SQL CLR function and OleDb permissions

I have a .NET 3.5 C# library that uses OleDb to pull data from an Excel file and return it in a DataRowCollection which is used by a CLR Table-Valued Function in SQL Server 2005.

I deployed the ASSEMBLY in SQL Server as sa and used PERMISSION_SET = EXTERNAL_ACCESS. The sa login has EXTERNAL ACCESS ASSEMBLY and the database has TRUSTWORTHY on.

The assembly is signed and I used the following caspol.exe command which indicated that it was successful:

-m -ag All_Code -url "C:\Testing\sqlFunction.dll" FullTrust -n "sqlFunction"

The SQL Server instance, my library and the Excel document are all on the same machine.

The SQL Server service is running as Local System (but while trying to get this to work I also tried running it as the AD user that I was logged in as which is also a local administrator).

I created a command line application to test run the library and everything runs fine and data is returned as expected.

But when I run the function from SSMS, I get this error in the result pane:

A .NET Framework error occurred during execution of user-defined routine or aggregate "GetExcelFile": System.Security.SecurityException: Request for the permission of type 'System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. System.Security.SecurityException: at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) at System.Security.PermissionSet.Demand() at System.Data.Common.DbConnectionOptions.DemandPermission() at System.Data.OleDb.OleDbConnection.PermissionDemand() at System.Data.OleDb.OleDbConnectionFactory.PermissionDemand(DbConnection outerConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.OleDb.OleDbConnection.Open() at System.Data.Common.DbDataAdapter.QuietOpen(IDbConnection connection, ConnectionState& originalState) at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) at GetExcelFunction.GetFile() at GetExcelFunction.InitMethod(String logname)

I've deployed this on my personal dev machine (XP PRO) and our dev sandbox (Server 2003) and got the same error.

Most code access security issues revolve around the assembly running from a network share - but that's not the case here.

Any ideas? I'm tapped out.

The main reason I am using CLR is that I have a number of other requirements that involve working with the Excel file beyond simply pulling the data out. The second reason is that my production environment is 64 bit and there is not yet a 64 bit JET driver so I couldn't use OPENROWSET anyway.

MarkB 2008-11-27 04:33:42

Thanks shahkalpesh. I created an OleDbPermission and used the add method on it with my connection string.

MarkB 2008-11-27 19:32:23

But I don't see anything else to do with it. The only other things I do are create an adapter, create a table and then use the fill method on the adapter. Neither of the two constructors nor the fill method take a permission object.

MarkB 2008-11-27 19:32:54

I found this in MSDN: This class is intended for future use when the .NET Framework Data Provider for OLE DB is enabled for partial trust scenarios. The .NET Framework Data Provider for OLE DB currently requires FullTrust permission. Currently, using the OleDbPermission class has no effect.

MarkB 2008-11-27 19:35:19

So I compiled and re-deployed to SQL but got the same error.

MarkB 2008-11-27 19:35:53

ansaurus

tags:

views:

answers:

SQL CLR function and OleDb permissions

related questions