You still have a similar problem. Although System.Data.dll does have the attribute many of its methods require full trust. See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetse c/html/aptcatypes.asp for a complete list.
It is important to remember that FullTrust and the Everything permission set are very different. The requirement for shared assemblies to specify whether their methods are callable from partially trusted code is essential to creating secure libraries. -----Original Message----- From: Michael Bealer [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 10:57 AM To: [EMAIL PROTECTED] Subject: Re: [ADVANCED-DOTNET] remoting from browser, security bug (?) Sorry, I guess I should have been more specific. In my case I am not trying to use remoting, the thing that is happening to me is that I cannot connect to a SQL Server database without giving full-trust. The odd part of my problem and Steve's problem is that giving every permission available doesn't allow the code to work. Only full-trust works. It seems odd that you are required to give an app full-trust when there should be and seems to be permission sets available to accomplish what you want. Thanks, Michael ----- Original Message ----- From: "John Cavnar-Johnson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 29, 2002 11:15 AM Subject: Re: [ADVANCED-DOTNET] remoting from browser, security bug (?) This is by design. Strong-named assemblies (like System.Runtime.Remoting) can not be called by partially trusted code (code that has any permission set other than full trust) unless that strong named assembly is decorated with the AllowPartiallyTrustedCallers attribute. System.Runtime.Remoting does not have that attribute, with good reason. You will either need to give your component full trust or use another mechanism to communicate with the server. Why do you want to use remoting from within IE? -----Original Message----- From: Michael Bealer [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 9:14 AM To: [EMAIL PROTECTED] Subject: Re: [ADVANCED-DOTNET] remoting from browser, security bug (?) Steve, I have seen the exact same problem with just a winform exe or dll deployed from the web and I've been speaking with someone at Microsoft who is looking into it. Michael ----- Original Message ----- From: "Steve Albert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 29, 2002 3:28 AM Subject: [ADVANCED-DOTNET] remoting from browser, security bug (?) Hi. I'm writing a winforms control which is hosted in IE. I'd like to use remoting to communiate with the server. If I give FullTrust (CAS right) to the component it works fine. But if I give Everything or give all rights to the component (one by one, granting everything, including skip security check) it doesn't work. I wrote a very simple control with only one button, and a method constructing a TcpChannel object. Here is the code (very very simple): private void Test() { MessageBox.Show( "c" ); new System.Runtime.Remoting.Channels.Tcp.TcpChannel(); } private void button1_Click(object sender, System.EventArgs e) { MessageBox.Show( "calling test now..." ); Test(); } First message box is shown, second is not. Security error exception thrown. It seems to me it must be thrown by the JIT. any suggestions? has anyone tried to do remoting from an IE hosted winforms control with properly configured security? thanks, Steve You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
