3

We have a strange issue with our C++ solution (which calls .NET 4.0 assemblies) when running on a network drive. The solution hosts several WCF services with NetTcpBinding, one of them with a non-default binding configuration. A non-default NetTcpBinding is per se not possible under partial trust (see Stack Overflow question When does WCF NetTcpBinding need full trust on the client?), but the solution runs under a fully trusted network drive. This does work on several different computers (Windows Vista and Windows 7) but fails on one (Windows Vista) with throwing an exception,

An error occurred creating the configuration section handler for "system.serviceModel/bindings": That assembly does not allow partially trusted callers. (K:\Somepath\Testing.exe.Config line 6)

This exception would be totaly OK, if the solution would indeed run under partial trust on that computer, but it does run under full trust. Even if I check for full trust in code it is true.

We double checked the Internet options with one of the computers it works on - no differences.

All DLL files and the EXE file are strong named.

Update: The network drive is under full trust on the particular computer (caspol.exe).

What should we look for?

If you need additional information, please let me know.

Update 2: We still have that issue and now even on one computer more (Windows 7). So it seems to be OS independent.

Community
  • 1
  • 1
gumo
  • 645
  • 15
  • 35
  • If a fulltrust assembly calls a partialtrust assembly that calls another fullthrust assembly the partial trust domain can stick. There should be some settings to get the 'main' trust instead of the partial trust. Something about using a complete stackwalk instead of a min level stackwalk. Haven't worked enough with CAS to remember exactly. Maybe you have to 'revert' the trust somewhere in the code giving the answer or decorate it with an extra attribute. – CodingBarfield Jan 31 '11 at 08:44
  • I am facing the same issue with a .net 4.0 project. Did you find any solution for this issue? We have LoadFromRemoteSources and Legacy activation etc enabled, but still get the error – praskris Jun 19 '12 at 20:12
  • I didn't research it again after I found the workaround mentioned in my answer (set binding settings in code, not in app.config). If you find something, let us know :) – gumo Jun 20 '12 at 07:41

3 Answers3

6

It's called code access security (CAS), and it forces all untrusted network drives to be treated as untrusted network code.

Local code has full trust, network code has partial trust and Internet code has no trust. It's a .NET only security model. Your options are to either designate the network drive as a 'trusted' drive by giving it full rights (search for caspol.exe full trust network drive) or to copy the EXE file to a local drive.

Using CASPOL to Fully Trust a Network Share should help you out.

Or on the command line:

CasPol.exe -m -pp off -ag 1.2 -url file://///server/share/* FullTrust .
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
CodingBarfield
  • 3,392
  • 2
  • 27
  • 54
  • 1
    Thanks, we allready achieved that. I updated the Question to make this more clear. – gumo Jan 28 '11 at 13:28
  • 1
    Starting with .NET 3.5 SP1, code from network drives runs with full trust. I assume the same is true of .NET 4 as well. – Joe White Jan 28 '11 at 14:21
1

We didn't find a solution here but a workaround: Don't use the app.config for the binding settings. Setting them in code works for us in the same environment.

This question by the way seems to handle a similar issue. HTH

Community
  • 1
  • 1
gumo
  • 645
  • 15
  • 35
-1

Right click on app.config -> Properties -> Unbock

alexv
  • 1