'UnauthorizedAccessException' - 'Global\.net clr networking'

Question

I'm testing my application under the user Guest. It crashes with the following error.

'UnauthorizedAccessException' - 'Global.net clr networking'

Now, I know I can edit the security policy on the machine to allow CLR code running under guest to be trusted, but what should one do on a commercial app?

(Sign, and add CAS attributes?) I'm currently reading the whole security section, but I'm in a time pinch, so any pointers in the right direction will be appreciated.

EDIT: I've traced the problem to using the class Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase. If this is included, the error appears. I'm looking for something to add to the manifest or some other way so that when the application is installed/run, it will ask for the appropriate permissions. I don't want to have to ask the user to personally call caspol or some other tool.

Environment Details: - App is using .NET 3.0 - OS is Vista

Here's the relevant stack trace for those into these things:

Unhandled Exception: System.UnauthorizedAccessException: Access to the path 'Glo
bal\.net clr networking' is denied.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.Threading.Mutex.<>c__DisplayClass3.<.ctor>b__0(Object userData)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCl
eanup(TryCode code, CleanupCode backoutCode, Object userData)
   at System.Threading.Mutex..ctor(Boolean initiallyOwned, String name, Boolean&
 createdNew, MutexSecurity mutexSecurity)
   at System.Diagnostics.SharedUtils.EnterMutexWithoutGlobal(String mutexName, M
utex& mutex)
   at System.Diagnostics.SharedPerformanceCounter.Verify(CategoryEntry* currentC
ategoryPointer)
   at System.Diagnostics.SharedPerformanceCounter.FindCategory(CategoryEntry** r
eturnCategoryPointerReference)
   at System.Diagnostics.SharedPerformanceCounter.GetCounter(String counterName,
 String instanceName, Boolean enableReuse, PerformanceCounterInstanceLifetime li
fetime)
   at System.Diagnostics.SharedPerformanceCounter..ctor(String catName, String c
ounterName, String instanceName, PerformanceCounterInstanceLifetime lifetime)
   at System.Diagnostics.PerformanceCounter.Initialize()
   at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
   at System.Net.NetworkingPerfCounters.Initialize()
   at System.Net.Configuration.SettingsSectionInternal..ctor(SettingsSection sec
tion)
   at System.Net.Configuration.SettingsSectionInternal.get_Section()
   at System.Net.Sockets.Socket.InitializeSockets()
   at System.Net.Sockets.Socket.get_SupportsIPv4()
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.get_
HostName()
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Regi
sterChannel(Boolean SecureChannel)
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(
String[] commandLine)

Answer 1

From what I understand, this happens because the Guest account has some very odd permissions assigned to it. This is not an error that says you cannot use networking - basic networking is still available under partial trust.

This error happens because the CLR cannot access one of its own performance counters, which is used during networking operations. This problem should not occur with other user accounts - do you specifically need to use Guest? A normal limited user account should work just fine. The Guest account is known to have many issues with access rights in relation to .NET - the account is rarely used in practice and few things are ever tested on it.

Regarding code access security, it does not matter which user you run code under - CAS permissions are the same for all users, by default. The trust level is determined by the location of the executable - running something installed on the local machine grants it full trust, running from other locations grants partial trust (see Code Groups in .NET Framework Configuration).

Answer 2

You could try strong naming your assemblies then granting them full trust via CASPOL, using

caspol -fulltrust assemblyName

But as Sander says the Guest account isn't a real account, it's not one that normally logs in, and has very strict restrictions placed upon it.

Answer 3

Is it possible to add this to your app.config file?

<configuration>
   <system.net>
      <settings>
         <performanceCounters enabled="false" />
      </settings>
   </system.net>
</configuration>

This will direct the networking classes to not try to create performance counters which doesn't work under the Guest account.

The above setting shsould work in .NET Framework 4 and higher but due to a bug fails in in earlier versions.

Answer 4

Yowza. Found it in Microsoft Connect. It's a bug fixed in .NET 4.0

https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=387419

Thanks everyone for your help!