How to grant unmanaged code acess to a windows forms hosted in a html?

I am trying to host a windows forms control in C# inside an html page and then host that web page in IIS in order to be accessible by other client machines. The problem is: the user control uses some unmanaged code, which triggers a SecurityPermissionException when accessing using another machine.

I've managed to dumb down my code to an elementary example in order to pinpoint the error and I just can't seem to find an answer to this.

Here's my user control:

   // To handle strong named assembly
[assembly: AllowPartiallyTrustedCallers]

namespace WinFormsHTMLControl
{
    [SecurityPermissionAttribute(SecurityAction.Assert, UnmanagedCode = true)]    // to allow assertions regarding unmanaged code permissions
    public partial class HelloWorldControl : UserControl
    {
        #region Methods/Consts for Embedding a Window

        [DllImport("user32.dll", SetLastError = true)]
        private sta开发者_如何转开发tic extern IntPtr FindWindow(string lpClassName, string lpWindowName);

        #endregion

        public HelloWorldControl()
        {
            InitializeComponent();
        }

        private void btnClick_Click(object sender, EventArgs e)
        {
            new SecurityPermission(PermissionState.Unrestricted).Assert();

            IntPtr picBoxHandle = FindWindow("IEFrame", "Internet Explorer");
            lblMessage.Text = picBoxHandle.ToString();

            SecurityPermission.RevertAssert();                      
        }
    }
}

I've signed the assembly with a key, I've created a Permission Set in .NET Configuration Tool in order to grant acess to unmanaged code, and created a CodeGroup pointing to the strong key used to name the assembly. I've also created an MSI in order to copy these settings to other machines (i've done this both at Enterprise and Machine levels).

Despite all this, this code still triggers a SecurityPermissionException when I click the button...

Am I missing something here?

IE is sandboxed and you're trying to perform an operation that you can't perform-- ie, calling directly into user32 from a website. Imagine how dangerous the internet would be if anybody could do that on any website. Your core architecture is flawed.