Running a .net exe from a network share runs in partial trust when the access to root-shared is not granted to user

2.1k views Asked by At

I have a situation where there is common shared network path let's say "\10.x.x.x\CommonShare". Only administrator has got permission on this path.

Now inside the commonshare we create user-specific folders where that particular user will have full access. Like user XYZ will have full access on \10.x.x.x\CommonShare\XYZ

Now the user XYZ logs-in in his own box and from there he runs an executable which is available in the shared folder \10.x.x.x\CommonShare\XYZ\testApp.exe

Have configured it to be accessible form network share in the config like following:

\10.x.x.x\CommonShare\XYZ\testApp.exe.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/>

  </startup>
  <runtime>
    <!--<NetFx40_LegacySecurityPolicy enabled="true"></NetFx40_LegacySecurityPolicy>-->
    <loadFromRemoteSources enabled="true"/>
  </runtime>
</configuration>

Although the exe runs but it fails when call to System.Net.IwebProxy is made.

But when read-only access to the root shared path is added for the user all these works fine. But unfortunately that is not something client is willing to do.

If somebody faced similar issue please share. How from a network share a .net exe (target framework 4.0 Client Profile) can be run with full-trust in the given scenario. I tried using CASPOL but there also this issue remains.

Thanks.

1

There are 1 answers

0
Rajesh Raushan On

Approached Microsoft for this and got some work-around.

Attempt to construct a Socket or TCP Client fails

The behavioral change is by design. To resolve this A Registry key need to be added in client machine like following.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

add this entry Name: UseTildeShortcut(DWORD) Data: 1

Another workaround is to have the share name as well as all folder names in the path to be at least 8 characters. Some discussion available in another Microsoft-KB here.

Winsock-based operations fail in Windows 7 or in Windows Server 2008 R2 if the executable file is located on an NFS share.