Setting Code Access Policy (CAS) on console application running over network

I have a console app written in .NET 2 that uses reflection to dynamically load Assembly files, instantiate an instance of that Assembly, and invoke members of it. I had this app running very smoothly on our current servers, but we're now migrating to a new host, which is a 64-bit machine running Server 2008. The code that is executed, reads various API's and generates files on the system.

I've never had to use CAS or caspol before now. Not even entirely sure if that's the issue - but it seems so. I have wide open file permissions set for full control of these folders.

Now when trying to run this code on our new server, executed from a virtual machine, referencing the app on it's host OS using UNC paths, this is what I get:

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.CodeAccessPermission.Demand()
   at System.IO.FileInfo..ctor(String fileName)
   at Tickets.TicketsAPI..ctor()

The action that failed was:

Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission

The first permission that failed was:
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Read="\\sever2\company\www\company_Tools\FeedAggregator\Output\Tickets_2010-01-28_Full.csv"/>

The demand was for:
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Read="\\sever2\company\www\company_Tools\FeedAggregator\Output\Tickets_2010-01-28_Full.csv"/>

The granted set of the failing assembly was:
<PermissionSet class="System.Security.PermissionSet" version="1">

<IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" 
    version="1" 
    Read="USERNAME"/>

<IPermission class="System.Security.Permissions.FileDialogPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" 
    version="1" 
    Unrestricted="true"/>

<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" 
    version="1" 
    Read="\\sever2\company\www\company_Tools\FeedAggregator\Components\"
    PathDiscovery="\\sever2\company\www\company_Tools\FeedAggregator\Components\"/>

<IPermission class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Allowed="AssemblyIsolationByUser"
    UserQuota="9223372036854775807"
    Expiry="9223372036854775807"
    Permanent="True"/>

<IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Flags="ReflectionEmit"/>

<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Flags="Assertion, Execution, BindingRedirects"/>

<IPermission class="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Unrestricted="true"/>

<IPermission class="System.Security.Permissions.UrlIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Url="file://sever2/company/www/company_Tools/FeedAggregator/Components/Tickets.dll"/>

<IPermission class="System.Security.Permissions.ZoneIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Zone="Intranet"/>

<IPermission class="System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
    version="1"
    Unrestricted="true"/>

<IPermission class="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    version="1"
    Level="DefaultPrinting"/>

</PermissionSet>

The assembly or AppDomain that failed was:
Tickets, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
The Zone of the assembly that failed was:
Intranet
The Url of the assembly that failed was:
file://sever2/company/www/company_Tools/FeedAggregator/Components/Tickets.dll
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.Reflection.ConstructorInfo.Invoke(Object[] parameters)
   at FeedAgger.ConsoleApp.Program.PrintAssemblyFetch() in C:\www\FeedAgger\FeedAggerTask\Program.cs:line 127
   at FeedAgger.ConsoleApp.Program.Main(String[] args) in C:\www\FeedAgger\FeedAggerTask\Program.cs:line 54

I have tried several CAS policy changes, including these

caspol -addfulltrust \\full-unc-path\feedaggertask.exe

caspol -machine -addfulltrust \\full-unc-path\feedaggertask.exe

caspol -machine -addgroup 1. -url \\full-unc-path\app\* LocalIntranet

caspol -machine -addgroup 1.2 -url \\full-unc-path\feedaggertask.exe FullTrust

ansaurus

tags:

views:

answers:

Setting Code Access Policy (CAS) on console application running over network

related questions