views:

3087

answers:

5

My .NET application fails when run from a network drive even when the very same executable runs perfectly fine from a local hard drive?

I tried checking for "Full trust" like so:

try
{
    // Demand full trust permissions
    PermissionSet fullTrust = new PermissionSet( PermissionState.Unrestricted );
    fullTrust.Demand();

    // Perform normal application logic

}
catch( SecurityException )
{
    // Report that permissions were not full trust
    MessageBox.Show( "This application requires full-trust security permissions to execute." );
}

However, this isn't helping, by which I mean the application starts up and the catch block is never entered. However, a debug build shows that the exception thrown is a SecurityException caused by an InheritanceDemand. Any ideas?

+12  A: 

Did you try Using CasPol to Fully Trust a Share?

Gulzar
Almost upvote-worthy, but it provides the solution without explaining the problem.
Joel Coehoorn
+3  A: 

If this is .NET 2.0 or greater, ClickOnce was created to really help with this deployment stuff. I only deploy to network shares using that.

TheSoftwareJedi
A: 

This is security built in by microsoft into the .net framework. It's a way of stopping malware to be run locally with full priviliges, so you cannot change this programmatically in the code.

What you need to do is increase the trust of specific assemblies. You do this in the .NET Framework Configuration (Control Panel->Administrative Tools), and has to be done on each computer.

As with any security measures, it's a pain-in-the-ass, but will help the world to be less infected etc...

Mats Fredriksson
but why does his message box not show up?
Epaga
...stopping malware... How many malware have you found written in .NET? Any non .NET executable will be able to run from the network using full privileges (by default). The only difference is that .NET did not allow it by default while windows does.
Davy Landman
well, blocking managed code while still allowing Win32 binaries to be executed is not a security measure...
+6  A: 

You may have already done this, but you can use CasPol.exe to enable FullTrust for a specified network share.

For example

cd c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
CasPol.exe -m -ag 1.2 -url file:///N:/your/network/path/* FullTrust

More info here.

Ben Hoffstein
+13  A: 

It indeed has to do with the fact the apps on a network location are less trusted then on your local hdd (due to the default policy of the .NET framework).

If I'm not mistaken Microsoft finally corrected this annoyance in .NET 3.5 SP1 (after a lot of developers complaining).

I google'd it: .NET Framework 3.5 SP1 Allows managed code to be launched from a network share!

Davy Landman
Verified this by having the affected users download the Service Pack, and all is good. Thanks!
Paul Smith
Excellent! I've had to use CasPol before with a utility we created for some of our customers. It's a pain having to create a script and have it run before your utility is called, just because it's run from a network location.
Jason Down