System.Security.SecurityPermission in an AppDomain in a ClickOnce deployment.


hi,

i have bootstrapper application need able launch various other "sub applications" on users machine. apps , dlls needed installed part of clickonce deployment.

the bootstrapper needs run each sub application in separate appdomain.

the whole set works fine in debug environment , running exe files on local machine. however, deploy using clickonce start security exceptions.

the actual exception included @ end of post.

my code create appdomain follows:
   appdomain appdomain = appdomain.createdomain("name", null, setup);
   appdomain.executeassemblybyname("assemblyname", null, args);
where args couple of strings, , setup has had applicationbase , configurationfile properties set.

the problem occurs in sub app try create application.threadexception handler. seems trying access unmanaged code , sub app doesn't have permissions.

the real question is, how can new appdomain have correct permissions....

some other points note:
    - if elevate .net zone security intranet apps fulltrust, problem goes away, don't want that.
    - bootstrapper application running in intranet zone well, , manages create threadexception handler without problems.

any thoughts or advice on appreciated.

many thanks,
greg




actual exception:

system.security.securityexception unhandled
  message="request permission of type 'system.security.permissions.securitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089' failed."
  source="mscorlib"
  grantedset="<permissionset class=\"system.security.permissionset\"\r\nversion=\"1\">\r\n<ipermission class=\"system.security.permissions.environmentpermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nread=\"username\"/>\r\n<ipermission class=\"system.security.permissions.filedialogpermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nunrestricted=\"true\"/>\r\n<ipermission class=\"system.security.permissions.isolatedstoragefilepermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nallowed=\"assemblyisolationbyuser\"\r\nuserquota=\"9223372036854775807\"\r\nexpiry=\"9223372036854775807\"\r\npermanent=\"true\"/>\r\n<ipermission class=\"system.security.permissions.reflectionpermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nflags=\"reflectionemit\"/>\r\n<ipermission class=\"system.security.permissions.securitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nflags=\"assertion, execution, bindingredirects\"/>\r\n<ipermission class=\"system.security.permissions.uipermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nunrestricted=\"true\"/>\r\n<ipermission class=\"system.security.permissions.siteidentitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nsite=\"localhost\"/>\r\n<ipermission class=\"system.security.permissions.strongnameidentitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\npublickeyblob=\"670d72db05e4eea7\"\r\nname=\"bb2.smartclient.bootstrapper.app\"\r\nassemblyversion=\"2.0.0.3\"/>\r\n<ipermission class=\"system.security.permissions.urlidentitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nurl=\"http://localhost/bb2_bootstrapper/bb2.smartclient.bootstrapper.application\"/>\r\n<ipermission class=\"system.security.permissions.zoneidentitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nzone=\"intranet\"/>\r\n<ipermission class=\"system.net.dnspermission, system, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nunrestricted=\"true\"/>\r\n<ipermission class=\"system.drawing.printing.printingpermission, system.drawing, version=2.0.0.0, culture=neutral, publickeytoken=b03f5f7f11d50a3a\"\r\nversion=\"1\"\r\nlevel=\"defaultprinting\"/>\r\n<ipermission class=\"system.security.permissions.mediapermission, windowsbase, version=3.0.0.0, culture=neutral, publickeytoken=31bf3856ad364e35\"\r\nversion=\"1\"\r\naudio=\"safeaudio\"\r\nvideo=\"safevideo\"\r\nimage=\"safeimage\"/>\r\n<ipermission class=\"system.security.permissions.webbrowserpermission, windowsbase, version=3.0.0.0, culture=neutral, publickeytoken=31bf3856ad364e35\"\r\nversion=\"1\"\r\nlevel=\"safe\"/>\r\n<ipermission class=\"system.net.webpermission, system, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\">\r\n<connectaccess>\r\n<uri uri=\"(http|https)://localhost/.*\"/>\r\n</connectaccess>\r\n</ipermission>\r\n</permissionset>\r\n"
  permissionstate="<permissionset class=\"system.security.permissionset\"\r\nversion=\"1\">\r\n<ipermission class=\"system.security.permissions.securitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nflags=\"controlevidence\"/>\r\n</permissionset>\r\n"
  refusedset=""
  url=""
  stacktrace:
       @ system.appdomain.get_evidence()
       @ bb2.smartclient.shell.program.main(string[] args)
       @ system.appdomain.nexecuteassembly(assembly assembly, string[] args)
       @ system.appdomain.executeassemblybyname(string assemblyname, evidence assemblysecurity, string[] args)
       @ system.appdomain.executeassemblybyname(string assemblyname, evidence assemblysecurity, string[] args)
       @ bb2.smartclient.deployment.siteapplicationmanager.runapplication(site site)
       @ bb2.smartclient.deployment.siteapplicationmanager.runapplication(string sitename)
       @ bb2.smartclient.bootstrapper.program.main()



.NET Framework  >  Common Language Runtime Internals and Architecture



Comments

Post a Comment

Popular posts from this blog

BizTalk Server 2013 Azure VM Log Shipping and HA for hosts

hi , background: for our customer, having a  2 biztalk , 1 sql setup of environment. [biztalk server 2013 azure vms provisioned azure gallery, sql server 2012 azure vm ]. in current configuration, there no high availability or disaster recovery plan set. want implement dr , possibly ha configuration on these servers. i have few questions regarding same. please let me know thoughts on same. currently writing log files (log shipping files) mounted/attached drive same sql server. how move these log files across secondary site since shared storage not supported. in case of sql server crash, losing log files since reside on same server. please share options on how can move these periodically between datacenters. for hosts pop3, ftp need host clustering (which requires biztalk machines present on windows cluster traditionally), please let know how achieve in azure scenario thanks , regards, ujjwal devarapalli -ujjwal you can refer article, issue azure vm lo...
Read more

Azure DocumentDB Owner resource does not exist

having same error microsoft.azure.documents.documentclientexception: message: {"errors":["owner resource not exist"]} , scenario. when deployed webapp azure , try document docdb throws error. docdb exists in azure , contains document looking for. weird local machine(running vs) works fine. i'm using same settings in azure , local. have , idea this. thanks Microsoft Azure  >  Azure Cosmos DB
Read more

SQL Server 2008 - High Memory Usage

hi ,   facing problem high memory usage sql server 2008. 64 bit , standard edition sp2 . 8 gb ram , 8 processors . memory usage keep on growing ..sometimes reach 7.5 gb .... , not coming down ..untill restart service... these details of dbcc memorystatus :: please suggest how overcome problem memory manager                           kb ---------------------------------------- ----------- vm reserved                              8484792 vm committed                             4220368 locked pages allocated         ...
Read more