Tone's Notes

The information in KB814669 is the key to getting things to work. Interestingly the article doesn’t appear to be part of the msdn knowledge base yet. I could only find it on the support.microsoft.com site. In general, is it necessary to search both knowledge bases separately? The keywords “strong name internet explorer” return nothing useful on the msdn site. It would have saved me about 8 hours of time if I’d thought to try the same search on support.microsoft.com, but I assumed that both interfaces were accessing the same information. It would also be great if the msdn article for January 2002 could be updated with at least a link to KB814669.

Here are my remaining questions that came out of trying to determine why the functionality was failing: Rather than a phone call at 9am, perhaps you can help fill in my working knowledge for dealing with future issues:

1. Evaluate Assembly returns inconsistent results. Sometimes Upload.dll shows no permissions, other times unrestricted. Same for file: or http: scheme accesses.

On my system at least, if I use the “Microsoft .NET Framework 1.1 Configuration” tool to “Evaluate Assembly” repeatedly I get inconsistent results and eventually load errors without changing any dll’s. Using the Upload.dll built as part of the msdn article and alternating between evaluating it by file path and url path, at first I get “unrestricted access” but after a few iterations I get nothing. If I continue evaluating the same assemblies I can eventually get load errors. Exiting the tool and flushing the fusion cache seems to help clear up this behavior. If I use the browse button to find an assembly using network locations and “localhost” as the starting point, the actual path displayed in the text box appears to be an ordinary file path to a cached file(?) and not the expected “http://...” url. Isn’t this a problem for correctly interpreting security policies & security zones?

2. fuslogvw reports success on load but class constructor is never called.

I expected the fuslogvw logging output to tell me if the assembly couldn’t be loaded and if it indicated success then I expected to be able to debug the assembly – that is, I expected the assembly was loaded and I should be able to use the debugger or MessageBox to follow the execution within the assembly. Actually it appears that the security change motivating KB814669 happens in between these two layers. fuslogvw thinks the assembly is loaded, the security check prevents the assembly from running, and whatever exception may be getting thrown is silently lost to me. How can I instrument my testing scenario to catch this kind of error condition?

3. How to determine minimum security permissions required by an assembly.

When I first read the description of “Evaluate Assembly” I thought, cool, here’s a tool that can tell me what the minimum security permissions need to be for an assembly. I now understand that it is supposed to report the permissions available to an assembly when accessed through the path entered. Is my understanding correct and is there another tool to statically determine required permissions?

4. Is there a gui for clearing the download cache? c:\windows\assembly\download displays an error.

One easy question for getting this far: I use “gacutil –cdl” to clear the fusion cache. Is there a gui command alternative?

Posted by Tone Engel at 08:50 PM | Permalink | Comments (0)

www.reddnet.net. A guy who’s a bit farther down the CSK as personal blog/site road.

Bulk picture importer:

http://www.asp.net/Forums/ShowPost.aspx?tabindex=1&PostID=206921

On Pell:

·      Default site URL:

http://localhost/CommunityStarterKitCSVS

·      Default site Admin URL (just log in as Admin/Admin and click the Admin link).

http://localhost/CommunityStarterKitCSVS/Admin

·      ISP Admin URL used to add additional communities (IspAdmin,e…)

http://localhost/CommunityStarterKitCSVS/ISPAdmin

On JobQuake:

• Used DNSWIZ to add cnames for jqc, kz, koriel, romo, zak as subdomains of jobquake.com.
• Used Internet Service Manager to add host header names at port 80 for all the above to the default web site on Blaster (jobquake.com).
• Used the IspAdmin page to add communities

Changes:

2003-05-22 22:00 Thu, Fixed problem with tags in new content by adding <pages validateRequest="false" /> to web.config.

2003-05-22 22:02 Thu, Ad images and inventory seem to be site-wide in Advertisements folder. Comment out the ad rotators in the Theme’s Skins/Page Skins/*.ascx files.

2003-05-22 22:05 Thu, Downloads are stored in the database. Need to make a mod to allow downloads that have already found their way onto a web accessible server.

2003-05-23 00:08 Fri, Created a Family theme. Copied from Default initially. Modified default page to display username, modified login page to not offer new user registration. Authenticated users will be limited to accounts created by me. Once created, each can take care of their own profile. Not really tight security since anyone who can guess the url of the new account registration page can manually go there? Modified the default style sheet to control username’s text color and to change background color behind AdRotator which isn’t there now. It takes way too long to copy the site to the public server.

2003-05-23 12:28 Fri, There’s a bug in the links section in how it generates the button image urls.

2003-05-25 13:29 Sun, Added more error reporting to StaticPage loader.

// Attempt to load the control. If this fails, we're done

try {

skin = Page.LoadControl(skinFileName);

      Controls.Add(skin);

} catch (Exception e) {

string errorMessage = "The @page@ page could not be found. Please add this page to the StaticPages folder.";

      errorMessage = errorMessage.Replace( "@page@", skinFileName );

      Controls.Add( new LiteralControl( errorMessage ) );

      ontrols.Add( new LiteralControl( e.Message ) );

}

Posted by Tone Engel at 04:43 PM | Permalink | Comments (0)

There’s a major bug in security policy assignment affecting this functionality:

PRB: Security Exception When You Use Event Handlers in Internet Explorer

To turn off all assembly security policy checking: “caspol –s off”

or

Use the Framework Configuration tool to set the intranet zone to Full Trust.

Using permission sets and code groups doesn’t appear to work with strong name or url evidence.

It does work with site evidence.

.NET Framework Configuration Tool: Microsoft .NET Framework 1.1 Configuration

Got an example HTML page working with an embedded Windows.Forms.Panel derived control on it. Key syntax is:

See also: Deploying a Runtime Application Using Internet Explorer

PRB: Cannot Host .NET User Controls in Internet Explorer 6.0 from File System

You can, but it has to be registered in the GAC, regasm.exe’d and use ActiveX syntax to load it:

<OBJECT ID="idtest" CLASSID="CLSID:9F769412-6736-39DD-9B29-DEF814E32B26" CODEBASE="mytest.dll#-1,-1,-1,-1">

List the contents of the download cache:

V:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Bin\gacutil –ldl

Clear the download cache

gacutil –cdl

Host Secure, Lightweight Client-Side Controls in Microsoft Internet Explorer

Excellent article from msdn Magazine covering .NET controls in HTML pages with IE: events, params, security, ActiveX comparison.

HOW TO: Sink Managed C# Events in Internet Explorer Script

Complete code example.

A key security change requires User Control assemblies (any assembly really) to explicitly allow Internet Explorer (an partially trusted caller): Version 1 Security Changes for the Microsoft .NET Framework & KB814669

using System.Security;

[assembly:AllowPartiallyTrustedCallers]

Interestingly this article can’t be found on the MSDN online knowledge base but can be found on the support.microsoft.com site (both by kb814669 and by “strong name internet explorer”). Lesson learned, search the support site as well as the msdn site. The date on the article is 2003-04-07 so it sure isn’t on the installed MSDN content.

Debugging:

1.      Load a page containing the embedded control into IE.

2.      Go to visual studio Debug?Processes?Attach to the iexplorer.exe process running the page.

3.      Check CLR & script.

FUSLOGVW.exe

Tool to display IE object loading errors.

Generates output such as:

*** Assembly Binder Log Entry  (2003-04-27 @ 23:22:24) ***

The operation failed.

Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from:  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll

Running under executable  C:\Program Files\Internet Explorer\iexplore.exe

--- A detailed error log follows. 

=== Pre-bind state information ===

LOG: DisplayName = Upload, Version=1.0.1212.39999, Culture=neutral, PublicKeyToken=4a21a4d0f53ad996

 (Fully-specified)

LOG: Appbase = http://localhost

LOG: Initial PrivatePath = bin

LOG: Dynamic Base = NULL

LOG: Cache Base = NULL

LOG: AppName = NULL

Calling assembly : (Unknown).

===

LOG: Processing DEVPATH.

LOG: DEVPATH is not set. Falling through to regular bind.

LOG: Publisher policy file is not found.

LOG: Host configuration file not found.

LOG: Using machine configuration file from C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\config\machine.config.

LOG: Post-policy reference: Upload, Version=1.0.1212.39999, Culture=neutral, PublicKeyToken=4a21a4d0f53ad996

LOG: Cache Lookup was unsuccessful.

LOG: Attempting download of new URL http://localhost/Upload.DLL.

LOG: Attempting download of new URL http://localhost/Upload/Upload.DLL.

LOG: Attempting download of new URL http://localhost/bin/Upload.DLL.

LOG: Attempting download of new URL http://localhost/bin/Upload/Upload.DLL.

LOG: Attempting download of new URL http://localhost/Upload.EXE.

LOG: Attempting download of new URL http://localhost/Upload/Upload.EXE.

LOG: Attempting download of new URL http://localhost/bin/Upload.EXE.

LOG: Attempting download of new URL http://localhost/bin/Upload/Upload.EXE.

LOG: All probing URLs attempted and failed.

Posted by Tone Engel at 08:07 PM | Permalink | Comments (0)

The “View:” description of a label spec looks like:

//depot/Tone/kzDev/VSP/...

"-//depot/Tone/kzDev/VSP/3rd Party/..."

"-//depot/Tone/kzDev/VSP/AppointMed/..."

Quotes are needed if the path contains a space.

Hyphen excludes the path.

Once the label has been created and the path filters specified, specific file versions falling within the filter must be added to the label.

View:

      "//depot/Tone/kzDev/VSP/Job Blaster/..."

      "//depot/Tone/kzDev/VSP/JobQuake Admin/..."

      //depot/Tone/kzDev/VSP/Spider/...

      //depot/Tone/kzDev/VSP/HttpHtmlToXml/...

      //depot/Tone/kzDev/VSP/DataGridColumnStyles/...

      //depot/Tone/kzDev/VSP/Geography/...

      //depot/Tone/kzDev/VSP/Resources/...

      //depot/Tone/kzDev/VSP/SiteMonitor/...

      //depot/Tone/kzDev/VSP/Utility/...

      //depot/Tone/kzDev/VSP/WebUtility/...

      "//depot/Tone/kzDev/VSP/ActiveX References/..."

      //depot/Inetpub/wwwroot/Services/JobBlasterServices/...

      //depot/Inetpub/wwwroot/jqa/...

      //depot/Inetpub/wwwroot/WebUtility

Posted by Tone Engel at 10:05 AM | Permalink | Comments (0)

Posted by Tone Engel at 09:20 AM | Permalink | Comments (0)

An easy way to define css styles that are functions of client script, note that the document.write inserts a string after the block of script in which it is embedded:

var CSSInsertion =

      '<STYLE><!--\r\n'

      +'@FONT-FACE {FONT-FAMILY:MYFONTONE; FONT-STYLE:NORMAL; FONT-WEIGHT:NORMAL; SRC:URL(../fonts/font.eot);}'

      +'.BOOKTITLE {BACKGROUND-IMAGE:URL('+BeforeReference+'Basics/banner.gif);}'

      +'\r\n// --></STYLE>';

document.write(CSSInsertion);

Posted by Tone Engel at 10:04 AM | Permalink | Comments (0)