views:

19

answers:

1

I am trying to host a windows forms control in C# inside an html page and then host that web page in IIS in order to be accessible by other client machines. The problem is: the usercontrol uses some unmanaged code, which triggers a securitypermission exception when accessing using another machine.

I've managed to dumb down my code to an elementary example in order to pinpoint the error and I just can't seem to find an answer to this.

Here's my user control:

   // To handle strong named assembly
[assembly: AllowPartiallyTrustedCallers]

namespace WinFormsHTMLControl
{
    [SecurityPermissionAttribute(SecurityAction.Assert, UnmanagedCode = true)]    // to allow assertions regarding unmanaged code permissions
    public partial class HelloWorldControl : UserControl
    {
        #region Methods/Consts for Embedding a Window

        [DllImport("user32.dll", SetLastError = true)]
        private static extern IntPtr FindWindow(string lpClassName, string lpWindowName);

        #endregion

        public HelloWorldControl()
        {
            InitializeComponent();
        }

        private void btnClick_Click(object sender, EventArgs e)
        {
            new SecurityPermission(PermissionState.Unrestricted).Assert();

            IntPtr picBoxHandle = FindWindow("IEFrame", "Internet Explorer");
            lblMessage.Text = picBoxHandle.ToString();

            SecurityPermission.RevertAssert();                      
        }
    }
}

I've signed the assembly with a key, I've created a Permission Set in .Net Configuration Tool in order to grant acess to unmanaged code, and created a CodeGroup pointing to the strong key used to name the assembly. I've also created an MSI in order to copy these settings to other machines (i've done this both at Enterprise and Machine levels).

Despite all this, this code still triggers a SecurityPermission exception when I click the button...

Am I missing something here?

+2  A: 

IE is sandboxed and you're trying to perform an operation that you can't perform-- ie, calling directly into user32 from a website. Imagine how dangerous the internet would be if anybody could do that on any website. Your core architecture is flawed.

Greg D
I understand what you're saying, but this is something that has been done before, and it's one of the motivations for using windows forms hosted in a web site: to do something that cannot be done using only a web page. Regarding security, that is precisely why it is so difficult to get this to work, because of what you said. However it can be done and is not a flawed architecture, it just depends on the environment you're working with.Summarizing, I know it can be done, I just can't replicate it. Nevertheless, thank you for the answer.
Manuel Pimenta