Topic: AutoCad .net api and connections to web server

[Proctor]

Hello: I have a client server app that uses .net api. (visual studio 2005) (Autocad 2009)
When the user opens cad, i have registry settings that loads a .dll that basically just looks to see what version of the application .dll it has stored on our company server. if it's a higher version, it places a copy onto the user's local machine and then instructs to load this application .dll. When the user enters startup command in cad, the application runs. 

The backend for this application is Access 2003.

I wanted to see if it's possible to place the application's file dependencies (application dlls and database) off a web server and have it point to those files. Of coarse, this would still be a client-server app....but it's files would reside on the web server. do you know if this is possible? I've been researching and I'm still confused.

I read that it would be better if I was using sql server as opposed to access for security reasons. I also read a bit about web services, but it didn't look like this is what I would need.

thank you,
Proctor

[sinc]

I would think that should be possible.  The glaring problem you may into run into is the lack of support for Access on a 64-bit OS, and everything (especially CAD) is steadily moving to 64-bit.  That's possibly a bigger reason to move to SQL Server than better security.

[Proctor]

Hello: I'm having no luck placing my application assemblies off the web server.

I decided to see if i could load the dll off our companies server. I do a netload to get the .dll and after, I enter the my command to run the app and it gives me this error:

"Application attempted to perform an operation not allowed by the security policy. To grant this application the required permission, contact your admin or use the microsoft .net framework config tool."

I looked up this error via the internet, however, I saw several different solutions that all conflicted one another so I was confused as to what way to go.

Any ideas?

Thanks,
Proctor

[Glenn R]

If you're trying to load an assembly from a remote drive (ie anything other than local drive) then the default security configuration in the framework will not allow it. You will need to grant trust to the remote location.

[Proctor]

Hi Glen - thanks for your response. I went into the Microsoft .net framework configurations and chaned the permissions to full trust and now I am able to access my application assemblies that I placed off our companies server. Is this what you meant when you said to grant trust to the remote location?

also, my next step is to try to place the assembly off the web server. Our company doesn't have it's own web server...we have web hosting ...so do you think they would need to do a similar setting? or, do you think this is possible to do with the correct permissions?

thanks again for your help,
Proctor

[Proctor]

I'm thinking that for this to work off the web server, each user would have to adjust their permissions on their own personal pc the way i did. I'm wondering if there's a way to make this same setting via code. e.g. I tried placing this line in the app.config file:

Code: [Select]


  <trust level="Full"/>

but it didn't work.

thanks again,
Proctor

[Jeff H]

Check out CASPOL.EXE

[sinc]

I would be extremely leery of loading a DLL from an external web server.

A much better choice would be to copy the DLL from the web server to the local computer (if necessary), and then netload it from the local computer.

[Jeff H]

This is where it is located on my computer C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

You have to run it on each local machine and have admin rights
Basic EXAMPLE

Code: [Select]

CasPol.exe -m -ag 1.2 -url "\\Your Path\Folder\*" FullTrust -name NAME

-m[achine]
 Indicates that all options following this one apply to the machine level policy. Users who are not administrators do not have sufficient rights to modify the machine policy, although they can view it. For administrators, -machine is the default.
 
-ag 1.2  - add a code group under group 1.2.  In the default policy, group 1.2 is the LocalIntranet group, so the new code group that we're creating will only be checked if the file comes from the intranet.

-url URL
 Specifies code that originates from the given URL. The URL must include a protocol, such as http:// or ftp://. Additionally, a wildcard character (*) can be used to specify multiple assemblies from a particular URL.

FullTrust  - The permission set to grant assemblies that match the code group.  In this case, FullTrust.

 -name "name"
 If used with the –addgroup option, specifies the scripting name for a code group to add. If used with the -chggroup option, specifies the scripting name for a code group to edit. The name argument must be enclosed in double quotes. The name argument cannot begin with a number, and can only contain A-Z, 0-9, and the underscore character. Code groups can be referred to by this name instead of by their numeric label. The name is also highly useful for scripting purposes.
 

 

[Proctor]

Thank you both for your replies:

sinc: what would be the dangers of having the dll on the server?
we would like our customers to have access to our client server app, but don't want to give them the files.
This is why we were thinking about placing the files on the web server. in addition, it would be much easier to implement any enhancements that we do.

fro2001: i want to make sure i'm understanding this correctly...by running casPol.exe on each local machine, i won't have to go into the security settings under control pannel>admin tools>microsoft net framework and establish the full trust permissions? is that correct?

 I went to the location you provided and found the executable; but when i double click on it, it just flashes quickly so I don't know if it' done anything. i tried after to run my .dll off the webserver, but it still doesn't see it.

also, to load my app, i have modified my registry setting so that when cad loads, it loads the dll from the server. before it was loading from the user's local drive. i therefore am entering a path such as this:

http://company.com/companyfolder/bin/application.dll

not sure if i will be able to get it to work this way...but trying.

[Jeff H]

You run it from the command prompt

Autocad does not support strong names for your assembly
So set the sercurity permissions on the folder that the DLL is in instead of the file

I not fimiliar with the contol panel options but it sounds like you can set sercuity permission there

[sinc]

I believe the big problem arises if your computer swaps out the code.

There are some complicated rules involved, but in "The Cliff's Notes Version", your computer will swap out memory when it starts running low on RAM, and will move things from RAM to the pagefile.  Then when you need to access that data again, the computer will reload it from the pagefile into RAM so it can be used.

For programs, it's a bit different.  The OS can still swap out program code, but it doesn't move it to the pagefile.  Instead, it gets swapped out to its original location.  It's almost like the OS "forgets" the code, and then reloads it again the next time it needs to run it.

The problem arises when you load a DLL from a remote computer, then the connection gets interrupted.  This can cause C3D to crash if it has swapped out your DLL, and tries to swap it back in.  It may not be a big deal when running a DLL from your local server, since chances of the connection getting broken are much lower when a local server on a local intranet is involved.  A web server is a different story.

There is also the fact that you have to relax security permissions in order to allow the DLL to run from the remote location, which opens a potential security hole in your network.  That may not be palatable for your remote users.

If the security of your code is important, then the best bet might be to put all the critical code in the server side of your client-server app, and let your customers have a light-weight client side interface that relies on your server for all the fancy stuff.

Take all of this with a grain of salt, however.  It's actually pretty hard to make firm recommendations about what course of action to follow, since I have very limited (almost non-existent) knowledge of precisely what you're doing.

[Proctor]

Sinc: thank you for that explanation. I'lll be sure to discuss with managment.

fro2001: I am trying to see if using CasPol.exe will allow me to run the application assembly from the web server.

I opened the visual studio command prompt and modified the code you kindly provided:

Code: [Select]

'your code:
CasPol.exe -m -ag 1.2 -url "\\Your Path\Folder\*" FullTrust -name NAME

'mine:
CasPol.exe -m -ag 1.3 -url "http:companywebsite.com/bin/*" FullTrust

I  changed 1.2 to 1.3 because i read on the internet that it's the code to use for the internet.
When I ran this, it returned this msg:
"Added union code with "-url" membership condition to the machine level. Sucess."

however, when i open cad and enter a command that's in the app, it says it doesn't recognize it. so i assume it's not opening the assembly still. I also wanted to tell you that I modified the registry setting location to see this app assembly off the server when cad loads: (before it was pointing to my local macine but I changed it to the web server location) http://companywebsite.com/bin/myApplication.dll

Can you think of any reason why this wouldn't be working?

Thanks again,
Proctor

[Jeff H]

type caspol -?
and it will show you a bunch of options
the attached pictures show the result of
caspol -lg        "Shows groups"
caspol -ld          "Shows descriptions and names"

[Proctor]

fro2001: When I type caspol -? this is what i get: