0

I am using VS2012 with VB.NET for a winfowms app, using Active Directory roles. Running the program as a user without permissions, I am getting an (expected) security exception when trying to launch this form.

I have a form that looks like this:

<PrincipalPermission(SecurityAction.Demand, Role:=Security.Roles.ADMINISTRATORS)> _
<PrincipalPermission(SecurityAction.Demand, Role:=Security.Roles.CORRECTIVE_ACTION_EDITORS)> _
<PrincipalPermission(SecurityAction.Demand, Role:=Security.Roles.GRIEVANCE_EDITORS)> _
<PrincipalPermission(SecurityAction.Demand, Role:=Security.Roles.ABOLISHMENT_EDITORS)> _
Public Class EmployeeInformationForm
...
End Class

The call to the code looks like this:

    Private Sub SendEmployeeIDToEmployeeInformationForm(ByVal ID_in As String, ByVal employeeRecord_in As String)
    ...
        If Not formFound Then
            ' Create a new instance of the child form.
            Dim ChildForm As New EmployeeInformationForm(ID_in, employeeRecord_in) ' ** throws expected security exception here**
            Try
                ' Make it a child of this MDI form before showing it.
                ChildForm.MdiParent = Me.MdiParent
        ...
                ChildForm.Show()
            Catch ex As Exception
                ChildForm.Close()
                Throw
            End Try
        End If

After 15 or 16 attempts (or maybe the variable is "after about 1 minute"?) the program crashes. UPDATE: after more input of any kind the program crashes. I have debugged the code as the user without permissions, and was able to capture the exception being thrown - apparently from nowhere. It is very weird saying "The call stack contains only external code", and displays the following:

This thread is stopped with only external code frames on the call stack. External code frames are typically from framework code but can also include other optimized modules which are loaded in the target process.

Call stack with external code

mscorlib.dll!System.Security.Permissions.PrincipalPermission.ThrowSecurityException()
mscorlib.dll!System.Security.Permissions.PrincipalPermission.Demand()
mscorlib.dll!System.Security.PermissionSet.DemandNonCAS()
[Native to Managed Transition]
[Managed to Native Transition]
OHRC Database.exe!OHRC_Database.EmployeeInformationForm.Dispose(Boolean disposing)
System.dll!System.ComponentModel.Component.Finalize()

It seems to imply it is having a hard time closing the form? Can anyone tell me why it is throwing this exception?

Community
  • 1
  • 1
Watki02
  • 4,696
  • 7
  • 34
  • 36

1 Answers1

2

The exception is being thrown from the finalization thread (the Finalize() call in your exception stack trace is the hint for this), and the user identity on that thread doesn't have the right permissions either. See http://msmvps.com/blogs/calinoiu/archive/2006/01/07/why-is-my-application-coughing-up-a-securityexception-after-my-code-stops-running.aspx for further details and a fix.

HTH, Nicole

Nicole Calinoiu
  • 20,843
  • 2
  • 44
  • 49
  • It is the *garbage collector* throwing the exception... that explains a lot! – Watki02 Oct 18 '12 at 19:49
  • Is it both Finalize() *and* Dispose() that need overridden or just one? ...if one, which one? – Watki02 Oct 18 '12 at 21:20
  • 1
    The finalizer that is being invoked is declared on `System.ComponentModel.Component`. You shouldn't need to override it since it seems to be executing already. The only method that would appear to need the workaround attribute is `EmployeeInformationForm.Dispose(Boolean disposing)`. – Nicole Calinoiu Oct 18 '12 at 22:00