|
System.Security.Permissions.FileIOPermission
Hello,
This seems to be a common question, but all the posts I see do not have a clear answer. Here's an excerpt of my WebPart code: ************ Imports System.IO Dim oFS As FileStream oFS = File.Open([PermPath], FileMode.Open) If Err.Number > 0 Then ... ************ It compiles fine. The only way I can get this to work is by modifying the web.config file ************ <trust level="Full" originUrl="" /> ************ EVERYTHING ELSE I TRIED DID NOT WORK, AS STATED BELOW: I tried asserting permissions, but this seems undesirable, and it doesn't work without trust level= "full" I would hope the .Net security wouldn't allow coders to automatically bypass security, as I think this is what happens here. ******************* Dim f As System.Security.Permissions.FileIOPermission f = New System.Security.Permissions.FileIOPermission(Secur ity.Permissions.Permission State.Unrestricted) f.AddPathList(Security.Permissions.FileIOPermissio nAccess.Read, [PermPath]) f.Assert() ******************* I tried modifying the wss_mediumtrust.config policy file removing the Flags attribute and adding the Unrestricted attribute (I'm guessing this was the att name) I believe this is undesirable too, since it opens a gaping security hole. *********************** <IPermission class="SecurityPermission" version="1" Unrestricted = "true" /> *********************** I saw another suggestion to use WPPackager and add the IPermission for the web part package. That sounds like the proper way. My questions are: 1. How do I allow my Web part to have file access, without setting the trust level to "full?" 2. Is the WPPackager the proper way to grant file access to this individual web part? Thanks, Eric |
RE: System.Security.Permissions.FileIOPermission
Hey Eric,
You definitely do NOT want to make the SecurityPermission unrestricted. That has no effect at all on the FileIOPermission, which is what you really want to fix, but what it does do is grant all *sorts* of scary permissions (like ControlPolicy, which allows you to set SecurityManager.SecurityEnabled=false and turn off all of CAS!) You have a couple of choices: you can either move your functionality into an assembly in the GAC (where it will be fully trusted) and mark your assembly with the AllowPartiallyTrustedCallers attribute, or you can change policy like you were suggesting by adding an element for FileIOPermission, either making it unrestricted or (even better) specifying the exact directory and permission level you need to grant. Keith Brown, MVP http://www.pluralsight.com |
Re: System.Security.Permissions.FileIOPermission
Hi Keith,
Thanks for your help! I tried adding an IPermission element for FileIOPermission, right under the existing one in the wss_mediumtrust.config: <IPermission class="FileIOPermission" version="1" Read="G:\SpecialDir" PathDiscovery="G:\SpecialDir" /> When I try to read g:\specialdir\test.txt, I receive the following error: The HelloWorldApp, Version=1.0.0.1, Culture=neutral, PublicKeyToken=dc2757a2b56c5017 assembly specified in a Register directive of this page could not be found Any suggestions? Eric "Keith Brown" <Keith Brown@discussions.microsoft.com> wrote in message news:7CB11EAB-D2CE-4306-8BC2-2208083725C2@microsoft.com... > Hey Eric, > > You definitely do NOT want to make the SecurityPermission unrestricted. That has no effect at all on the FileIOPermission, which is what you really want to fix, but what it does do is grant all *sorts* of scary permissions (like ControlPolicy, which allows you to set SecurityManager.SecurityEnabled=false and turn off all of CAS!) > > You have a couple of choices: you can either move your functionality into an assembly in the GAC (where it will be fully trusted) and mark your assembly with the AllowPartiallyTrustedCallers attribute, or you can change policy like you were suggesting by adding an element for FileIOPermission, either making it unrestricted or (even better) specifying the exact directory and permission level you need to grant. > > Keith Brown, MVP > http://www.pluralsight.com |
| All times are GMT. The time now is 04:58 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.