I have written a managed AddIn for Outlook 2007, and am now tasked with porting it to 2003. The addin downloads DLLs into the local user profile folder, then reflectively loads them for execution. This all works just fine in Outlook 2003, even with Click-once deployment. The issue Im experiencing is that the AppDomain does not have Exec...
We are intermittently seeing the following exception shortly after an App Pool recycle in an ASP.NET application: System.Configuration.ConfigurationErrorsException: Could not load file or assembly 'Microsoft.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant permission to execute....
I have a managed dll – repro.dll, which contains class TestModuleCommand decorated with 2 attributes: System.ObsoleteAttribute and System.Management.Automation.CmdletAttribute (comes from System.Management.Automation.dll which is in the GAC in Windows 7) namespace Test { [System.Obsolete] [System.Manageme...
When do I actually need to decorate my methods with the SharePointPermission attribute? I've come across some code samples that have them and some that don't. ...
How useful is partial trust configuration in ASP.NET environment? If I have my own server, which I fully administratively control, setting up partial trust is only useful in types of attacks which somehow manage to upload and execute malicious code, but are not able to touch web.config to raise the trust level. Are such attacks possible?...
Is there a simple utility/GUI application for generating CASPOL commands? ...
In a WPF application, I load in xaml files with the xamlreader by finding the current directory like this: public static string GetApplicationDirectory() { return System.IO.Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); } so I can read in a .xaml file by getting its absolute path like this: string pathAndFileNam...
I have some code which needs to run under medium trust but doesn't. I've used permcalc in the past but it is rather painful to get the output and compare it to the medium trust definition. What I would really like is a tool which does the analysis for me and just outputs a list of things I need to address. Does such a tool exist? I...
I've seen a couple threads here on SO that ask about what CAS is and how to use it.My specific is specifically focused on real-world usages of CAS. For example: DotNetNuke did some efforts in the past to be able to run under Medium Trust: is that still true? what is the % of DNN that run in partial trust (i.e. not full trust)? what &...
I've been working on understanding Code Access Security and I was hoping somebody might be able to explain to me this behavior and why it requires added permissions. Say I have two extension methods public static string dib(this string source) { return souce.dob(); } public static string dob(this string source) { ...
I've heard that Code Access Security is changing completely under .NET Framework 4. Can anyone confirm how this will now work, and what the implications will be for legacy applications? ...
I've got a product that ships as a zip file. I'd like to add some security to it or perhaps a password or license key to deter unauthorized trading of the file. Any tips? ...
Hi, What are the CAS policy requirements to call the method Page.TemplateControl.ParseControl as referenced here? http://msdn.microsoft.com/en-us/library/kz3ffe28(loband).aspx Specifically, in SharePoint I've tried to call the method in a Minimum-trust environment, but get this error on the page: Request for the permission of type ...
I write in-house software for a company. I always want to leverage OOP techniques as best as I can. In this thinking, I want to create a Data Access Layer (DAL) isolated in its own .DLL. What can I do to limit the access of the DAL DLL to only my business logic layer DLL? The last thing I need is someone in the company with a littl...
Background I have a post-build event which I use to generate some batch files which contain the current version number of our application. The event calls a batch file, which calls a managed app which loads the assembly and uses reflection to find its version information. Problem When the post-build event runs locally, every is fine. ...
Assume a .NET class library code that, for example, writes to the Windows registry. Then this code has problem to run over internet, because default Internet policy does not give access to write to the registry. By adding a RequestMinimum statement in the assembly we can specify that the code requires permission to write to write to the...
I'm creating a Windows app that automatically updates itself. I'm not using ClickOnce for a variety of reasons. When I try to File.Move() my updated files to C:\Program Files on Windows 7, I get the following error: Access to the path 'C:\Program Files\<company>\<app>\<app.exe>' is denied. I am not given a UAC prompt. The exe that I am...
Hi, we have a VSTO outlook add-in we'd like to silently deploy to everyone via AD. I'm signing the App with a "Code signing" certificate (requested certmgr from AD). If I add this certificate to my Trusted Publishers, then I can silently install the signed app via the VSTOInstaller.exe (with the /S switch). We don't want to have to in...
In .NET 4 Code Access Security (CAS) is deprecated. Whenever you call a method that implicitly uses it, it fails with a NotSupportedException, that can be resolved with a configuration switch that makes it fall back to the old behavior. We have a common library that's used in both .NET 3.5 and .NET 4, so we need to be able to tell wheth...
Hello! Studying MS Exam 70-536 .Net Foundation I've got to Chapter 11 Application Security and in the end of a lesson there is a practice to add code group with .Net Configuration Tool and change it with caspol. After adding new code group with config tool I've tried to run caspol -lg but new group was not listed... ...