from the registry? We have had this issue on/off for several months, and we
are at the breaking point. The assembly has to access our database and we
want to store the connection information in the registry for shared use with
other components.
The network admins assure us that all users have read access to the
registry. It appears that we have granted our assembly fulltrust via
entries in the rs srs policy file. For a while were were using MS SRS 2000
and a temp work-around was to disable Code Access Security (CAS). We have
since upgraded to MS SRS 2005 and that work-around does not appear to work
anymore as our admin cannot seem to turn-off CAS (not that that is the
solution we want). Our code appears to fail when we assert read permission
on our registry key.
We're no longer in a trial-and-error approach to solving this. We've spent
way too long on something that, in our opinion, should be fairly simple. A
working example of a custom assembly, including policy file entiries, that
reads string values from the registry would be very welcome.
Any help would be appreciated.
Thanks,
ChrisHi Chris,
Thank you for your posting!
My understanding of this issue is: You want use custom assembly to access
the Registry in Reporting Services 2005. If I misunderstood your concern,
please feel free to let me know.
Based on my scope, you could turn-off CAS temporarily and try to run your
assembly.
Remember, in .NET 2005, you could only turn off CAS by using the Caspol.exe
temporarily. If you press <Enter> then you will restore the setting and
turn on the CAS.
If you could access the registry when you turn-off the CAS, then please
let me know what change have you done on your policy config file and post
the changes here.
If you still can not access the registry when you turn-off the CAS, we need
to start the Regmon to monitor the registry. You could download this tool
from the following site:
http://www.sysinternals.com/Utilities/Regmon.html.
Please let me know the result and so that I can provide further assistance.
Sincerely,
Wei Lu
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================This posting is provided "AS IS" with no warranties, and confers no rights.|||Hi Chris ,
How is everything going? Please feel free to let me know if you need any
assistance.
Sincerely,
Wei Lu
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================This posting is provided "AS IS" with no warranties, and confers no rights.|||I apologize for the long delay. Other matters have taken precedence, but I
hope to return to this next week. I will try disabling CAS again to see if
my policy entry is the culprit and I'll let you know the results.
Thanks,
Chris
"Wei Lu [MSFT]" <weilu@.online.microsoft.com> wrote in message
news:tcrT04ApGHA.4612@.TK2MSFTNGXA01.phx.gbl...
> Hi Chris ,
> How is everything going? Please feel free to let me know if you need any
> assistance.
> Sincerely,
> Wei Lu
> Microsoft Online Community Support
> ==================================================> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ==================================================> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>|||Hi Chris,
Thanks for your followup. Since Wei is OOF due to some urgent business,
I'll continue to help you on this issue. And sure, please feel free to
manage your first priority work and just let me know when you get any
progress or need any further assistance. We'll hold this thread and closely
monitoring it.
Looking forward to your update!
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
========================================
This posting is provided "AS IS" with no warranties, and confers no rights.|||This is a multi-part message in MIME format.
--=_NextPart_000_000C_01C6AA84.480797E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I executed my report that has a custom assemby that reads from the =registery. As previously described, it failed with the following error:
Request for the permission of type ='System.Security.Permissions.RegistryPermission, mscorlib, =Version=3D2.0.0.0, Culture=3Dneutral, PublicKeyToken=3Db77a5c561934e089' =failed
As directed I disabled code access security (caspol -s off). Prior to =pressing <enter>, I re-executed the report and still received the same =error. I both refreshed the report, and also closed the browser and =re-logged in to execute the report. No change.
My rssrvpolicy.config entry for my custom assembly is below.
<CodeGroup class=3D"UnionCodeGroup"
version=3D"1"
PermissionSetName=3D"FullTrust"
Name=3D"cgBBSDataFormatter"
Description=3D"">
<IMembershipCondition class=3D"UrlMembershipCondition"
version=3D"1"
Url=3D"file://D:/Program Files/Microsoft SQL =Server/MSSQL.3/Reporting =Services/ReportServer/bin/BBSDataFormatter.dll"/>
</CodeGroup>
He is nested within the following codegroup entry:
<CodeGroup class=3D"FirstMatchCodeGroup" version=3D"1" PermissionSetName=3D"Execution"
Description=3D"This code group grants MyComputer code Execution =permission. ">
<IMembershipCondition class=3D"ZoneMembershipCondition"
version=3D"1"
Zone=3D"MyComputer" />
Any help would be greatly appreciated.
- Chris
"Steven Cheng[MSFT]" <stcheng@.online.microsoft.com> wrote in message =news:eedfRYYqGHA.4188@.TK2MSFTNGXA01.phx.gbl...
> Hi Chris,
> > Thanks for your followup. Since Wei is OOF due to some urgent =business, > I'll continue to help you on this issue. And sure, please feel free to =
> manage your first priority work and just let me know when you get any > progress or need any further assistance. We'll hold this thread and =closely > monitoring it.
> > Looking forward to your update!
> > Sincerely,
> > Steven Cheng
> > Microsoft MSDN Online Support Lead
> > ==3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D==3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > This posting is provided "AS IS" with no warranties, and confers no =rights.
>
--=_NextPart_000_000C_01C6AA84.480797E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
&
I executed my report that has a custom =assemby that reads from the registery. As previously described, it failed with =the following error:
Request for the permission of =type 'System.Security.Permissions.RegistryPermission, mscorlib, =Version=3D2.0.0.0, Culture=3Dneutral, PublicKeyToken=3Db77a5c561934e089' failed
As directed I disabled code access =security (caspol -s off). Prior to pressing , I re-executed the report =and still received the same error. I both refreshed the report, and =also closed the browser and re-logged in to execute the report. No change.
My rssrvpolicy.config entry for my =custom assembly is below.
He is nested within the following =codegroup entry:
Any help would be greatly =appreciated.
- Chris
"Steven Cheng[MSFT]"
--=_NextPart_000_000C_01C6AA84.480797E0--|||Hi Chris,
Thanks a lot for your prompt response and the further detailed information.
After reading the security policy file you posted, I found that you use the
"UnionCodeGroup" for your custom codegroup type, I think it would be
better to use the "FirstMatchCodeGroup" which will exclude any other
matched CodeGroup and you need to put it as before other groups as possible
so that it will be evaluated and matched first in the policy file. The
custom codegroup element's content is ok from my view.
In addition, I've performed some tests on my local environment and noticed
some other problems here:
In our custom assembly's code there are two things we need to take care:
1. Make sure that our assembly is marked as
"AllowPartiallyTrustedCallersAttribute", such as:
[assembly:AllowPartiallyTrustedCallers]
2. Before we calling the registry code(or access any restricted resource),
we need to construct the certain Permission instance and Assert it. e.g:
public class Class1
{
public static string Test()
{
RegistryPermission perm = new
RegistryPermission(RegistryPermissionAccess.Read,
@."HKEY_LOCAL_MACHINE\SOFTWARE");
perm.Assert();
RegistryKey regkey =Registry.LocalMachine.OpenSubKey("Software", false);
int i = regkey.SubKeyCount;
return "LocalMachine_Software_SubKeyCount: " + i;
}
}
Here is a web article which has demonstrate a complete sample(it is
performing file access in custom assembly) and it has mentioned many things
we need to take care when developing and deploying custom assemby.
http://www.c-sharpcorner.com/Code/2005/June/CustomAssemblyinRS.asp
BTW, here is my custom codegroup section in the policy file:
===============<CodeGroup
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="MyCustomAssemblyCodeGroup"
Description="A special code group for my custom assembly.">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting
Services\ReportServer\bin\CustomAssembly.dll"/>
</CodeGroup>
===================
Further more, if you still meet problem on this and if you feel convenient,
you can provide me a copy or code of your simplified custom assembly(which
can reproduce the problem behavior) so that I can do some further test on
my side.
Hope the above info helps.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.|||Hello Chris,
Have you got any further process on this issue, or does the information in
my last reply also helps on this issue?
Curerntly we're still closely monitoring this issue, if you still have any
questions or if there is anything we can help, please feel free to post
here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.|||Steven,
Modifying the policy file as suggested did the trick. We had previously
implemented the other two suggestions when we first ran into this problem.
Thank you for your help.
Regards,
Chris
"Steven Cheng[MSFT]" <stcheng@.online.microsoft.com> wrote in message
news:6UHfrWNrGHA.4272@.TK2MSFTNGXA01.phx.gbl...
> Hello Chris,
> Have you got any further process on this issue, or does the information in
> my last reply also helps on this issue?
> Curerntly we're still closely monitoring this issue, if you still have any
> questions or if there is anything we can help, please feel free to post
> here.
> Sincerely,
> Steven Cheng
> Microsoft MSDN Online Support Lead
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>|||Thanks for your followup Chris,
Glad to hear the good news.
Have a good day!
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
No comments:
Post a Comment