Wednesday, July 16, 2008

Run .NET Code from a shared drive/directory

Security is an issue whenever running code from an untrusted source like a shared or network drive. It would be nice to be able to put an application on a share drive to run whether it be in C# or VB .NET.

Normally, when you try to run .NET code on a shared network drive you will get an exception like System.Security.Permissions.SecurityPermission .


There is a way to relax the security via the caspol.exe command(For .Net Framework 2.0 "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -s off").

An application may be launched with one simple batch file as follows:

AllInOne.BAT:
@ECHO OFF

REM Relax security constraints for .NET
START C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -s off

REM Pause until first command has executed
Set Count=1
:LOOP
Set /A Count=%Count%+1
If %Count% lss 100 GoTo :LOOP

REM Launch .NET application
"""SomeExecutable.exe"""

REM Remove relaxation of security constraints
TASKKILL /im CasPol.exe

@ECHO ON

*****************************

A pause is required to allow caspol to start up before launching the .NET application.

But of course this implementation does meet the requirements of launching the .NET application from the shared location but there are those DOS windows which are open and probably not that desirable.

These can be avoided with 2 BAT files and 2 VBS files as follows. This is just one way of doing it but there are probably better ways out there.

launch.bat (Main file)
****************
@ECHO OFF
REM Main Launch for .NET application on share drive
REM VBS script used so there is not a DOS console opened up

START launchtasks.vbs

@ECHO ON

****************

launchtasks.vbs
****************
On Error Resume Next

CmdLine = """tasks.bat"""
Params = ""
CmdLine = CmdLine & " " & Params

'Launch without window
wscript.echo fShellRun(CmdLine)

Function fShellRun(sCommandStringToExecute)
' This function will accept a string as a DOS command to execute.
' It will then execute the command in a shell, and capture the output into a file.
' That file is then read in and its contents are returned as the value the function returns.
Dim oShellObject, oFileSystemObject, sShellRndTmpFile
Dim oShellOutputFileToRead, iErr
Set oShellObject = CreateObject("Wscript.Shell")
Set oFileSystemObject = CreateObject("Scripting.FileSystemObject")
sShellRndTmpFile = oShellObject.ExpandEnvironmentStrings("%temp%") & oFileSystemObject.GetTempName
On Error Resume Next
oShellObject.Run sCommandStringToExecute & " > " & sShellRndTmpFile, 0, True
iErr = Err.Number
On Error GoTo 0
If iErr <> 0 Then
fShellRun = ""
Exit Function
End If
fShellRun = oFileSystemObject.OpenTextFile(sShellRndTmpFile,1).ReadAll
oFileSystemObject.DeleteFile sShellRndTmpFile, True
End Function

****************

tasks.bat
****************
@ECHO OFF

REM Relax security constraints for .NET
REM Run this in VBS to avoid a DOS WINDOW
START caspol.vbs

REM Pause until first command has executed
Set Count=1
:LOOP
Set /A Count=%Count%+1
If %Count% lss 70 GoTo :LOOP

REM Launch .NET application
"""SomeExecutable.exe"""

REM Remove relaxation of security constraints (The >NUL is to avoid showing the info on the processes terminated)
TASKKILL /im CasPol.exe >NUL

@ECHO OFF

****************


caspol.vbs
****************
On Error Resume Next

'The command below will also depend on the .NET version of the application you are running

CmdLine = """C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe"""
Params = "-s off"
CmdLine = CmdLine & " " & Params

'New way without window
wscript.echo fShellRun(CmdLine)

Function fShellRun(sCommandStringToExecute)
' This function will accept a string as a DOS command to execute.
' It will then execute the command in a shell, and capture the output into a file.
' That file is then read in and its contents are returned as the value the function returns.
Dim oShellObject, oFileSystemObject, sShellRndTmpFile
Dim oShellOutputFileToRead, iErr
Set oShellObject = CreateObject("Wscript.Shell")
Set oFileSystemObject = CreateObject("Scripting.FileSystemObject")
sShellRndTmpFile = oShellObject.ExpandEnvironmentStrings("%temp%") & oFileSystemObject.GetTempName
On Error Resume Next
oShellObject.Run sCommandStringToExecute & " > " & sShellRndTmpFile, 0, True
iErr = Err.Number
On Error GoTo 0
If iErr <> 0 Then
fShellRun = ""
Exit Function
End If
fShellRun = oFileSystemObject.OpenTextFile(sShellRndTmpFile,1).ReadAll
oFileSystemObject.DeleteFile sShellRndTmpFile, True
End Function

****************