.net, IE & Code Access Security



  • Ok, so the WTF here may be me; but here goes anyway ...

    I have just spent half a day chasing this down, I created a Windows Forms control to be hosted by IE. I had to create it in .net 1.1 as the client has yet to adopt v2, but this should not have been a problem. On my development machine I have 1.0, 1.1, 2.0 and now 3.0 (WinFX).

    The control needs to be able to access printers directly - via the spooler API - in order to be able to print directly to thermal printers, bypassing the printer driver; code that I wrote years ago and works well. All that was needed was to port this to the control instead of its current guise. Because the control would be hosted in IE, I also needed to modify the code access security policy to allow the control to call unmanaged code - by default this is not allowed.

    Here comes the problem; no matter how I changed the CAS, the control kept throwing exceptions. I tried evidence based on signing, not-signing, site, URL, everything in fact - still nothing worked. Eventually I took more notive of the exception message - there was an error creating a permission of type ... v2.0.0.0 - v2.0.0.0 this is written using v1.1!

    It seems that IE was running the assembly under v2.0 of the framework, even though it had been compiled against v1.1 and as such, the CAS had to be modified for v2.0 instead.

    Shoot me down in flames with the "but of course it did because ..."; but WTF!



  • I know there's a "default .NET version" for ASP.NET...maybe that was set to 2.0?

    Mine is set at 1.1.4322
     

     



  • [quote user="Benanov"]

    I know there's a "default .NET version" for ASP.NET...maybe that was set to 2.0?

    Mine is set at 1.1.4322
    [/quote]

    You can control the version of .net that will be used within IIS for the server side, but I am not aware of any client side configuration that will control the CLR used by IE.



  • [quote user="Martin"][quote user="Benanov"]

    I know there's a "default .NET version" for ASP.NET...maybe that was set to 2.0?

    Mine is set at 1.1.4322
    [/quote]

    You can control the version of .net that will be used within IIS for the server side, but I am not aware of any client side configuration that will control the CLR used by IE.

    [/quote]

    Some guys from another team at my company ran across the exact same problem recently. They told me that there was no way you could force IE to use another version of .NET other than the most recent one installed.

    The solution: They're going to create an application with an embedded IE. They said, that this allows them to selected the version used by IE. Might be WTF, too. 



  • [quote user="Martin"][quote user="Benanov"]

    I know there's a "default .NET version" for ASP.NET...maybe that was set to 2.0?

    Mine is set at 1.1.4322
    [/quote]

    You can control the version of .net that will be used within IIS for the server side, but I am not aware of any client side configuration that will control the CLR used by IE.

    [/quote]
    <font face="tahoma,arial,helvetica,sans-serif">I believe you can also set the .NET version to be used on each site in IIS.

    And yeah, I think the client should really have no permission in enforcing the version the server would use. It's like buying a burger and commanding the fry cook on how he will prepare the burger to suit your needs. (Well you could still do this in real life, so I wonder if....)



    </font>


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.