Thursday, December 18, 2003 9:47 AM szurgot

.NET Security wish (Security Exception)

Here's a .NET security wish list item, and it's even in keeping with good coding practice of never showing error messages with too much information.

When a program/assembly can't execute because of security restrictions (hosted in the internet zone, and permissions aren't set on the client), there should be a standard dialog box that pops up, saying that security restrictions prohibit this control from running (much like Active X does now) *and* also some information about how to contact the vendor.

We have an application that uses Interop for dumping files, and the clients who can access it, are more than willing to give us the permissions, but the only way to get a good security dialog was to wrap the control up in another control that can catch the security exception.

Filed under:

Comments

# re: .NET Security wish (Security Exception)

Thursday, December 18, 2003 10:31 AM by Robert Hurlbut

If I understand correctly, Whidbey is supposed to address better SecurityException information handling.

# re: .NET Security wish (Security Exception)

Thursday, December 18, 2003 11:48 AM by John Bristowe

+1

I would suggest going one step further; why not run a tool like permview.exe to see what permissions are being requested by the assembly? The dialog could then inform the user what permissions need to be granted in order for the assembly to execute.

This, of course, assumes that developers are persisting permissions in the assembly metadata. (Quite a few aren't.)