Bryant Likes's Blog

It's all about WebData

Recent Posts

Tags

News


  • Windows Live Alerts
    View Bryant Likes's profile on LinkedIn

    Me

    The posts on this weblog are provided "as is" with no warranties and confer no rights. The opinions expressed herin are the personal opinions of the individual authors and do not represent the views of Avanade in any way.

Community

Email Notifications

Archives

Accessing Databases via Custom Code

Another good question in response to my Custom Code in Report Services article.

I am trying to access a database through a custom assembly and I already have the following in the rssrvpolicy.config file , but I still get the #Error. [snip] Do I need an associated permission set? And what would that be if I do, I dont know?

The answer that yes you do need an associated permission set. If you're using the System.Data.SqlClient to connection to a SQL Server database then you will need the SqlClientPermission. This would look like:

<PermissionSet
    class="NamedPermissionSet"
    version="1"
    Name="MyDatabasePermissionSet"
    Description="A special permission set that grants sql access.">
  <IPermission
      class="SqlClientPermission"
      version="1"
      Unrestricted="true"
  />
  <IPermission
      class="SecurityPermission"
      version="1"
      Flags="Execution, Assertion"
  />
</PermissionSet>

So where did I get this information from? I already knew that the SqlClientPermission was what I needed from some previous projects and I was able to determine what the IPermission section should look like based on Lamont's post. However, this brings up something that I've been unable to figure out: how do you figure out what should be in the IPermission section?

Maybe I'm just missing it but I read through a few CAS articles and I've searched through the documentation and yet somehow this remains a total mystery to me. Is this documented somewhere? Can you point me to it?

The question (from above) continues:

And do I need to do step 3 and 4 of your article for my custom assembly if I am only accessing a database from my function.
And If I do, what would step 3 and 4 be?

Yes you do need to do steps 3 and 4. Step 4 would be exactly the same. In step 3 you would need to assert the SqlClientPermission on your method as follows:

[VB]
<SqlClientPermission(SecurityAction.Assert)> _
Public Shared Function Foo() as String
...

[C#]
[SqlClientPermission(SecurityAction.Assert)]
public static string Foo()
...

I'm going to go back and read up some more on CAS. It is something every .Net developer should understand.

Update:

For some reason when I was testing this I was getting a security exception even though I was asserting SqlClientPermission on the method call. I found I had to actually assert the permission in my code before it would work. The code I used is posted below. I would really like to understand this better but I'm actually heading out of town for a few days with my wife for our 1st wedding anniversary.

[VB]
Dim perm as SqlClientPermission new SqlClientPermission(PermissionState.Unrestricted)
perm.Assert()
'' SQL CODE HERE
CodeAccessPermission.RevertAssert()

[C#]
SqlClientPermission perm = new SqlClientPermission(PermissionState.Unrestricted);
perm.Assert();
// SQL CODE HERE
CodeAccessPermission.RevertAssert();

 

Posted: Jul 21 2004, 02:10 PM by bryantlikes | with 8 comment(s)
Filed under: ,

Comments

bryantlikes said:

Bryant is too good. Your the man!
Thanks,
Don
# July 22, 2004 5:08 AM

bryantlikes said:

The reason you need initiate permission object in your code is that you did not assert unrestricted permission on your permissio attributes for the protected method.

using this one should eliminate the usage of instance of sqlclientpermission in your code:

[Visual Basic]
<SqlClientPermission(Permissions.SecurityAction.Assert, Unrestricted:=True)>

[C#]
[SqlClientPermission(Permissions.SecurityAction.Assert, Unrestricted=True)]

Regards,

Henry Wang
Expired MCT,MCSE+I,MCSD,MCDBA
# September 13, 2004 9:45 PM

bryantlikes said:

I was wondering if it is possible to access authentication cookie values directly from cutom code. I am using custom authentication. I tried accessing it with HttpCookie class after referencing system.web. It didn't give an error at compile time but gives one at runtime. Do you know if it's possible.

Do I need an associated permission set? Do you know what the IPermission section should in this case

Any sample code would be helpful.

PR
# September 28, 2004 7:29 AM

bryantlikes said:

Hi,Bryant, Can you help me to figure out how to reference other instance(like in other businee lay) which in the different project in Custom Code.

For Example, I have a
Function getString(parm1,parm2) as String

dim s as new aObjectFromBusinessLay-----((this object have database access)))
s.ID=123
s.Load()
getString=s.getString()
End Function

If I call this function in web form I can get the right result so the function its self work. But when I treat it as Custom Assemply code and reference in report as instance base custom code. I can do any instance base custom code if not use any reference to another object in my function. I try to follow your article to change the associated permission set in the policy config file. I still get the #error in my report.
# October 13, 2004 9:10 AM

bryantlikes said:

Thanks a lot, you helped me.
# October 15, 2004 4:40 AM

bryantlikes said:

I still get the #Error (Security Exception) and I have done everything that both your articles say. Any other suggestions?

Thanks for doing this, btw.
# November 1, 2004 12:51 PM

Ed Allison said:

This has really helped me out, and I am very grateful.
# March 30, 2006 8:43 AM

Adrian said:

Hi everyone. :)

Has anyone managed to get this to work with Visual Studio 2005? I'm using C# where I wrote a custom assembly for my Reporting Services (SQL 2005) and I am still stuck with all these permissions problems.

Thanks a mil,

Adrian.

# November 11, 2006 10:31 AM
Leave a Comment

(required) 

(required) 

(optional)

(required)