.NET Security Exception only in external code
https://stackoverflow.com/questions/12940615
-
07-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am using VS2012 with VB.NET for a winfowms app, using Active Directory roles. Running the program as a user without permissions, I am getting an (expected) security exception when trying to launch this form.
I have a form that looks like this:
<PrincipalPermission(SecurityAction.Demand, Role:=Security.Roles.ADMINISTRATORS)> _
<PrincipalPermission(SecurityAction.Demand, Role:=Security.Roles.CORRECTIVE_ACTION_EDITORS)> _
<PrincipalPermission(SecurityAction.Demand, Role:=Security.Roles.GRIEVANCE_EDITORS)> _
<PrincipalPermission(SecurityAction.Demand, Role:=Security.Roles.ABOLISHMENT_EDITORS)> _
Public Class EmployeeInformationForm
...
End Class
The call to the code looks like this:
Private Sub SendEmployeeIDToEmployeeInformationForm(ByVal ID_in As String, ByVal employeeRecord_in As String)
...
If Not formFound Then
' Create a new instance of the child form.
Dim ChildForm As New EmployeeInformationForm(ID_in, employeeRecord_in) ' ** throws expected security exception here**
Try
' Make it a child of this MDI form before showing it.
ChildForm.MdiParent = Me.MdiParent
...
ChildForm.Show()
Catch ex As Exception
ChildForm.Close()
Throw
End Try
End If
After 15 or 16 attempts (or maybe the variable is "after about 1 minute"?) the program crashes.
UPDATE: after more input of any kind the program crashes. I have debugged the code as the user without permissions, and was able to capture the exception being thrown - apparently from nowhere. It is very weird saying "The call stack contains only external code", and displays the following:
This thread is stopped with only external code frames on the call stack. External code frames are typically from framework code but can also include other optimized modules which are loaded in the target process.
Call stack with external code
mscorlib.dll!System.Security.Permissions.PrincipalPermission.ThrowSecurityException()
mscorlib.dll!System.Security.Permissions.PrincipalPermission.Demand()
mscorlib.dll!System.Security.PermissionSet.DemandNonCAS()
[Native to Managed Transition]
[Managed to Native Transition]
OHRC Database.exe!OHRC_Database.EmployeeInformationForm.Dispose(Boolean disposing)
System.dll!System.ComponentModel.Component.Finalize()
It seems to imply it is having a hard time closing the form? Can anyone tell me why it is throwing this exception?
Solution
The exception is being thrown from the finalization thread (the Finalize() call in your exception stack trace is the hint for this), and the user identity on that thread doesn't have the right permissions either. See http://msmvps.com/blogs/calinoiu/archive/2006/01/07/why-is-my-application-coughing-up-a-securityexception-after-my-code-stops-running.aspx for further details and a fix.
HTH, Nicole
