tags:

views:

404

answers:

3
+3  Q: 

SecurityException thrown when app starts from remote folder

I have an app written in C# that lies on a network share. When I run it from a local drive, everything works fine. When I start it from the remote share, calls like

try
{
    System.Reflection.Assembly.GetExecutingAssembly();
    System.IO.Directory.GetCurrentDirectory();
}

throw a SecurityException 'Request failed'.

What causes this, what is the difference between an app that is started locally and one that is started from a remote location?

+5  A: 

This is due to CAS; code started from the local machine has much more trust than code in the intranet, which in turn has more trust that code from the internet.

IIRC, with the latest SP (3.5SP1?) if you have mapped the share (i.e. as F:) it is trusted; otherwise you will need to either:

a: apply a caspol change to all clients (yeuck)

b: use ClickOnce to deploy the app, and run the .application instead (yay!)

The point is that ClickOnce allows you to sign the app and state your security policy (even if you demand full trust).

Marc Gravell  2008-10-07 08:22:39
Thanks! The app should only be used from one or two clients on the network, so I think I will use the caspol approach. I just don't know if I should consider is a bug, or feature...
Treb  2008-10-07 08:31:53
Microsoft considers it a feature. The rest of us consider it a PITA.
Robert P  2008-12-16 17:14:51
+2  A: 

Because your application is starting on a shared drive, different execution security policies applies.

This implies to learn how .NET Code Access Security is working.

http://msdn.microsoft.com/en-us/library/aa302422.aspx

A quick and dirty solution consists to go to .NET Framework Configuration, unfold RunTime Security Policy, unfold Machine, then Code Groups, then LocalIntranet Zone, do right click on it, choose Properties, then change Permission Set to FullTrust.

This will allow applications in the intranet zone (including application which runs from the shared network) to run as full trusted.

This is definitely not the recommended way to do. The best would be to learn how .NET Code Access Security is working and to apply a specific security policy depending on your application needs.

For example, you can give a strong name with your application by signing it, define a new code group with the public key and apply full trusted permission on that code group. Then you may sign all "approved" application with this same public key, so the same Code Access Security policy applies.

controlbreak  2008-10-07 08:36:14
+1  A: 

They changed this to some degree in .Net Framework 3.5 SP1. See .NET 3.5 SP1 Runs Managed Applications From Network Shares

Mufasa  2008-10-07 20:49:01
Thanks for the tip!Now all I need to do is convince our sysadmin to upgrade to SP1. (Well, maybe converting the app into unmanaged Delphi code would be faster... *sigh*)
Treb  2008-10-08 09:26:46

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?