Net.WebPermission
The first permission that failed was:
<IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
+1  A: 

A long time ago I read somewhere that for .Net usercontrols, Url evidence doesn't work. Only Site and Zone evidence work.

caspol -machine -quiet -addgroup Trusted_Zone -site mysite.com FullTrust -name mysite -description "Code group granting trust to code from mysite.com"

You can do this for each Zone.

When using IE8, make sure mysite.com is added to the Trusted Sites list [3]. I'm not sure if Protected Mode has to be off.

When you're on a 64-bit system, there are two caspol's, with separate permissions:

  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe
  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\caspol.exe

I a lot of time setting permissions on the 32-bit caspol, and then banging my head against the wall because it wouldn't work. Turns out I used 64-bit IE8 because that made a IEDebug.log. Best to set the permissions on both versions.