|
Yes, you can enumerate the code groups. You can enumerate the SecurityManager.PolicyHierarchy to get the right policy (like Machine), then enumerate the code groups underneath that. I do it in are installer for our touchless-deployment app (well, not completely touchless since a one-time installation is required). You can further add code groups using this mechanism, but you should at least prompt the user. Companies and savvy users don't like you messing with security unless it's clear that you are and why you are messing with security.
Really, though - if both of these applications are managed applications, you should consider another approach. If you don't mind that one "process" runs within the first, you can create a new managed AppDomain and load the assembly that contains the entry point Main from the second application using AppDomain.ExecuteAssembly . You can either pass your current AppDomain 's evidence, or gather host and assembly evidence for the new AppDomain and pass that to ExecuteAssembly . If the executable does not have the necessary permissions, a SecurityException is thrown at that time.
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
Thanks Heath -
I hate to ask but given that I am a total noob at this - can you provide (or point me to) a more specific example of enumerating the PolicyHierarchy and searching for specific groups? I am unable to actually resolve specific group names or at least cannot figure out how to.
Right now I have:
IEnumerator levels = SecurityManager.PolicyHierarchy();
while(levels.MoveNext())
{
PolicyLevel pl = (PolicyLevel)levels.Current;
Console.WriteLine("Policy Level: {0}", pl.Label);
}
Which prints:
Policy Level: Enterprise
Policy Level: Machine
Policy Level: User
I see a method in there called ResolveMatchingCodeGroups() but it wants an "evidence" and no matter what I try in the Evidence object it always returns the same things, something like:
All_Code
All_Code
All_Code
I want to check if "MyCustomCodeGroup" exists. It is located here:
- Runtime Security Policy
- Machine
- Code Groups
- All_Code
- LocalIntranet_Zone
- MyCustomCodeGroup
The membership condition type is "URL" and the URL is "file://MyServer/*".
The permission set on this group is FullTrust.
As for the other part of your reply - The appdomain/assembly stuff is complete greek to me. I will have to learn more about it. However I would say that the local exe calls remote exe's. The remote exe's can be managed code but also they can be .cmd/.bat files or even .msi, or .exe (C++ apps).
Thanks for your help,
Ian
|
|
|
|
|
Ahh I figured it out finally
|
|
|
|
|
The important thing is not the name of the code group, but that the permission set assigned to the code group is sufficient to run your code. What if someone changed the name of the code group or created their own? It's the CodeGroup.PolicyStatement - or rather the PermissionSet that the PolicyStatement contains - that is important.
Instead of checking that, though - as there would be much more to do - you could get the evidence for your new assembly and compare that against the CodeGroup.MembershipCondition to see if they match.
As far as launching any executables besides .NET assemblies, code access security doesn't really matter except for the ability to access that file on whatever media it resides. Your application that launches that application must have permissions to access that resource (read access, in order to launch it). It is your application that must have it, so if you want to determine whether or not you can before you launch it, you should create a FileIOPermission with the path to the resource and in a try/catch call Assert . If no exception is thrown, you can go ahead and launch the executable. Catch any SecurityException that is thrown and display and error, log it, or whatever.
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
Thanks again,
I think I have this working to my satisfaction (for the time being at least - till I figure out more of how all this works).
What I do is enumerate down to the groups below LocalIntranet_Zone and look for MyCustomAccess. Then I also check that it is type URL and points to the appropriate share location. I also check that it has FullTrust permission set.
Here's my next problem:
If I do NOT find the proper code group with proper permissions, I want to add one. I have seen many examples in various places. Every example creates a new code group at the same level as LocalIntranet_Zone (siblings(?)). I want to create a new group that is a child of LocalIntranet_Zone. While I haven't keyed in the examples, I assume they work. The issue I have is when I call SecurityManager.SavePolicy() - it does not actually get saved, even though the group was added or at least seems to have been added.
Here is my code: can you tell me what is wrong? Why doesn't it save?
<br />
static bool addCodeGroup() <br />
{<br />
<br />
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();<br />
<br />
while (policyEnumerator.MoveNext()) <br />
{ <br />
<br />
PolicyLevel machineLevel = (PolicyLevel)policyEnumerator.Current;<br />
<br />
if (machineLevel.Label == "Machine") <br />
{<br />
IEnumerator ie_MachineLevelGroups = machineLevel.RootCodeGroup.Children.GetEnumerator();<br />
<br />
while (ie_MachineLevelGroups.MoveNext()) <br />
{<br />
<br />
CodeGroup machineLevelGroup = (CodeGroup)ie_MachineLevelGroups.Current;<br />
<br />
if (machineLevelGroup.Name == "LocalIntranet_Zone") <br />
{<br />
<br />
PermissionSet permSet1 = new NamedPermissionSet("FullTrust");<br />
IMembershipCondition membership1 = new UrlMembershipCondition("file://wstltest/*");<br />
PolicyStatement policy1 = new PolicyStatement(permSet1);<br />
CodeGroup codeGroup1 = new UnionCodeGroup(membership1, policy1);<br />
codeGroup1.Name = "WSTLTEST_ACCESS";<br />
machineLevelGroup.AddChild(codeGroup1);<br />
SecurityManager.SavePolicy();<br />
<br />
<br />
}
<br />
}
<br />
}
<br />
<br />
}
<br />
<br />
return true;<br />
<br />
}
|
|
|
|
|
While the reference is correct for the machinePolicy object you use, try SecurityManager.SavePolicyLevel(machinePolicy); . I use this in our installer with no problems.
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
Thanks Heath, but still not working -
Where would I add SecurityManager.SavePolicyLevel(machineLevel) call?
I tried adding it just before SavePolicy() call...
Just after SavePolicy() call...
In place of SavePolicy() call...
Still doesn't save the machine policy.
|
|
|
|
|
Compare it with this...which works:
NamedPermissionSet namedPS = new NamedPermissionSet("FullTrust");
PolicyStatement ps = new PolicyStatement(namedPS);
ps.Attributes = PolicyStatementAttribute.Exclusive;
string url = "http://www.dummycorp.com";
UrlMembershipCondition condition = new UrlMembershipCondition(url);
UnionCodeGroup proplanner = new UnionCodeGroup(condition, ps);
proplanner.Name = "MyCodeGroup";
proplanner.Description = "Allows fully-trusted access to the URL.";
PolicyLevel machine = null;
IEnumerator ie = SecurityManager.PolicyHierarchy();
while (ie.MoveNext())
if (String.Compare(((PolicyLevel)ie.Current).Label, "Machine", true) == 0)
machine = (PolicyLevel)ie.Current;
if (machine == null)
throw new InstallException("Unable to find the Machine policy level.");
bool exists = false;
foreach (CodeGroup group in machine.RootCodeGroup.Children)
{
if (proplanner.Equals(group))
{
exists = true;
break;
}
}
if (!exists)
{
machine.RootCodeGroup.AddChild(proplanner);
SecurityManager.SavePolicyLevel(machine);
}
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
Hi there
I am having problems with loading my app at windows startup.
When i load my app by clicking on it, it works fine
but when i load it on windows startup, by adding a registry key in
HKLM\Software\Current Machine\Microsoft\Windows\Current Version\Run
it gives errors, the errors are of my files that i load when my app starts.
i have an xml file that i load when my app starts
that xml file has the location of my database file.
for now i store my db file where my app's executable is.
The code for my class :
using System;
using System.Xml;
using System.Xml.XPath;
namespace Scheduler
{
public class SettingsXml
{
XmlDocument doc = new XmlDocument();
public SettingsXml()
{
doc.Load("scheduler.xml");
}
public string DBPath()
{
string xstr = "/Scheduler/Configurations/DbPath";
XmlNode xnode = doc.SelectSingleNode(xstr);
return xnode.InnerText;
}
}
}
when the app loads at win startup it looks for my "scheduler.xml" file
in "c:\scheduler.xml" rather then the place i have told it to!
I fixed the "scheduler.xml" file's location problem by doing this:
doc.Load(System.Windows.Forms.Application.StartupPath + "/scheduler.xml");
It worked.
But still in my xml file the path of my db file is "scheduler.mdb"
now what do i do for this?
cause when i distribute my app it has to have some default place to place my db file.
What is the problem here?
VisionTec
|
|
|
|
|
visiontec wrote:
doc.Load("scheduler.xml"); // this means that this file // is where the app's .exe is
Unfortunately, no it doesn't. The file is tried in the current directory. The only reason why that works in your testing is because you launched the EXE from the folder by double clicking on it, thereby the current directory is the folder you double-clicked in.
When you launched the EXE from the Run key, the current directory is C:\, or one of the Windows directories, depending on what's going on. Your app is being launched with the full path to the EXE, but that doesn't make it the current directory.
To get around this problem, best-practice would be to code full path names into your app, but NOT hard-coded paths. Use configurable paths like:
StreamWriter sw = New StreamWriter(datapath + "\scheduler.txt");
You could also set the current directory when your app starts by using
Environment.CurrentDirectory = datapath;
But, best practice is to assume nothing! Don't assume that because you set the CurrentDirectory, that it is going to stay there!
EDIT:
Whoops! I supplied the code examples in VB, not C#. Rewrote for C# examples.
RageInTheMachine9532
|
|
|
|
|
Imagine this - I have two controls, one is simple usercontrol and the other is derived from System.Windows.Forms.Form.
Does any these controls have client area size different than the usual size of the control (Height and Width properties) ? Like - a form has a thick border around it, is the width of the border added to the Height property of the control ? Or when a usercontrol has a 3d border ?
I've heared a lot about nonclient area and stuff like that, where could I get more information about that ?
Regards, Desmond
|
|
|
|
|
The client area - which .NET exposes through common properties - does not include the border or the caption area. You can find more information about client and non-client areas in the Platform SDK at http://msdn.microsoft.com/library[^]. Look for the user interface section and find the Windows Controls and Windows Management API sections.
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
is there a way i can get one of my programs to load when the ie explorer loads and when there is no explorer open to unload
thanks
chad
|
|
|
|
|
What do you mean exactly? You just want your app to start when iexplore.exe starts? A tried-and-true method would be to create a BHO (browser helper object) that simply executes your app, optionally passing a reference to the IWebBrowser2 interface or something similar.
You can find more about BHOs at http://msdn.microsoft.com/library/en-us/dnwebgen/html/bho.asp[^].
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
ok how do i build a bho is csharp or do i have to use c++
thanks
chad
|
|
|
|
|
You can use C#, but you'll have to redeclare a bunch of interfaces and structs. You'd be better off writing it in C++ because it'll save you a lot of extra work since the interfaces and everything else you need are already defined in the headers mentioned in the documentation.
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
I have built my remotable object type (inherits from MarshalByRef). I have built my listener app, and a client app that instanciates the remotable type through the listener. All the examples I've seen online, including several on MSDN and a few on CP have done this.
My problem is that I want the host (listener) to instanciate the remotable type, then I want the client to modify that instance...and to be honest, I simply don't know how to do this.
If anyone can give me a quickie example or just point me in the right direction, I'd be very grateful.
---------------------------
He who knows that enough is enough will always
have enough.
-Lao Tsu
|
|
|
|
|
You should use a server-activated type - either a singleton or a single call object. If you want to learn more information about remoting, see http://www.ingorammer.com[^] and buy his book. It's presumed to be the best. Another good book is from MS Press[^] and is called "Microsoft .NET Remoting". And never forget to check the .NET Framework SDK[^]. Many examples are included in the documentation and related topics.
There's also other ways to create your object and get a reference to it using RemotingServices . .NET Remoting is a complicated technology and you should read about it.
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
Hi! Guys,
I am a learner and new to .NET Technologies. I am creating a small application and want to include a facility for Backup.
The problem is, how to create a wizard which will guide the user for creating backup of database. Like, it will ask for path to store backup, other filteration criteria for data to take backup etc.
One approach can be to create a frame for each step and display them as per the user's choice (Back / Next).
Is this approach proper? What are the other possible ways?
Please, send in your suggestions and / or comments regarding this problem.
Thanking you,
Ritesh.
|
|
|
|
|
The most common method is to use a form and swap controls. If you've done any decent Win32 programming with the provided property sheet interfaces, you could design your classes like that, so that each page can tell their parent what they support.
You should search CodeProject using the Search text box at the top, and even this forum using the "Search comments" link directly above the message area. This has been covered many times in the past and many solutions have been discussed.
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
riteshsompura@yahoo.com wrote:
The problem is, how to create a wizard which will guide the user for creating backup of database. Like, it will ask for path to store backup, other filteration criteria for data to take backup etc.
Read the following article: TSWizard - a wizard framework for .NET[^]
- Nick Parker My Blog
|
|
|
|
|
Hi
I need to put a animation into my app, but I was wonderind what it's better use single frames and swap them with a timer or use a gif or avi directly (it's possible with .NET?)
Thanks
----
hxxbin
|
|
|
|
|
Depends on the quality of the animation and whether or not you want to require additional dependencies.
You could use a PictureBox to show an animated GIF, but GIFs only display 256 colors and don't support an alpha channel.
If you want to display an AVI or other video file, you could host the Windows Media Player control and hide its UI. Windows also contains an older version of this control but you may have problems finding information about it.
Another option is to use DirectX, for which there is now a managed runtime (aptly named Managed DirectX (9.0b)).
Finally, you could always use a timer and loop frames (basically what a GIF does). You can use a higher quality image this way, but your FPS are limited by the relatively low resolution of the timer classes in the .NET Framework.
Again, it all depends on what you want and how many dependencies you're willing to require.
Microsoft MVP, Visual C#
My Articles
|
|
|
|
|
The animation is little, but needs 24-bits color and alpha. I think I'll use the timer cuz I don't know how to use DirectX, I imagine that with DirectDraw2D I could do it, but I don't know how, you know some good info about??.
Thanks
----
hxxbin
|
|
|
|
|