Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4

Thread: VB.NET Method

  1. #1
    Super Moderator sage45's Avatar
    Join Date
    May 2002
    Posts
    1,060
    Thanks
    0
    Thanked 13 Times in 13 Posts

    VB.NET Method

    Does anyone have or know of a VB.NET Method to progmatically modify the local security settings to allow for a VB.NET Application to run from a remote share?

    I've been doing some reading on the CLR and CAS but have yet to find a clearly defined method.

    What I have is an application that I am in the developing that will be deployed to our clients and while the application could be used directly on the workstation, it is not practical as the application needs to run from the server so that the workstations receive the application updates. The second option then is to change the .NET zones using the Microsoft .NET Framework 1.1 Wizards (http://support.microsoft.com/kb/832742/), it's not really practical considering the amount of machines. And since each client is unique in the fact that they are disperate domains, I can't use a policy and even then a policy is not garrunteed to cover all machines. Which is why I am looking for a method to do this progmatically.

    Any assistance is greatly appreciated.

    -saige-
    HTML & CSS Forum Moderator

    "If you don't know what you think you know, then what do you know."
    R.I.P. Derrick Thomas #58
    1/1/1967 - 2/8/2000

  • #2
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    While I have experienced the problem you are talking about, I'm not sure on how to solve it. However I have an idea that you might want to look into. I know with .NET you can sign your assemblies which might allow the program to run correctly since it will be "trusted" or whatever. In addition you can set (at least on C# apps) in the project properties the permissions required to run the application.

    I don't know if you have look into either of those two areas but it might be worth a try.
    OracleGuy

  • #3
    Super Moderator sage45's Avatar
    Join Date
    May 2002
    Posts
    1,060
    Thanks
    0
    Thanked 13 Times in 13 Posts
    I do remember a security section in the project properties, but that appeared to be if you wanted to include a signed certificate. (I'll take another look)

    Everything I am finding says that you have to progmatically use the Intranet/Internet Zone limited permissions
    Code:
    using System.Security;
    using System.Security.Permissions;
    using System.Security.Policy;
    
    // Generated with 'secutil -c -s wahoo.exe'
    byte[] publicKey = { 0, 36, ... };
    
    // Find the machine policy level
    PolicyLevel machinePolicyLevel = null;
    System.Collections.IEnumerator ph = SecurityManager.PolicyHierarchy();
    
    while( ph.MoveNext() ) {
      PolicyLevel pl = (PolicyLevel)ph.Current;
      if( pl.Label == "Machine" ) {
        machinePolicyLevel = pl;
        break;
      }
    }
    
    if( machinePolicyLevel == null ) return;
    
    // Create a new code group giving Wahoo! Internet permissions
    PermissionSet permSet1 = new NamedPermissionSet("Internet");
    StrongNamePublicKeyBlob key = new StrongNamePublicKeyBlob(publicKey);
    IMembershipCondition membership1 =
      new StrongNameMembershipCondition(key, null, null);
    
    // Create the code group
    PolicyStatement policy1 = new PolicyStatement(permSet1);
    CodeGroup codeGroup1 = new UnionCodeGroup(membership1, policy1);
    codeGroup1.Description = "Internet permissions for Sells Brothers Wahoo!";
    codeGroup1.Name = "Sells Brothers Wahoo!";
    
    // Add the code group
    machinePolicyLevel.RootCodeGroup.AddChild(codeGroup1);
    
    // Create a new code group giving all of sellsbrothers.com Execute permission
    PermissionSet permSet2 = new NamedPermissionSet("Execution");
    IMembershipCondition membership2 =
      new SiteMembershipCondition("www.sellsbrothers.com");
    
    // Create the code group
    PolicyStatement  policy2 = new PolicyStatement(permSet2);
    CodeGroup  codeGroup2 = new UnionCodeGroup(membership2, policy2);
    codeGroup2.Description = "Minimal execute permissions for sellsbrothers.com";
    codeGroup2.Name = "sellsbrothers.com minimal execute";
    
    // Add the code group
    machinePolicyLevel.RootCodeGroup.AddChild(codeGroup2);
    
    // Save changes
    SecurityManager.SavePolicy();
    - or -

    Build an MSI that will allow you to use the full trusted rights on the computer.

    I don't need an MSI for such a simple application that actually runs from the server. And since I am writing to the registry (in case the client is a laptop user, I am caching the applications startup information so that it will continue to run even when the computer is not able to receive updates from the server), I need full trusted rights.

    I will continue to search. Thanks for your response oracle.

    -sage-
    Last edited by sage45; 08-01-2007 at 05:42 PM.
    HTML & CSS Forum Moderator

    "If you don't know what you think you know, then what do you know."
    R.I.P. Derrick Thomas #58
    1/1/1967 - 2/8/2000

  • #4
    Super Moderator sage45's Avatar
    Join Date
    May 2002
    Posts
    1,060
    Thanks
    0
    Thanked 13 Times in 13 Posts
    Well I checked the security settings and they only effect the Permissions of the localhost computer and not the remote. So I still need to devise a method that will allow the application to start from a share on a remote system.

    Does anyone else have any ideas?

    -sage-
    HTML & CSS Forum Moderator

    "If you don't know what you think you know, then what do you know."
    R.I.P. Derrick Thomas #58
    1/1/1967 - 2/8/2000


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •