来自网络共享的 .Net 2.0 应用程序,无需 FullTrust
我正在尝试从网络共享运行 .Net 2.0 应用程序,而不使用 FullTrust 权限集。 我想创建一个新的权限集,其中仅包含我的程序集所需的权限,然后将其分配给共享路径上的 exe。 是否有可能做到这一点? 从我有限的实验来看,我发现如果没有 FullTrust,我无法让任何应用程序通过网络共享运行。 我尝试创建一个新的烫发集,也尝试了 Everything 和其他烫发集,但似乎都不起作用。 有没有人有这方面的经验?
I am trying to run a .Net 2.0 application from a network share without using the FullTrust permission set. I want to create a new permission set that has just the permissions my assemblies require, and then assign that to the exe on the shared path. Is it possible to do this?
From my limited experiments, I find that I am unable to do get any application working from a network share without FullTrust. I tried creating a new perm set, and also tried the Everything and other perm sets, but none seem to work. Has anyone had any experience with this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您需要使用强名称对程序集进行签名,然后将强名称的 cas 策略设置为完全信任。
将 FullTrust 设置为使用您的强名称签名的所有代码的最简单方法是:
如果您的代码分为多个程序集,则需要使用该强名称对每个程序集进行签名。 您可能需要使用链接需求设置
SecurityPermission- 属性,以保证调用者的安全性。You need to sign your assemblies with a strong name and then set the cas-policy for your strong-name to full trust.
The easiest way for setting up FullTrust to all code signed with your strong-name is:
If your code is split up to multiple assemblies you need every assembly to be signed with that strong name. You may need to set the
SecurityPermission-Attribute with a link demand, that the security of the caller taken over.在 .NET 3.5 之前,您需要完全信任共享才能从那里运行 .NET 应用程序。 Shawn 在此处对此进行了解释:“无需进行任何修改对于默认的 CAS 系统,我们处于加载包含安全对象的程序集和授予它们策略之间的永无休止的循环......进入 FullTrust 列表。”
在 .NET 3.5 中,通过“...默认授予 FullTrust 集,使它们的行为与直接从您的计算机启动一样”(来自 Shawn 的另一篇文章 此处)
Prior to .NET 3.5, you need to fully trust the share to run a .NET application from there. Shawn explains this here with: "without some modification to the default CAS system, we're in a never ending cycle between loading assemblies that contain security objects and granting them policy. ... enter the FullTrust list."
In .NET 3.5 this limitation is overcome by "... granting set of FullTrust by default, making them act the same as if they were launched off of your computer directly" (from Shawn's another post here)
授予强命名的程序集 FullTrust 权限听起来不错,但不幸的是,我的程序集引用了几个第三方 COM Dll,如果我对主程序集进行强命名,这些第三方 COM Dll 也需要进行强命名。 我猜测对 Shawn 给出的路径给予 FullTrust 是最好的解决方案:
CasPol.exe -pp off -m -ag 1.2 -url 文件://\ShawnFa-Srv/Tools/* FullTrust
Giving the strong named assmebly FullTrust permission sounds good, but unfortunately my assembly references several third-party COM Dlls which are also required to be strong-named if I strong-name the main assembly. I'm guessing then that giving FullTrust to the path as given by Shawn is the best solution:
CasPol.exe -pp off -m -ag 1.2 -url file://\ShawnFa-Srv/Tools/* FullTrust