2

I am running SQL Server locally only. I am building a project with VS 2017 community. I created a CLR procedure, and uploaded it as an assembly successfully. The class and the method are public. I created a SQL standard proc to call the clr proc with permissions_set = external_access. Trustworthy is on. Alter authorization is set to sa.

All it does is execute a bat file: cmd.exe c:\temp\test.bat

But I'm still getting an error 6522 Security Exception.

When I run the method as a console app, it runs perfect. But in SQL Server, no go.

I'd be very grateful for any advice - this is my first attempt with CLR.

Code:
using System;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;
using System.IO;
using System.Diagnostics;
using System.Text;


public partial class StoredProcedures
{
    [Microsoft.SqlServer.Server.SqlProcedure]
    public static void RunTestBat()
    {
        ProcessStartInfo pPStartInfo = new ProcessStartInfo("cmd.exe");
        pPStartInfo.WorkingDirectory = @"C:\Temp";

        pPStartInfo.UseShellExecute = true;
        pPStartInfo.Arguments = string.Format(@" /C test.bat");

        Process p = new Process();
        p.StartInfo = pPStartInfo;        
        p.Start();
        p.WaitForExit();
    }
};
Solomon Rutzky
  • 46,688
  • 9
  • 128
  • 171
Coreysan
  • 23
  • 5

1 Answers1

0

[SQLCLR] proc with permissions_set = external_access

That is the problem. You are using threading, which requires the PERMISSION_SET to be UNSAFE.

Also, while Visual Studio offers little help in this area, you generally should not set your database's to TRUSTWORTHY ON. Yes, it is the simple fix for this annoying problem, but it isn't a good / long-term fix, especially for production. There is a way (two ways, actually) to set things up correctly to use an Asymmetric Key / Strong Name Key or Certificate to handle the security. Both approaches can be made to work within the structure of Visual Studio / SQL Server Data Tools (SSDT). Some info here (an answer of mine here on S.O.):

CLR Strict Security on SQL Server 2017

And two blog posts of mine, each dealing with a different approach:

For more info on working with SQLCLR in general, please visit:

SQLCLR.org

Solomon Rutzky
  • 46,688
  • 9
  • 128
  • 171
  • 1
    Brilliant. Thanks so much for the guidance! – Coreysan Sep 13 '18 at 17:25
  • 1
    Solomon - I wanted to give you an upvote, but apparently I'm too new to StackOverflow to allow it. I hope the comment serves to help. You're one of the few who actually answered the question instead of asking for more useless details! – Coreysan Sep 13 '18 at 21:33
  • @Coreysan Thanks, is ok. Yeah, I think you need 20 pts in order to vote. And again, you are welcome. Of course, I don't see that anyone has asked for any details on the question. Either way, glad the info helped out :) – Solomon Rutzky Sep 13 '18 at 22:17