1. 技术文章
  2. Running a .net exe from a network share runs in partial trust when the access to root-shared is not granted to user

Running a .net exe from a network share runs in partial trust when the access to root-shared is not granted to user

假装没事ソ 提交于 2019-12-25 04:01:09

问题


I have a situation where there is common shared network path let's say "\10.x.x.x\CommonShare". Only administrator has got permission on this path.

Now inside the commonshare we create user-specific folders where that particular user will have full access. Like user XYZ will have full access on \10.x.x.x\CommonShare\XYZ

Now the user XYZ logs-in in his own box and from there he runs an executable which is available in the shared folder \10.x.x.x\CommonShare\XYZ\testApp.exe

Have configured it to be accessible form network share in the config like following:

\10.x.x.x\CommonShare\XYZ\testApp.exe.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/>

  </startup>
  <runtime>
    <!--<NetFx40_LegacySecurityPolicy enabled="true"></NetFx40_LegacySecurityPolicy>-->
    <loadFromRemoteSources enabled="true"/>
  </runtime>
</configuration>

Although the exe runs but it fails when call to System.Net.IwebProxy is made.

But when read-only access to the root shared path is added for the user all these works fine. But unfortunately that is not something client is willing to do.

If somebody faced similar issue please share. How from a network share a .net exe (target framework 4.0 Client Profile) can be run with full-trust in the given scenario. I tried using CASPOL but there also this issue remains.

Thanks.


回答1:


Approached Microsoft for this and got some work-around.

Attempt to construct a Socket or TCP Client fails

The behavioral change is by design. To resolve this A Registry key need to be added in client machine like following.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

add this entry Name: UseTildeShortcut(DWORD) Data: 1

Another workaround is to have the share name as well as all folder names in the path to be at least 8 characters. Some discussion available in another Microsoft-KB here.

Winsock-based operations fail in Windows 7 or in Windows Server 2008 R2 if the executable file is located on an NFS share.



来源:https://stackoverflow.com/questions/35156188/running-a-net-exe-from-a-network-share-runs-in-partial-trust-when-the-access-to

标签
c#
security
network-share
full-trust
partial-trust
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!