Assembly load-bind-security, Fuslogvw,
The information in KB814669 is the key to getting things to work. Interestingly the article doesn’t appear to be part of the msdn knowledge base yet. I could only find it on the support.microsoft.com site. In general, is it necessary to search both knowledge bases separately? The keywords “strong name internet explorer” return nothing useful on the msdn site. It would have saved me about 8 hours of time if I’d thought to try the same search on support.microsoft.com, but I assumed that both interfaces were accessing the same information. It would also be great if the msdn article for January 2002 could be updated with at least a link to KB814669.
Here are my remaining questions that came out of trying to determine why the functionality was failing: Rather than a phone call at
- Evaluate Assembly returns inconsistent results. Sometimes Upload.dll shows no permissions, other times unrestricted. Same for file: or http: scheme accesses.
On my system at least, if I use the “Microsoft .NET Framework 1.1 Configuration” tool to “Evaluate Assembly” repeatedly I get inconsistent results and eventually load errors without changing any dll’s. Using the Upload.dll built as part of the msdn article and alternating between evaluating it by file path and url path, at first I get “unrestricted access” but after a few iterations I get nothing. If I continue evaluating the same assemblies I can eventually get load errors. Exiting the tool and flushing the fusion cache seems to help clear up this behavior. If I use the browse button to find an assembly using network locations and “localhost” as the starting point, the actual path displayed in the text box appears to be an ordinary file path to a cached file(?) and not the expected “http://...” url. Isn’t this a problem for correctly interpreting security policies & security zones?
- fuslogvw reports success on load but class constructor is never called.
I expected the fuslogvw logging output to tell me if the assembly couldn’t be loaded and if it indicated success then I expected to be able to debug the assembly – that is, I expected the assembly was loaded and I should be able to use the debugger or MessageBox to follow the execution within the assembly. Actually it appears that the security change motivating KB814669 happens in between these two layers. fuslogvw thinks the assembly is loaded, the security check prevents the assembly from running, and whatever exception may be getting thrown is silently lost to me. How can I instrument my testing scenario to catch this kind of error condition?
- How to determine minimum security permissions required by an assembly.
When I first read the description of “Evaluate Assembly” I thought, cool, here’s a tool that can tell me what the minimum security permissions need to be for an assembly. I now understand that it is supposed to report the permissions available to an assembly when accessed through the path entered. Is my understanding correct and is there another tool to statically determine required permissions?
- Is there a gui for clearing the download cache? c:\windows\assembly\download displays an error.
One easy question for getting this far: I use “gacutil –cdl” to clear the fusion cache. Is there a gui command alternative?