[SecurityException: That assembly does not allow partially trusted callers.]
Framework.CSLA.DataPortal..cctor() in DataPortal.cs:229
I'm afraid CSLA requires full trust. This is because it uses reflection, the BinaryFormatter (serialization) and optionally uses both Remoting and Enterprise Services. All these technologies require highly elevated trust - often FullTrust.
Making a verison of CSLA that works in partial trust would mean gutting most of the framework's core features...
I would like to run my application on an application server at our IT headoffice - I would like users to use the system via 'terminal service' - (i.e users would login to a remote desktop environment). Would this pose a problrm for CSLA??
Thanks
Bonio
From: Bonio [mailto:cslanet@lhotka.net]
Sent: Monday, August 07, 2006 6:46 AM
To: rocky@lhotka.net
Subject: Re: [CSLA .NET] CSLA In a Hosted EnvironmentI would like to run my application on an application server at our IT headoffice - I would like users to use the system via 'terminal service' - (i.e users would like in to a remote desktop environment). Would this pose a problrm for CSLA??
Thanks
Bonio
From: HarvSather [mailto:cslanet@lhotka.net]
Sent: Tuesday, August 08, 2006 9:33 PM
To: rocky@lhotka.net
Subject: Re: [CSLA .NET] CSLA In a Hosted EnvironmentThis article may be of some help
Moving from Full Trust to partial trust with Code Access Security
This is a general .NET issue – network drives are
considered part of the Intranet zone, not the local computer, and so files from
network drives are not considered secure by default.
Some (most) of the issues can be resolved by using the .NET
security config console to add a security exception, adding your network drive to
your local computer zone. That way .NET treats it like the C: drive.
I say “most” however, because I’ve run into
other issues in VS 2005, where VS itself has issues working against network
drives – but you may or may not encounter them. My specific issues were
around having “My Documents” on a network drive, and VS thinking I
was running it for the first time, every time.
Rocky
From: steve.king
[mailto:cslanet@lhotka.net]
Sent: Thursday, March 15, 2007 4:35 PM
To: rocky@lhotka.net
Subject: Re: [CSLA .NET] CSLA In a Hosted Environment
We recently moved to ClearCase which creates a network drive
and stores the source code there from which we do our work. I cannot run
my application now because I'm getting the "assembly (CSLA) does not allow
partially trusted callers" exception. How can I get around
this? Please help!
Rocky:
I'm afraid I'm not sure how to go about adding this mapped drive to my local computer zone. Is this a console/command-line utility?
I've added the "URL" to the folder to all of the zones with FullTrust through the .NET 2.0 Configuartion Control Panel applet. This URL (a UNC name) contains my source code but I'm still getting the same error when I try to run my project from the IDE.
Any suggestions? Do I need to put the AllowPartiallyTrustedCallers attribute into the AssemblyInfo.cs file of the CSLA.NET project and recompile it?
No, if you get it right then the code should be considered trusted.
I haven't tried doing this for a long time (since 2003 I think), but I remember it was a pain in the @$$ to get the settings right to make a network drive available.
But, at least back then, it was easy to test, because the Windows Forms designer blew up when trying to open forms from non-trusted locations, so testing whether the security was right was simply a matter of trying to open a WinForm project in VS.
Hi,
Please forgive my ignorance, but what is this ".NET security config console to add a security exception" of which you speak? How do I add a network drive to my local computer zone?
I must be dense, but I don't see anything like a security exception in the .NET 2.0 configuration tool.
I ask this because since upgrading to VS2005, we've found that we can no longer access assemblies via the VS 2005 toolbox which are located on a network drive. We have some custom controls located in assemblies on a network drive which in VS2003 we could access - for now we've copied them to our local drives, but that's a lousy solution. I'm thinking your post offers a clue as to why VS may be having this problem. I tried raising the trust level to full access for the local intranet, and that appears to work, but seems rather broad brush, and your post alludes to a finer level of control.
Start|Programs|Control Panel|Administrative Tools|Microsoft .NET Framework 1.0 Configuration
Start|Programs|Control Panel|Administrative Tools|Microsoft .NET Framework 1.1 Configuration
Start|Programs|Control Panel|Administrative Tools|Microsoft .NET Framework 2.0 Configuration
Depending on which version(s) of .NET you have installed.
RockfordLhotka:Start|Programs|Control Panel|Administrative Tools|Microsoft .NET Framework 2.0 Configuration
Depending on which version(s) of .NET you have installed.
Yes, I know. As I said, I tried raising the trust level of the local Intranet zone to Full trust (so I used that tool), and that seemd to work, but I feel raising the whole zone to full trust is a bit too broad a brush. You alluded to a finer level of control when you said, in an earlier post in this thread, "Some (most) of the issues can be resolved by using the .NET security config console to add a security exception, adding your network drive to your local computer zone. That way .NET treats it like the C: drive.".
You need to add a new URL type Code Group that points at your
specific URL (server, directory, whatever) and give it the FullTrust permission
set.
Rocky
From: jemmer
[mailto:cslanet@lhotka.net]
Sent: Tuesday, March 20, 2007 2:09 PM
To: rocky@lhotka.net
Subject: Re: [CSLA .NET] RE: CSLA In a Hosted Environment
RockfordLhotka:
Start|Programs|Control Panel|Administrative Tools|Microsoft .NET Framework 2.0 Configuration
Depending on which version(s) of .NET you have installed.
Yes, I know. As I said, I tried raising the trust level of the local
Intranet zone to Full trust (so I used that tool), and that seemd to work, but
I feel rainsing the whole zone to full trust is a bit too broad a
brush. You alluded to a finer level of control when you said, in an
earlier post in this thread, "Some (most) of the issues can be
resolved by using the .NET security config console to add a security
exception, adding your network drive to your local computer zone. That way .NET
treats it like the C: drive.".
I was wondering how to add such a security exception, and particularly how
to add a network drive to my local conmputer zone, since I couldn't find
anything in that tool which referred to either a "security exception"
or modifying the local zone configuration. Maybe it is there, but I sure
couldn't see it...
Copyright (c) Marimer LLC