I'm executing my .NET app from a network share. Since framework 3.5 SP1, and as explained here: http://blogs.msdn.com/shawnfa/archive/2008/05/12/fulltrust-on-the-localintranet.aspx, the main exe and all the DLLs located in the same folder (but not subfolders) are granted with FullTrust security policy. My problem is that I have subfold...
I created an assembly containing WCF service code and dropped into another web project. When I try to invoke a service method, I get the following inner exception: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Why th...
Hi, I have an [AllowPartiallyTrustedCallers] class library containing subtypes of the System.DataAnnotations.ValidationAttribute. The library is used on contract types of WCF services. In .NET 2/3.5, this worked fine. Since .NET 4.0 however, running a client of the service in the Visual Studio debugger results in the exception "Inherit...
I am a .NET student and currently we are learning about Application Domains. We were given the following example code (for .NET 3.5). As expected, it throws a SecurityException. Note: TestApp.exe is added as a reference in the project. Dim file As String = "TestApp.exe" Dim hostEvidence As Object() = {New Zone(SecurityZone.Internet)} Di...
When trying to execute a .NET-App, it throws a "PolicyException", because "only one group is allowed". The tool should list existing settings, and allow to delete selected settings. Using caspol to list is not helpful, it is cruel. I've seen there is a simple gui-frontend, which allows to define NEW settings, but it does not allow to li...
So after a few hours of workaround the limitation of Reflection being currently disabled on the Google App Engine, I was wondering if someone could help me understand why object reflection can be a threat. Is it because I can inspect the private variables of a class or are there any other deeper reasons? ...
I'm doing a SP 2007 custom timer job on Windows Server 2003 (in Virtual Machine) that runs as user mossservice. mossservice is a member of Farm Administrator. I granted the user mossservice as member of Administrator in Active Directory. Still same problem. [SharePointPermission(SecurityAction.LinkDemand, ObjectModel = true)] publ...
Has anyone seen Jurrassic Park where Dennis Nedry has protected the system with an animation that says 'You didn't say the magic word' where after the system goes down. Is it possible to do something similar ikn Python ? To describe it less humoristic: A response screen which waits for a condition fulfilled by the user. And encrypts ...
Hi, I have written a POS application, and now i want to create different versions of it. Something like a basic version, a premium version and a Full version. So if a client pays more they get more features in the same application. Is it possible that i could keep one standard application but features in my application get enabled / dis...
I want to protect my applications from reverse engineering. What I would like to do is protect the executable from any tampering, such as with hex editors, resource editors, and dis-assembly tampering. My idea is to have the application check the hash value of itself against an imported value in a version file from the service server (...
I created my custom assembly that has a simple HttpModule in it that I'd like to use in my Sharepojnt 2010 site. I added my module to sharepoint site's web.config/system.webServer/modules section. I then also copied my DLL directly to bin folder since that's how suual asp.net applications work. I got an exception about failed AspNetHos...
I have an application in .NET 4 that uses MEF for extensibility. My main application has three assemblies: Host, Application and Contracts. Host is the "boot-strapping" executable that creates the container and does the composition. Application contains the logic of my application, and more extension points for 3rd parties. Contracts...
Is it possible to prevent any unauthorised user to access code or application in desktop application like any web application? Thanks in advance. ...
Hi, I'm having trouble with the new .NET 4 security-transparent code, level 2. I'm upgrading my ASP.NET 3.5 web application which uses XSLT with Extension Objects. In .NET 4 the transform causes a SecurityException, after lots of research it appears this exception has to do with the new transparent code, level 2. As a fix I now have t...
I have this webservice at work. For that webservice our department have developed a client to consume the webservice. What we want to prevent is, that they develop any other client to consume it. Is there any algorithm, practice that we can improve in our client and webservice communication to validate that the consuming client is our...
I've created the following attribute: [Serializable] [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)] public class OperationPermissionAttribute : CodeAccessSecurityAttribute { private static PrincipalPermission _revoke = new PrincipalPermission(PermissionState.None); priv...
My application loads a lot of different plugin assemblies. Each plugin can add their own services into the IoC container and can also use all services provided by the main application. I'm moving from a home brewn security solution to use CAS (PrincipalPermissionAttribute and an own one derived from CodeAccessSecurityAttribute). Can I ...
I have a C# 4.0 Winform app that I just upgraded from 3.5 to 4.0. The C# 4.0 Winforms app references a C# 3.5 dll that will load a series of dlls from network paths based off of user selections and then create/invoke the dlls using System.Reflection. Everything worked just fine when the application was set to use 3.5 as the target fram...
I have a wordpress theme that I support and upgrade frequently. It contains a built in upgrader routine that takes a zip file containing the updated files and extracts to the theme directory, overwriting the old files. I'd like to add a license verification routine to this upgrader routine that asks for the users's email address and pa...
I'm using Visual Studio 2008 on my local PC. My Code kept on network Drive. when i am trying to run it from my local machine i am getting below security exception.is there anyway i can Grant Permissions to network folder? *Security Exception Description: The application attempted to perform an operation not allowed by the security poli...