System.Security.SecurityPermission in an AppDomain in a ClickOnce deployment.


hi,

i have bootstrapper application need able launch various other "sub applications" on users machine. apps , dlls needed installed part of clickonce deployment.

the bootstrapper needs run each sub application in separate appdomain.

the whole set works fine in debug environment , running exe files on local machine. however, deploy using clickonce start security exceptions.

the actual exception included @ end of post.

my code create appdomain follows:
   appdomain appdomain = appdomain.createdomain("name", null, setup);
   appdomain.executeassemblybyname("assemblyname", null, args);
where args couple of strings, , setup has had applicationbase , configurationfile properties set.

the problem occurs in sub app try create application.threadexception handler. seems trying access unmanaged code , sub app doesn't have permissions.

the real question is, how can new appdomain have correct permissions....

some other points note:
    - if elevate .net zone security intranet apps fulltrust, problem goes away, don't want that.
    - bootstrapper application running in intranet zone well, , manages create threadexception handler without problems.

any thoughts or advice on appreciated.

many thanks,
greg




actual exception:

system.security.securityexception unhandled
  message="request permission of type 'system.security.permissions.securitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089' failed."
  source="mscorlib"
  grantedset="<permissionset class=\"system.security.permissionset\"\r\nversion=\"1\">\r\n<ipermission class=\"system.security.permissions.environmentpermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nread=\"username\"/>\r\n<ipermission class=\"system.security.permissions.filedialogpermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nunrestricted=\"true\"/>\r\n<ipermission class=\"system.security.permissions.isolatedstoragefilepermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nallowed=\"assemblyisolationbyuser\"\r\nuserquota=\"9223372036854775807\"\r\nexpiry=\"9223372036854775807\"\r\npermanent=\"true\"/>\r\n<ipermission class=\"system.security.permissions.reflectionpermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nflags=\"reflectionemit\"/>\r\n<ipermission class=\"system.security.permissions.securitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nflags=\"assertion, execution, bindingredirects\"/>\r\n<ipermission class=\"system.security.permissions.uipermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nunrestricted=\"true\"/>\r\n<ipermission class=\"system.security.permissions.siteidentitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nsite=\"localhost\"/>\r\n<ipermission class=\"system.security.permissions.strongnameidentitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\npublickeyblob=\"670d72db05e4eea7\"\r\nname=\"bb2.smartclient.bootstrapper.app\"\r\nassemblyversion=\"2.0.0.3\"/>\r\n<ipermission class=\"system.security.permissions.urlidentitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nurl=\"http://localhost/bb2_bootstrapper/bb2.smartclient.bootstrapper.application\"/>\r\n<ipermission class=\"system.security.permissions.zoneidentitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nzone=\"intranet\"/>\r\n<ipermission class=\"system.net.dnspermission, system, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nunrestricted=\"true\"/>\r\n<ipermission class=\"system.drawing.printing.printingpermission, system.drawing, version=2.0.0.0, culture=neutral, publickeytoken=b03f5f7f11d50a3a\"\r\nversion=\"1\"\r\nlevel=\"defaultprinting\"/>\r\n<ipermission class=\"system.security.permissions.mediapermission, windowsbase, version=3.0.0.0, culture=neutral, publickeytoken=31bf3856ad364e35\"\r\nversion=\"1\"\r\naudio=\"safeaudio\"\r\nvideo=\"safevideo\"\r\nimage=\"safeimage\"/>\r\n<ipermission class=\"system.security.permissions.webbrowserpermission, windowsbase, version=3.0.0.0, culture=neutral, publickeytoken=31bf3856ad364e35\"\r\nversion=\"1\"\r\nlevel=\"safe\"/>\r\n<ipermission class=\"system.net.webpermission, system, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\">\r\n<connectaccess>\r\n<uri uri=\"(http|https)://localhost/.*\"/>\r\n</connectaccess>\r\n</ipermission>\r\n</permissionset>\r\n"
  permissionstate="<permissionset class=\"system.security.permissionset\"\r\nversion=\"1\">\r\n<ipermission class=\"system.security.permissions.securitypermission, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089\"\r\nversion=\"1\"\r\nflags=\"controlevidence\"/>\r\n</permissionset>\r\n"
  refusedset=""
  url=""
  stacktrace:
       @ system.appdomain.get_evidence()
       @ bb2.smartclient.shell.program.main(string[] args)
       @ system.appdomain.nexecuteassembly(assembly assembly, string[] args)
       @ system.appdomain.executeassemblybyname(string assemblyname, evidence assemblysecurity, string[] args)
       @ system.appdomain.executeassemblybyname(string assemblyname, evidence assemblysecurity, string[] args)
       @ bb2.smartclient.deployment.siteapplicationmanager.runapplication(site site)
       @ bb2.smartclient.deployment.siteapplicationmanager.runapplication(string sitename)
       @ bb2.smartclient.bootstrapper.program.main()



.NET Framework  >  Common Language Runtime Internals and Architecture



Comments

Post a Comment

Popular posts from this blog

Azure DocumentDB Owner resource does not exist

having same error microsoft.azure.documents.documentclientexception: message: {"errors":["owner resource not exist"]} , scenario. when deployed webapp azure , try document docdb throws error. docdb exists in azure , contains document looking for. weird local machine(running vs) works fine. i'm using same settings in azure , local. have , idea this. thanks Microsoft Azure  >  Azure Cosmos DB
Read more

job syspolicy_purge_history job fail in sqlserver 2008

Image
hello guys, when installed sqlserver,it automatically created 1 job name job syspolicy_purge_history. but failed @ step 1. the reason is: date                11/6/2010 2:00:00 am log                job history (syspolicy_purge_history) step id                1 server                mxosv-otsdb01 job name                syspolicy_purge_history step name                verify automation enabled. duration                00:00:00 sql severity                16 sql message id                34022 operator emailed                operator net sent                operator paged                retries attempted                0 message executed user: nt authority\system. policy automation turned off. [sqlstate 42000] (error 34022).  the step failed. have run statement: select msdb.dbo.fn_syspolicy_is_automation_enabled the returned valus 0. what can resolve it? or can delete job manually.   thanks in advance. if haven't things want,be
Read more

Trying to register with public marketplace error with 'Get-AzureStackStampInformation'

when trying register against public azure adfs azure stack error below. logs can found at: c:\maslogs\azurestack.azureregistration.2017-10-12.01-31-23.log  and  \\azs-ercs01\c$\maslogs error occurred checking stamp information: system.management.automation.remoteexception: term 'get-azurestackstampinformation' not recognized name of cmdlet, function, script file, or operable program. check spelling of name, or if path included, verify path correct , try again. @ c:\azurestack-tools-master\registration\registerwithazure.psm1:1106 char:5 +     throw "logs can found at: $global:azureregistrationlog  and  \ ... +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : operationstopped: (logs can fou... , try again.:string) [], runtimeexception     + fullyqualifiederrorid : logs can found at: c:\maslogs\azurestack.azureregistration.2017-10-12.01-31-23.log  a    nd  \\azs-ercs01\c$\maslogs error occurred chec
Read more