当未向用户授予对根共享的访问权限时,从网络共享运行.net exe将部分信任运行 [英] Running a .net exe from a network share runs in partial trust when the access to root-shared is not granted to user
问题描述
我遇到一种常见的共享网络路径的情况,例如" \ 10.x.x.x \ CommonShare ".仅管理员具有此路径的权限.
I have a situation where there is common shared network path let's say "\10.x.x.x\CommonShare". Only administrator has got permission on this path.
现在在通用共享内部,我们创建了特定于用户的文件夹,该特定用户将拥有完全访问权限.像用户 XYZ 一样,其对 \ 10.x.x.x \ CommonShare \ XYZ
Now inside the commonshare we create user-specific folders where that particular user will have full access. Like user XYZ will have full access on \10.x.x.x\CommonShare\XYZ
现在,用户XYZ在他自己的框中登录,然后他从那里运行一个可执行文件,该文件位于共享文件夹 \ 10.xxx \ CommonShare \ XYZ \ testApp.exe
Now the user XYZ logs-in in his own box and from there he runs an executable which is available in the shared folder \10.x.x.x\CommonShare\XYZ\testApp.exe
已将其配置为可通过配置中的网络共享进行访问,如下所示:
Have configured it to be accessible form network share in the config like following:
\ 10.x.x.x \ CommonShare \ XYZ \ testApp.exe.config
\10.x.x.x\CommonShare\XYZ\testApp.exe.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/>
</startup>
<runtime>
<!--<NetFx40_LegacySecurityPolicy enabled="true"></NetFx40_LegacySecurityPolicy>-->
<loadFromRemoteSources enabled="true"/>
</runtime>
</configuration>
虽然exe可以运行,但是在调用System.Net.IwebProxy时失败.
Although the exe runs but it fails when call to System.Net.IwebProxy is made.
但是,当为用户添加对根共享路径的只读访问权限时,所有这些都可以正常工作.但不幸的是,这不是客户愿意做的事情.
But when read-only access to the root shared path is added for the user all these works fine. But unfortunately that is not something client is willing to do.
如果有人遇到类似问题,请分享.在给定方案中,如何通过网络共享.net exe(目标框架4.0客户端配置文件)以完全信任的方式运行.我尝试使用CASPOL,但仍然存在此问题.
If somebody faced similar issue please share. How from a network share a .net exe (target framework 4.0 Client Profile) can be run with full-trust in the given scenario. I tried using CASPOL but there also this issue remains.
谢谢.
推荐答案
为此向Microsoft提出了建议,并获得了一些解决方法.
Approached Microsoft for this and got some work-around.
行为改变是设计使然.要解决此问题,需要在客户端计算机中添加一个注册表项,如下所示.
The behavioral change is by design. To resolve this A Registry key need to be added in client machine like following.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ FltMgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
添加此条目 名称: UseTildeShortcut(DWORD) 数据: 1
add this entry Name: UseTildeShortcut(DWORD) Data: 1
另一种解决方法是使共享名以及路径中的所有文件夹名至少为8个字符.一些讨论可以在此处的另一个Microsoft-KB中找到.
Another workaround is to have the share name as well as all folder names in the path to be at least 8 characters. Some discussion available in another Microsoft-KB here.
在可执行文件中,基于Winsock的操作在Windows 7或Windows Server 2008 R2中失败位于NFS共享上.
这篇关于当未向用户授予对根共享的访问权限时,从网络共享运行.net exe将部分信任运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
