Hi all. Where can I find documentation on using windows user controls in web
pages? I've been looking for documentation, but haven't found much.
Specifically, I'm now having problems with assembly permissions:

1. I have an Aspx page that uses a windows user control
2. The control uses ADO.Net to retrieve information from an SQL server (at
least it tries)
3. In a client machine, I created a code group under Machine, AllCode,
Local_Intranet. Membership. Condition is the URL of my app. Permission set
is one I created allowing EVERYTHING
4. It doesn't work. When the control tries to retrieve the information, I
get an exception: Request for the permission SQLClientPermission failed.

Note: The control works fine on the machine I use to host the page. All I
had to do was trust the control's assembly. It doesn't work on other
machines that browse to that page.

Any suggestions, tips, info are welcome. I don't know what newsgroup to use
so, I'm trying with these two.

Thanks a lot!!!

Frank

See http://blogs.msdn.com/shawnfa/archiv.../20/57023.aspx and
http://blogs.msdn.com/shawnfa/archiv.../26/57026.aspx for explanations
of why your code isn't being granted the permissions you would like and what
you can do about it.


"John Francisco Williams" <JohnFranciscoWilliams1010 (AT) Yahoo (DOT) Com> wrote in
message news:ehEfw04GFHA.1096 (AT) tk2msftngp13 (DOT) phx.gbl...

Thank you very much for your help. I tried to use Strong Name as the
membership condition (as it mentions the first article) and that didn't
work. I also tried the assert method, mentioned in the second article. That
didn't work either. I then tried on more machines (I was using 3 real
machines and 2 virtual servers) and it worked!!! :-) . This is what I found:

1. My control was made using .Net Framework 1.1. Machines that have both
..Net Framework 1.0 and .Net Framework 1.1 installed, didn't work.
2. Machines that have both .Net Framework 1.1 and .Net Framework 2.0, didn't
work either.
3. Machines with only .Net Framework 1.1, worked perfect.

It worked using the steps I mentioned in my first post. Here are the steps,
a bit more detailed, in case anyone wants them:

1. Create a windows user control, with the functionality needed. In my case,
the control access the file system, and an SQL Server.
2. Create a web page (in my case, I'm using Aspx pages) that uses the
control, like this:

<object
classid = AssemblyName.DLL#NameSpace.ControlName
ViewAsText>
</object>

3. Each machine that's going to use that page, needs to comply with this:

3.1. Have the .Net framework installed (same version as the control)
3.2. Authorize the assembly, or the whole URL, or the whole web site, to
perform the operations needed.

4. To do "3.2":

4.1. Use one machine as the template, for creating the authorization
needed for all the other machines. After creating all the permissions
needed, an .Msi will be created, that will replicate this same permission
state, on every machine that uses the page with the control.
4.2. Go to administrative tools, "Microsoft .NET Framework 1.1
Configuration"
4.3. Go to Runtime Security Policy\Machine\Permission Sets
4.4. Right click "Permission Sets", select "New".
4.5. Give it a descriptive name, and select next.
4.6. Select the permissions your control will need and then click "Add
4.7. Click "Finish"
4.8. After you created a set with the permissions you want to assign,
you now need to specify who is going to get those permissions. Go to Runtime
Security Policy\Machine\Code Groups\All_Code\Internet_Zone
4.9. Right click "Internet_Zone", select "New"
4.10. Give it a descriptive name, and select next.
4.11. Next window is "Condition Type": Where is this assembly that needs
to be authorized? In my case, I selected "Site", to give permission to any
control that comes from a specific site. I you need to be more restrictive,
use "URL", for example, to only authorize assemblies coming from one URL. I
you use URL, include the name of the assembly (e.g.
http://wwww.SiteName.Com/Dir1/Dir1b/AssemblyName.Dll) or a "*", to authorize
all assemblies coming from that URL. (e.g.
http://wwww.SiteName.Com/Dir1/Dir1b/* ). If you select "Site", don't include
the protocol (example: www.SiteName.Com, instead of
http://www.SiteName.Com ).
4.12. Next section is "Permission Set". You already indicated which
assembly (s) to trust. Now indicate what type of permissions it will have,
by associating it with a permission set. Choose the permission set you
created in 4.5.
4.13. Click "Next", "Finish", test your page.
4.14. If everything is working as needed, and you don't need to modify
more permissions, go to "Runtime Security Policy". Right click there, and
select "Create Deployment Package".
4.15. Indicate the level of security to deploy. In this case, "Machine".
4.16. Choose the folder and a file name for this Deployment Package.
4.17. Click "Next", "Finish", the package is ready.
4.18. Have this MSI run on each machine that needs to use the page with
the control.

NOTES:
.. This installer is primitive. If you had previous custom permission sets on
a machine, they will be lost when you run the installer. For those cases, I
suggest having one or more machines with the permissions set, to be used as
templates. And then, always use those machines to make any changes and
deployment packages.
.. Depending on your scenario, you might need to use "Local_Intranet_Zone",
"My_Computer_Zone", etc, instead of "Internet_Zone" in step 4.8.
.. You need to know what section is your assembly being "assigned to"? Go to
"Runtime Security Policy" and select "Evaluate Assembly" on the right side.

Thanks Nicole. Thanks all :-)


"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote

My guess would be that you probably weren't altering the CAS policy for the
same version of the framework that was being used to load the control. You
could probably get it to work as expected on a multi-version machine if you
were to ensure that the .NET Framework version targeted for the CAS policy
modification is the same as the version in which the control will be loaded
when hosted in IE.




"John Francisco Williams" <JohnFranciscoWilliams1010 (AT) Yahoo (DOT) Com> wrote in
message news:u3iZYPdHFHA.3076 (AT) tk2msftngp13 (DOT) phx.gbl...

That's what I was thinking, when I found out about the problem in the
machines with side-by-side versions. I was using Microsoft .NET Framework
1.1 Configuration tool, since my control was made with .Net Framework 1.1.
How do I ensure it's updating the right version?

Thanks for your help

Frank


"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote

You could do a few things. If you can attach a debugger to the
aspnet_wp.exe process, you could find out what verson of mscorwks.dll is
loaded. Or, if you want to go with a less intrusive technique, you can
simply log the value of Environment.Version property from within your
control.

-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.


Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------
<u3iZYPdHFHA.3076 (AT) tk2msftngp13 (DOT) phx.gbl>
<OPmWVwoHFHA.3612 (AT) TK2MSFTNGP09 (DOT) phx.gbl>
net.security
8.phx.gbl!TK2MSFTNGP14.phx.gbl

I don't have any multi-version machines to test this on, so I can't be of
much help with the details. However, based on the little information out
there concerning IEExec, I'd guess that your control will likely be loaded
using either the highest version or the last installed version of the .NET
Framework on the client machine. If this is the case, your best bet might
be to verify the framework version from within your control code (e.g.:
System.Environment.Version) unless you can change policy for all framework
versions on the client.



"John Francisco Williams" <JohnFranciscoWilliams1010 (AT) Yahoo (DOT) Com> wrote in
message news:ujn9Bi0HFHA.3588 (AT) TK2MSFTNGP14 (DOT) phx.gbl...