Custom Assembly Security

Hello Everyone,

When I run my report from report manager, I get the following error message

Failed to load expression host assembly. Details: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

My report uses a custom assembly. I have already done the following

1. copied the assembly in the "reportserver\bin" and the "common 7\privateassemblies" area

2. Made the following entry in the rssrvpolicy.config

<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="RSUtil.TranslationHelper"
Description="Translation Helper Utility">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:\Program Files\Microsoft SQL Server\MSSQL.5\Reporting Services\ReportServer\bin\AMOTest.dll"
/>
</CodeGroup>

3. Added the following line to my assemblyinfo.cs file

[assembly: AllowPartiallyTrustedCallers]

regards,

Abhishek.

See if this KB article will help. If not and nothing else helps, you should be able to elevate the expression policy from Execution to FullTrust in rssrvpolicy.config to get around the security issue.

I have gone through this article before, based on that (as mentioned in point 2) I have created more or less the same entry in rssrvpolicy.config file.

Only difference is that my membership condition is not StrongNameMembershipCondition but UrlMembershipCondition.

Is that what is causing the mscorlib not to load

In the meantime, I will try with the StrongNameMembershipCondition as well

I am still getting the following error

Failed to load expression host assembly. Details: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

I tried both the options below in my rssrv

1. <CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="RSUtil.TranslationHelper"
Description="Translation Helper Utility">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001006369F01C85658052C70220BDCE29C0E49ACE83474C6AAE447B2C224CE2484B5FDE027D79CE0EE72A3B2222D4F170947247E46324A37EA70EE5280321AABCBED4A1D9A04E1E7158C8188944469D9372054B0A67ABCD953F369EC9A22B20B1307D3CC06215686DA65707C691C7CD3AFD2E1747C72BCFCA8F3A2D7BD8B2F73D29B3"
/>
</CodeGroup>

2. <CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="RSUtil.TranslationHelper"
Description="Translation Helper Utility">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:\Program Files\Microsoft SQL Server\MSSQL.5\Reporting Services\ReportServer\bin\AMOTest.dll"
/>
</CodeGroup>

However both these settings didn't have any effect and the problem continued to occur.

I also searched for a solution and found this article on the web by Bryant Likes

http://blogs.sqlxml.org/bryantlikes/pages/824.aspx

It takes about making certain assertions in the code for example....

[FileIOPermissionAttribute(SecurityAction.Assert, Read="c:\\temp\\hello.txt")]
public static string HelloFromFile()

However in my code I don't do any fileIO so I don't know on which file should I do the assertion. The code which I am calling contains AMO (Analysis Management Objects API)

Hello Teo,

Thanks for helping me. I have solved the previous another but now landed in another one.

Now i am getting the error

Failed to load expression host assembly. Details: That assembly does not allow partially trusted callers.

Here are the things which I have done to solve this (and previous) issue

1. Added the following line to the AssemblyInfo.cs

[assembly: AllowPartiallyTrustedCallers]

2. I removed the strong name from the assembly.

3. Asserted the following Permissions in my code

[FileIOPermissionAttribute(SecurityAction.Assert, Unrestricted=true)]
[EnvironmentPermission(SecurityAction.Assert, Unrestricted=true)]
[SqlClientPermission(SecurityAction.Assert, Unrestricted=true)]
[SecurityPermission(SecurityAction.Assert, Unrestricted=true)]

4. Created a NamedPermissionSet in rssrvpolicy.config

<PermissionSet
class="NamedPermissionSet"
version="1"
Name="TestPermission">
<IPermission class="EnvironmentPermission"
version="1"
Unrestricted="true"/>
<IPermission class="FileIOPermission"
version="1"
Unrestricted="true"/>
<IPermission class="SecurityPermission"
version="1"
Unrestricted="true"/>
<IPermission class="SqlClientPermission"
version="1"
Unrestricted="true"/>
</PermissionSet>

5. Created two code groups in rssrvpolicy.config

<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="TestPermission"
Name="TestCodeGroup"
Description="">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="file:///C:\Program Files\Microsoft SQL Server\MSSQL.5\Reporting Services\ReportServer\bin\AMOTest.dll"/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Report_Expressions_Default_Permissions"
Description="This code group grants default permissions for code in report expressions and Code element. ">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100512C8E872E28569E733BCB123794DAB55111A0570B3B3D4DE3794153DEA5EFB7C3FEA9F2D8236CFF320C4FD0EAD5F677880BF6C181F296C751C5F6E65B04D3834C02F792FEE0FE452915D44AFE74A0C27E0D8E4B8D04EC52A8E281E01FF47E7D694E6C7275A09AFCBFD8CC82705A06B20FD6EF61EBBA6873E29C8C0F2CAEDDA2"/>
</CodeGroup>

> Are you using other .net assemblies in your custom assembly If so you have to assert permissions as mentioned in

> KBA842419 - System.Data.SqlClient.SqlClientPermission pSql = new SqlClientPermission

> (System.Security.Permissions.PermissionState.Unrestricted);

> pSql.Assert();

Won't the attribute do the job of the assert I have already decorated my code with the following attribute

[SqlClientPermission(SecurityAction.Assert, Unrestricted=true)]