Give full trust to .NET assembly hosted in a Web page in Internet Explorer
I have a .NET 2.0 assembly that runs in the Internet Explorer Web browser as hosted control. The assembly is called ExampleControl.dll. The HTML file used to display it is the following:
<html> <body> <object id="dotnetControl" classid="http://localhost/ExampleControl.dll#ExampleControl.UserControlSQLData" width="600" height="500"> </object> </body> </html>
Now I want to increase its priviledges to be able to connect to Microsoft SQL Server. If I just create a new code group with FullTrust permission set in .NET Framework 2.0 Configuration Runtime Security Policy for all assemblies comming from URL=”http://localhost/MyWebApp/*”, I get the following error message:
System.Security.SecurityException: Request for the permission of type ‘System.Data.SqlClient.SqlClientPermission, System.Data, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.
It is strange, because my assembly actually has the SqlClientPermission (this can be seen by “Evaluate Assembly”). Eventhough the .NET control in my Web browser cannot connect to SQL Server.
To solve this problem I needed to give FullTrust to whole the Web site (URL=”http://localhost/*”), not only to my Web application (URL=”http://localhost/MyWebApp/*”).
I tried to assert the required permission by calling new SqlClientPermission().Assert(), but with no result. The only way to solve the problem I found is to to give FullTrust to whole the Web site (URL=”http://localhost/*”).