SecurtyException being thrown :(

[mattp14]

I've got a utility i'm trying to write that makes some modifications to the system registry, as well as opening a database stored on a network share.

This utility is going to be used by multiple people, and thus is going to reside on a server. Users will then browse to the server and run the app. The problem is the app throws a SecurityException when it runs. Not only for the registry editing, but also the database searching.

I'm fairly new to .NET, so I dont have a lot of experience with setting security permissions. If someone would be kind enough to walk me through a solution to this... i'd really appreciate it

P.S.
I already know how exceptions work and how to trap them with try/catch... just need to know how to fix it in the catch statement

Thanks again!!

 

[dalchri]

Try running the app from an exe locally on the computer's hard drive. If the security exception goes away then do the following:

(For XP)

1) Control Panel
2) Administrative tools
3) Microsoft .NET Framework (version number) Configuration
4) On the left hand TreeView, Runtime security policy
5) Machine
6) Code groups
7) All_Code
8) Right click on LocalIntranet_Zone and select properties
9) On the Permission Set tab, change the permission set from LocalIntranet to FullTrust

There might be a more refined way to enable only the security permissions that you require but I was not that concerned about security to look into it. This should at least give you a start.

I've not found a way to address this with code. You would need to do this to every computer that would use the network exe or install the app locally.

 

[ThatRickGuy]

You can also use the .Net wizards also located in the admin tools folder to increase security for a specific application.

Another option is to use either a touchless (no-touch) deployment setup, or a self updating application. I think Chrissie has some code for self updating.

-Rick

----------------------
If you're about to post an ASP.Net question,
please don't do it in the VB.Net forum

http://www.ringdev.com

I believe in killer coding ninja monkeys.

 

[mattp14]

Hmm. What do you mean by self updating Rick? And where did you say that code was? (Yes, running it locally works, Dalchi). I'd like to stay away from running it locally (that will decrease robustness, but works for now as a workaround), as well as including a set up program for the same reason.

Thanks for the replies.

 

[ThatRickGuy]

By self updating I mean that when you execute the assembly, it first checks a network location for a newer version of itself, copies it local, and runs that code. Chrissie, one of the forum members here mentioned working with it a few weeks back. He's on the far side of the pond, so it may be a while before he logs on.

-Rick

----------------------
If you're about to post an ASP.Net question,
please don't do it in the VB.Net forum

http://www.ringdev.com

I believe in killer coding ninja monkeys.

 

[mattp14]

Hmm. That's interesting... but wouldnt it throw another exception when it tried to copy the file locally?

It seems like there's got to be a way where I can correct the error programmatically... this is a big issue with the .NET framework in my mind if not. Even if I have to give it a username/password... there's got to be a way.

Anyone else have any ideas?

 

[ThatRickGuy]

It seems like there's got to be a way where I can correct the error programmatically...

Nope, not so far as I know that is. Imagine if you could. Someone could write a malicious app and stick it on a web page. By default, security is dialed down for internet apps, but if the coder could alter the security for the app from with in the app, your security settings would be worthless.

-Rick

----------------------
If you're about to post an ASP.Net question,
please don't do it in the VB.Net forum

http://www.ringdev.com

I believe in killer coding ninja monkeys.

 

[mattp14]

Yes I agree... but i'm talking about providing a name and password. That wouldnt be compromising security...

 

[mattp14]

Anyone have any thoughts?

 

[ThatRickGuy]

Yup, but not for what you are trying to do via code.

1)Alter the security settings on the PCs
2)Use a touchless deployment system
3)Use a selfupdating application

-Rick

----------------------
If you're about to post an ASP.Net question,
please don't do it in the VB.Net forum

http://www.ringdev.com

I believe in killer coding ninja monkeys.

 

[mattp14]

I may have to look into the touchless deployment idea... but I dont see how I could even implement a self updating version. I doubt it would let me copy a file with the level of security that's being afforded to my app.

It won't even let me do an Application.Exit() when it's not on the local machine!! That just can't be right...

 

[ThatRickGuy]

With a self updating app, it would be run locally. So security wouldn't be an issue.

It won't even let me do an Application.Exit() when it's not on the local machine!! That just can't be right...

Check the security settings. If you are set to give 0 access to an intranet application and haven't set the security for that specific app, then it shouldn't have access to do much of anything.

-Rick

----------------------
If you're about to post an ASP.Net question,
please don't do it in the VB.Net forum

http://www.ringdev.com

I believe in killer coding ninja monkeys.

 

[mattp14]

Is that something that can be changed by the program at runtime? Obviously that would be a security flaw if it could just give itself permissions to do anything... but perhaps with a username/pass of an account with administrator access?

Thanks for the replies Rick... your input is much appreciated!