tags:

views:

414

answers:

2
+2  Q: 

Debug code security .net framework to use caspol.exe

We have an application that is distribute to a varity of customers. Sometime it is installed on a network share. Usually we can give that application access with caspol.exe and grant the LocalIntranet Zone FullTrust. Sometimes the customers admins do not manage to grant that application access due to some network settings. When we launch the exe it opens for a short time and appears in the Client Task Manager and disappears silently... now the question is there a tool which gives me some debugging or tracing details on that. Is there a tool to debug security issues like that... I assueme that this happens before any of my code is executed... and I do not see anything in the event trace neither on the client nor on the server...

Any ideas?

+1  A: 

Can I recommend - perhaps look at ClickOnce - a click-once application can be hosted on a network share, but has much better security deployment factors. You just run the .application rather than the .exe (VS2005 and VS2008 have all the tools you need to publish a ClickOnce application trivially).

Also - in one of the recent service packs (perhaps with 3.5 SP1), I believe that mapped shares get more priveleges - so \\foo\bar\my.exe would still error, but f:\my.exe (to the same location) should work.

Marc Gravell  2009-02-10 12:24:44
we will port the app once to use clickonce but this will take time...I have 3.5 SP1 installed on the client but still would need use caspol... is there no way to get any error messages or trace that?
 2009-02-10 14:02:40
Have you tried: http://blogs.msdn.com/suzcook/archive/2003/05/29/57120.aspx
Marc Gravell  2009-02-10 15:08:01
+1  A: 

We're having similar issues with our applications which are usually placed on a network share. We're solving this issue by:

  • signing and timestamping all application components with Microsoft Authenticode certificate issued by Thawte.
  • deploying msi package containing security policy granting full trust to applications signed by our certificate.

If your company will not / cannot buy code signing cert, you can install a CA somewhere and issue cert for that purpose only ( I think it will work altough this cert will not resolve to trusted root. )

The other option, with a lot more hassle would be to strong-sign all assemblies, and grant full trust to all assemblies signed with that key.

Both approaches result in performing procedure once per workstation ( updated applications will still work ). I think it can even be propagated throughout the enterprise somehow, but never did that and don't know details.

Željko Tanović  2009-03-21 16:34:41

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?