Login/Register
.NET assembly runs in partial trust on a network drive, but all other in full trust
Asked Answered
Solved c#security.net-4.0wcf-bindingfull-trust
L

3

3

We have a strange issue with our C++ solution (which calls .NET 4.0 assemblies) when running on a network drive. The solution hosts several WCF services with NetTcpBinding, one of them with a non-default binding configuration. A non-default NetTcpBinding is per se not possible under partial trust (see Stack Overflow question When does WCF NetTcpBinding need full trust on the client?), but the solution runs under a fully trusted network drive. This does work on several different computers (Windows Vista and Windows 7) but fails on one (Windows Vista) with throwing an exception,

An error occurred creating the configuration section handler for "system.serviceModel/bindings": That assembly does not allow partially trusted callers. (K:\Somepath\Testing.exe.Config line 6)

This exception would be totaly OK, if the solution would indeed run under partial trust on that computer, but it does run under full trust. Even if I check for full trust in code it is true.

We double checked the Internet options with one of the computers it works on - no differences.

All DLL files and the EXE file are strong named.

Update: The network drive is under full trust on the particular computer (caspol.exe).

What should we look for?

If you need additional information, please let me know.

Update 2: We still have that issue and now even on one computer more (Windows 7). So it seems to be OS independent.

Loudmouth answered 28/1, 2011 at 11:24 Comment(3)
If a fulltrust assembly calls a partialtrust assembly that calls another fullthrust assembly the partial trust domain can stick. There should be some settings to get the 'main' trust instead of the partial trust. Something about using a complete stackwalk instead of a min level stackwalk. Haven't worked enough with CAS to remember exactly. Maybe you have to 'revert' the trust somewhere in the code giving the answer or decorate it with an extra attribute.Baptlsta
I am facing the same issue with a .net 4.0 project. Did you find any solution for this issue? We have LoadFromRemoteSources and Legacy activation etc enabled, but still get the errorNonstandard
I didn't research it again after I found the workaround mentioned in my answer (set binding settings in code, not in app.config). If you find something, let us know :)Loudmouth
L
1

We didn't find a solution here but a workaround: Don't use the app.config for the binding settings. Setting them in code works for us in the same environment.

This question by the way seems to handle a similar issue. HTH

Loudmouth answered 26/10, 2011 at 15:14 Comment(0)
B
6

It's called code access security (CAS), and it forces all untrusted network drives to be treated as untrusted network code.

Local code has full trust, network code has partial trust and Internet code has no trust. It's a .NET only security model. Your options are to either designate the network drive as a 'trusted' drive by giving it full rights (search for caspol.exe full trust network drive) or to copy the EXE file to a local drive.

Using CASPOL to Fully Trust a Network Share should help you out.

Or on the command line:

CasPol.exe -m -pp off -ag 1.2 -url file://///server/share/* FullTrust .
Baptlsta answered 28/1, 2011 at 12:28 Comment(2)
Thanks, we allready achieved that. I updated the Question to make this more clear.Loudmouth
Starting with .NET 3.5 SP1, code from network drives runs with full trust. I assume the same is true of .NET 4 as well.Regrate
L
1

We didn't find a solution here but a workaround: Don't use the app.config for the binding settings. Setting them in code works for us in the same environment.

This question by the way seems to handle a similar issue. HTH

Loudmouth answered 26/10, 2011 at 15:14 Comment(0)
S
-1

Right click on app.config -> Properties -> Unbock

Sorus answered 26/4, 2012 at 11:56 Comment(1)
There is no option "unbock" (or "unblock" or "undock").Loudmouth

© 2022 - 2024 — McMap. All rights reserved.