Sophis Risque: how to verify that the .Net policy is right setted on Sophis assemblies?
Oct
2
Written by:
10/2/2013 5:53 PM
In most cases, when installed on the local hard disk, there is no problem to launch Sophis Risque.
Launching Sophis Risque from a network shared folder is quite a little bit harder, due to the fact that Sophis Risque loads 3 .Net assemblies which have to be registered on the GAC.
Normally, a .bat file is delivered by Sophis for each version in order to register them. It could be that is not always the case. In order to verify that the .bat file corresponds effectively to the assemblies that you have, it is interesting to verify it using some .Net SDK commands.
For example, concerning the SphDotNetSources.dll assembly, the following command will give the .Net strong name which has to be used in the caspol command:
"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\sn.exe" -Tp SphDotNetSources.dll
This will give in my sample the following key:
002400000480000094000000060200000024000052534131000400000100010079d1032d142fdd
756ecc4c4ed8582b930591bc5a66148b38858269bbfea5068ac0947e6ddffd9961cd1267e7ad0a
fcc01d72d117b83c4f96eb32ecd36ff96faf0ab32bf0f7a4baf2faacd1eda9162e2ae80a5a230a
8b9dfaf2e6ac38895f99f3466dcfe6fc7ba309260f0e2cc53683083c50f9816f22d7f1406d4d46
181608a7
Public key token is 799442e4f418bb07
Which has to be used in the following caspol command:
SET DOTNET_FWK_DIR=C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727
IF NOT EXIST %DOTNET_FWK_DIR%\caspol.exe GOTO error
rem Sophis
%DOTNET_FWK_DIR%\caspol.exe -q -m -ag All_Code -strong -hex 002400000480000094000000060200000024000052534131000400000100010079D1032D142FDD756ECC4C4ED8582B930591BC5A66148B38858269BBFEA5068AC0947E6DDFFD9961CD1267E7AD0AFCC01D72D117B83C4F96EB32ECD36FF96FAF0AB32BF0F7A4BAF2FAACD1EDA9162E2AE80A5A230A8B9DFAF2E6AC38895F99F3466DCFE6FC7BA309260F0E2CC53683083C50F9816F22D7F1406D4D46181608A7 -noname -noversion FullTrust -n SophisGroup
Same thing for the third parites Telerik assemblies which are used by Sophis Risque.
Finally, the following C# code permits to test if the policy FullTrust is setted on the assembly name:
public bool IsSophisTrusted(string sophisFolder, string assemblyName)
{
string path = null;
PolicyLevel level = null;
IEnumerator enumerator = null;
CodeGroup group = null;
Assembly assembly = null;
path = sophisFolder;
path = path +"@\" + assemblyName;
try
{
assembly = Assembly.LoadFile(path);
enumerator = SecurityManager.PolicyHierarchy();
while (true)
{
do
{
if (!enumerator.MoveNext())
break;
group = ((PolicyLevel) enumerator.Current).ResolveMatchingCodeGroups(assembly.Evidence);
}
while (!level.GetNamedPermissionSet(group.PermissionSetName).Name.Equals("FullTrust"));
return true;
}
}
catch (Exception)
{
}
return false;
}