Re: [WiX-users] System.Security.SecurityException when runningcandle
LOL! Well said. CAS is nothing if not quite confusing. Most of them time we can code along with full trust and it never rears its head, but sometimes we brush up against it and it is not fun. Your caspol command line to create the policy change is very helpful here. Joe K. - Original Message - From: "Jeremy Farrell" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 12, 2006 1:24 AM Subject: Re: [WiX-users] System.Security.SecurityException when runningcandle > If Ben's like me, he'll find that Joe's and Bob's excellent explanations > lead him to a cliff edge in a new world about which he knows nothing, and > perhaps needs to know nothing other than what's needed to get WiX to work. > If that's the case, just following this formula should do the trick. It > should at least point in the right direction. > > If the tools are on a network filesystem, the system must be configured > (once) to allow execution of the WiX toolset from a network filesystem. > This can be done by a user with administrator privileges using the > following command > > %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CasPol -q -m -ag > All_Code -strong -file "path\wix.dll" -noname -noversion FullTrust -name > "WiX_Strong_Name" -levelfinal on > > where "path\wix.dll" is the path to any copy of wix.dll (including a local > copy). The path to CasPol might be different, but this one is usually > right. This command works for me, but I'm using a fairly old version of > WiX 2; more recent versions might need a different version of .NET, but > that's beyond my knowledge. > > Thanks again to whoever spelled this command out for me previously - it > saved having to do a lot of learning when I was in a last-minute rush. > > - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] System.Security.SecurityException when runningcandle
If Ben's like me, he'll find that Joe's and Bob's excellent explanations lead him to a cliff edge in a new world about which he knows nothing, and perhaps needs to know nothing other than what's needed to get WiX to work. If that's the case, just following this formula should do the trick. It should at least point in the right direction. If the tools are on a network filesystem, the system must be configured (once) to allow execution of the WiX toolset from a network filesystem. This can be done by a user with administrator privileges using the following command %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CasPol -q -m -ag All_Code -strong -file "path\wix.dll" -noname -noversion FullTrust -name "WiX_Strong_Name" -levelfinal on where "path\wix.dll" is the path to any copy of wix.dll (including a local copy). The path to CasPol might be different, but this one is usually right. This command works for me, but I'm using a fairly old version of WiX 2; more recent versions might need a different version of .NET, but that's beyond my knowledge. Thanks again to whoever spelled this command out for me previously - it saved having to do a lot of learning when I was in a last-minute rush. > From: Joe Kaplan > Sent: Monday, September 11, 2006 9:22 PM > > In this particular case, CAS is complaining because candle is > signed, but isn't marked with the APTCA > (AllowPartiallyTrustedCallersAttribute) in the > assembly level attributes. As such, when it is launched from > a partially > trusted context (like a network share), it fails instantly. > > To get around this, you would need to grant the assembly > FullTrust. This is > easy to do in a granular, secure way though, because WiX is > signed. You can > use a strong name membership condition with the WiX public > key token to grant FullTrust. > > It might be possible to code WiX so that it could safely > include APTCA and > actually could run partially trusted, but I'm pretty sure it > does a lot of > COM interop which requires Full Trust anyway and given that it is a > development tool, this is probably not worth doing. The WiX > team has plenty of other stuff to work on. :) > > If it were a downloadable control, then that would be a > different story... > > Joe K. > > - Original Message - > From: Bob Arnson > > Ben Weatherman wrote: > I have WiX installed on a shared drive > > .NET doesn't support running assemblies from a network by > default. Caspol is the only workaround I know of. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] System.Security.SecurityException when runningcandle
In this particular case, CAS is complaining because candle is signed, but isn't marked with the APTCA (AllowPartiallyTrustedCallersAttribute) in the assembly level attributes. As such, when it is launched from a partially trusted context (like a network share), it fails instantly. To get around this, you would need to grant the assembly FullTrust. This is easy to do in a granular, secure way though, because WiX is signed. You can use a strong name membership condition with the WiX public key token to grant FullTrust. It might be possible to code WiX so that it could safely include APTCA and actually could run partially trusted, but I'm pretty sure it does a lot of COM interop which requires Full Trust anyway and given that it is a development tool, this is probably not worth doing. The WiX team has plenty of other stuff to work on. :) If it were a downloadable control, then that would be a different story... Joe K. - Original Message - From: Bob Arnson To: Ben Weatherman Cc: wix-users@lists.sourceforge.net Sent: Monday, September 11, 2006 10:43 PM Subject: Re: [WiX-users] System.Security.SecurityException when runningcandle Ben Weatherman wrote: I have WiX installed on a shared drive .NET doesn't support running assemblies from a network by default. Caspol is the only workaround I know of. -- sig://boB http://bobs.org - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
