Exists a replacement for the command-line-tool CASPOL.exe?
When trying to execute a .NET-App, it throws a "PolicyException", because "only one group is allowed". The tool should list existing settings, and allow to delete selected settings. Using caspol to list is not helpful, it is开发者_运维百科 cruel.
I've seen there is a simple gui-frontend, which allows to define NEW settings, but it does not allow to list or delete existing settings.
Caspol is a nightmare, no wonder anyone uses it by choice. With .NET 1.1 Microsoft delivered a configuration-utility, but for .NET 2.0 i've found nothing.
There's a Configuration Applet for 2.0 as well, think it comes with the 2.0 SDK. If you got it installed it should be in the Admin Tools
and be called "Microsoft .NET Framework 2.0 Configuration".
You can do your own tool (gui or command-line) with this piece of code:
static void SetPermission( string target ) {
try {
// Find the machine policy level
PolicyLevel machinePolicyLevel = null;
System.Collections.IEnumerator policyHierarchy = SecurityManager.PolicyHierarchy();
while ( policyHierarchy.MoveNext() ) {
PolicyLevel level = (PolicyLevel)policyHierarchy.Current;
if ( level.Label == "Machine" ) {
machinePolicyLevel = level;
break;
}
}
if ( machinePolicyLevel == null ) {
throw new ApplicationException(
"Could not find Machine Policy level. Code Access Security " +
"is not configured for this application."
);
}
// Create a new FullTrust permission set
PermissionSet permissionSet = new NamedPermissionSet( "FullTrust" );
IMembershipCondition membershipCondition = new UrlMembershipCondition( target );
// Create the code group
PolicyStatement policyStatement = new PolicyStatement( permissionSet );
CodeGroup codeGroup = new UnionCodeGroup( membershipCondition, policyStatement );
codeGroup.Description = "Custom code group created by PermSet utility.";
codeGroup.Name = "CustomCodeGroup-" + Guid.NewGuid().ToString();
// Add the code group
machinePolicyLevel.RootCodeGroup.AddChild( codeGroup );
// Save changes
SecurityManager.SavePolicy();
}
catch ( Exception ex ) {
Console.WriteLine();
Console.WriteLine( ex.ToString() );
throw;
}
}
The utility is part of the SDK in .Net 2.0. Make sure that's installed.
Also, you might be interested to know that .Net 3.5 sp1 and later removed some of the pain points with CAS.
MsCorCfg doesn't seem to have been made available with later releases of visual studio. I have 2010, but have not been able to locate this file.
精彩评论