You may receive a
SecurityException error under the following circumstances:
- You use a custom .NET Windows Forms control that exposes
managed events to Internet Explorer through ActiveX sourcing.
- You use a Web page that consumes the control and handles
events.
- You use the following code to enable security on the
control:
Note: The control works as expected if you use the following code to
disable security:
On any client system, use the .NET Framework Configuration
tool (Mscorcfg.msc) to grant the required, individual permissions to the
assembly.
Create a permission set with the following minimum
settings:
- Security:
- Enable assembly execution for permission for the code
to run. Without this permission, managed code cannot run.
- Allow calls to unmanaged assemblies. Because unmanaged
code potentially permits other permissions to be bypassed, this is a dangerous
permission that must only be granted to highly trusted code. It is used for
such applications as calling native code using Platform Invokation Services (PInvoke) or using COM Interop.
- User Interface:
- Allow permission to use windows that are limited to
safe, top-level windows or safe subwindows.
- Web Access:
- Grant the assemblies access to connect with resources.
Give the URL to the assembly.
You can associate a permission set with your control if you
define a code group that keys off evidence that is specific to your control,
such as its strong name. To create a new code group, follow these steps:
- In the .NET Framework Configuration dialog box, click the Code Groups node under the Enterprise node, the Machine node, or the User policy.
- Right-click the All_Code node, and then click New.
For more information about permission sets and code groups, see
the "References" section.
Microsoft has confirmed that this is a bug in the Microsoft
products that are listed at the beginning of this article.
Steps to Reproduce the Behavior
To create a custom Windows Forms control, follow these steps:
- Start Microsoft Visual Studio .NET.
- On the File menu, point to New, and then click Project.
- In the New Project dialog box, click Visual C# Projects under Project Types, and then click Windows Control Library under Templates.
- Copy and then paste the following code into the control
window:
using System;
using System.ComponentModel;
using System.Drawing;
using System.Windows.Forms;
using System.Runtime.InteropServices;
namespace ActiveXSourcing
{
public delegate void ClickEventHandler(int x, int y);
// Source interface for events to be exposed
// Add GuidAttribute to the source interface to supply an explicit System.Guid.
// Add InterfaceTypeAttribute to indicate that interface is the IDispatch interface.
[System.Runtime.InteropServices.GuidAttribute("0422D916-C11A-474e-947D-45A107038D12") ]
[System.Runtime.InteropServices.InterfaceTypeAttribute(System.Runtime.InteropServices.ComInterfaceType.InterfaceIsIDispatch)]
public interface ControlEvents
// Add a DisIdAttribute to any members in the source interface to // specify the COM DispId.
{
[System.Runtime.InteropServices.DispIdAttribute(0x60020000)]
void ClickEvent(int x, int y);
}
// Add a ComSourceInterfaces attribute to the control to identify //the list of interfaces that are exposed as COM event sources.
[System.Runtime.InteropServices.ClassInterface(System.Runtime.InteropServices.ClassInterfaceType.None),System.Runtime.InteropServices.ComSourceInterfaces(typeof(ControlEvents))]
public class MyWindowControl : System.Windows.Forms.UserControl //, ComInteropControlInterface
{
System.Windows.Forms.TextBox tx = new TextBox();
private void InitializeComponent()
{
this.Name = "MyWindowControl";
}
event ActiveXSourcing.ClickEventHandler ClickEvent;
public MyWindowControl() : base()
{
initMyWindowControl();
}
private void initMyWindowControl()
{
Size = new System.Drawing.Size(300, 50);
tx.Text = "Click the text box to invoke 'ClickEvent'";
tx.Size = this.Size;
tx.Click += new System.EventHandler(ClickHandler);
this.Controls.Add(tx);
}
private void ClickHandler(object sender, System.EventArgs e)
{
if (ClickEvent != null) {
ClickEvent(0, 0);
}
}
}
}
- Create a test Hypertext Markup Language (HTML) page to hook
the event. Sample HTML page:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META HTTP-EQUIV='Content-Type' CONTENT='text/html; charset=iso-8859-1' />
<HTML>
<HEAD>
<TITLE>Sink managed event in Internet Explorer</TITLE>
</HEAD>
<BODY>
<OBJECT id="ctrl" classid="YourDllName.dll#ActiveXSourcing.MyWindowControl">
</OBJECT>
<SCRIPT LANGUAGE="JScript">
function ctrl::ClickEvent(a,b)
{
alert("MyWindowControl_ClickEvent");
}
</SCRIPT>
</BODY>
</HTML>
- Compile the control as a dynamic-link library
(DLL).
- Use the following code to disable the security on the
control: Test the control. Notice that the control works as expected.
- Use the following code to enable the security on the
control: Test the control. Notice that you receive a SecurityException error.
For
additional information, click the following article number to view the article
in the Microsoft Knowledge Base:
313891
(http://support.microsoft.com/kb/313891/EN-US/
)
HOW TO: Sink Managed C# Events in Internet Explorer Script
For more information, visit the following Microsoft
Web sites:
Back to the top
