The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

Kamran (9) [Avatar] Offline
#1
Hi .
i have the Enterprise reporting Services installed on my box and i have a report that takes a xml file path as an input paramter to the datasource.
it then create the report from that xml file.

when i give local xml files, the report work fine but when i give UNC path where my other xml file is stored it gives error "Access denied "
but if i paste the same UNC path in my borwser the browser does show the xml file normally.

is there any thing that i am missing that is causing this.

i am also pasting my security policy file.

Thanks and Regards

<configuration>
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="DnsPermission" Description="System.Net.DnsPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="IsolatedStorageFilePermission" Description="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
<SecurityClass Name="PrintingPermission" Description="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="RegistryPermission" Description="System.Security.Permissions.RegistryPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SqlClientPermission" Description="System.Data.SqlClient.SqlClientPermission, System.Data, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>
<NamedPermissionSets>
<PermissionSet >
class="NamedPermissionSet"
version="1"
Unrestricted="true"
Name="FullTrust"
Description="Allows full access to all resources"
/>
<PermissionSet >
class="NamedPermissionSet"
version="1"
Name="Nothing"
Description="Denies all resources, including the right to execute"
/>
<PermissionSet >
class="NamedPermissionSet"
version="1"
Name="Execution">
<IPermission >
class="SecurityPermission"
version="1"
Flags="Execution"
/>
</PermissionSet>
</NamedPermissionSets>
<CodeGroup >
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Nothing">
<IMembershipCondition >
class="AllMembershipCondition"
version="1"
/>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="Execution"
Name="Report_Expressions_Default_Permissions"
Description="This code group grants default permissions for code in report expressions and Code element. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100512C8E872E28569E733BCB123794DAB55111A0570B3B3D4DE3794153DEA5EFB7C3FEA9F2D8236CFF320C4FD0EAD5F677880BF6C181F296C751C5F6E65B04D3834C02F792FEE0FE452915D44AFE74A0C27E0D8E4B8D04EC52A8E281E01FF47E7D694E6C7275A09AFCBFD8CC82705A06B20FD6EF61EBBA6873E29C8C0F2CAEDDA2"
/>
</CodeGroup>
<CodeGroup >
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Execution"
Description="This code group grants MyComputer code Execution permission. ">
<IMembershipCondition >
class="ZoneMembershipCondition"
version="1"
Zone="MyComputer" />
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Microsoft_Strong_Name"
Description="This code group grants code signed with the Microsoft strong name full trust. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Ecma_Strong_Name"
Description="This code group grants code signed with the ECMA strong name full trust. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="00000000000000000400000000000000"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Report_Server_Strong_Name"
Description="This code group grants Report Server code full trust. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100272736AD6E5F9586BAC2D531EABC3ACC666C2F8EC879FA94F8F7B0327D2FF2ED523448F83C3D5C5DD2DFC7BC99C5286B2C125117BF5CBE242B9D41750732B2BDFFE649C6EFB8E5526D526FDD130095ECDB7BF210809C6CDAD8824FAA9AC0310AC3CBA2AA0523567B2DFA7FE250B30FACBD62D4EC99B94AC47C7D3B28F1F6E4C8"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Dundas_Strong_Name"
Description="This code group grants Dundas assemblies. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010043D98F8A9067EF3BCD442ADE2DD48CC6A6FACBCEB1C42DE2847B0A464096C02EEBF6FD87E3889BEED32B9ABD1525A11A282232CD4C46CC8123F8CC08A113CD435429646220969FF4447348D1C21874670834C7A7E89EA8956FC00E0F84FD3DF6FB3EBF21774438AF9E760414FDE06BC2C3AF35FF3DD87578630ED13FE12CBDBC"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<IMembershipCondition >
class="UrlMembershipCondition"
version="1"
Url="$CodeGen$/*"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="SharePoint_Server_Strong_Name"
Description="This code group grants SharePoint Server code full trust. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100AFD4A0E7724151D5DD52CB23A30DED7C0091CC01CFE94B2BCD85B3F4EEE3C4D8F6417BFF763763A996D6B2DFC1E7C29BCFB8299779DF8785CDE2C168CEEE480E570725F2468E782A9C2401302CF6DC17E119118ED2011937BAE9698357AD21E8B6DFB40475D16E87EB03C744A5D32899A0DBC596A6B2CFA1E509BE5FBD09FACF"
/>
</CodeGroup>

<!-- custom dataset extension -->

<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="AWCExtensionsCodeGroup">
<IMembershipCondition >
class="UrlMembershipCondition"
version="1"
Url="Csmilierogram FilesMicrosoft SQL ServerMSSQLReporting ServicesReportServerinAWC.RS.Extensions.dll"/>
</CodeGroup>
</CodeGroup>
</CodeGroup>
</PolicyLevel>
</policy>
</security>
</mscorlib>
</configuration>
tlachev (687) [Avatar] Offline
#2
Re: Access denied on xml file on a unc path that is given as a paramter.
Try:

1. Adding the UNC path to Trusted Sites in IE.
2. Creating a custom permission set with FileIOPermission See section 8.2.3 Managing RS code access security in the book.
Kamran (9) [Avatar] Offline
#3
Re: Access denied on xml file on a unc path that is given as a paramter.
Thanks a lot for your response and time.
i have done both but still facing the same error.
i can upload the file from UNC path in reporting Services but only the DataSet dataExtension is not reading from UNC path. which means it is related to the
dataset extension code access security.
i have given the fileiopermission to my policy file as follow .i am attaching it again may be i have missed some thing. The area i have changed this time is marked with ******

<configuration>
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, <br /> <br /> Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=1.0.5000.0, <br /> <br /> Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="DnsPermission" Description="System.Net.DnsPermission, System, Version=1.0.5000.0, Culture=neutral, <br /> <br /> PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, <br /> <br /> Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=1.0.5000.0, <br /> <br /> Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=1.0.5000.0, <br /> <br /> Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="IsolatedStorageFilePermission" Description="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, <br /> <br /> Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
<SecurityClass Name="PrintingPermission" Description="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=1.0.5000.0, <br /> <br /> Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, <br /> <br /> Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="RegistryPermission" Description="System.Security.Permissions.RegistryPermission, mscorlib, Version=1.0.5000.0, <br /> <br /> Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, <br /> <br /> Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=1.0.5000.0, Culture=neutral, <br /> <br /> PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SqlClientPermission" Description="System.Data.SqlClient.SqlClientPermission, System.Data, Version=1.0.5000.0, <br /> <br /> Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, <br /> <br /> Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=1.0.5000.0, <br /> <br /> Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, <br /> <br /> Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=1.0.5000.0, Culture=neutral, <br /> <br /> PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, <br /> <br /> Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>
<NamedPermissionSets>
<PermissionSet >
class="NamedPermissionSet"
version="1"
Unrestricted="true"
Name="FullTrust"
Description="Allows full access to all resources"
/>
<PermissionSet >
class="NamedPermissionSet"
version="1"
Name="Nothing"
Description="Denies all resources, including the right to execute"
/>
<PermissionSet >
class="NamedPermissionSet"
version="1"
Name="Execution">
<IPermission >
class="SecurityPermission"
version="1"
Flags="Execution"
/>
</PermissionSet>
<!-- ****** My file section start -->
<PermissionSet >
class="NamedPermissionSet"
version="1"
Name="MyNewFilePermissionSet"
Description="A special permission set that grants read access to my file.">
<IPermission >
class="FileIOPermission"
version="1"
Read="\twdh-sw-dev1TWDatadata.xml"/>
<IPermission >
class="SecurityPermission"
version="1"
Flags="Assertion, Execution"/>
</PermissionSet>
<!-- ******* My file section end -->

</NamedPermissionSets>
<CodeGroup >
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Nothing">
<IMembershipCondition >
class="AllMembershipCondition"
version="1"
/>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="Execution"
Name="Report_Expressions_Default_Permissions"
Description="This code group grants default permissions for code in report expressions and Code element. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"


PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100512C8E872E28569E733BCB123794DAB55111A0570B3B3D4DE3794153DEA5EFB7C3FEA9F2D8236C

FF320C4FD0EAD5F677880BF6C181F296C751C5F6E65B04D3834C02F792FEE0FE452915D44AFE74A0C27E0D8E4B8D04EC52A8E281E01FF47E7D694E6C7275A09AFCBFD8CC82705A06B20FD6EF61EBB

A6873E29C8C0F2CAEDDA2"
/>
</CodeGroup>
<CodeGroup >
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Execution"
Description="This code group grants MyComputer code Execution permission. ">
<IMembershipCondition >
class="ZoneMembershipCondition"
version="1"
Zone="MyComputer" />
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Microsoft_Strong_Name"
Description="This code group grants code signed with the Microsoft strong name full trust. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"


PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DC

C1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436

518206DC093344D5AD293"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Ecma_Strong_Name"
Description="This code group grants code signed with the ECMA strong name full trust. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="00000000000000000400000000000000"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Report_Server_Strong_Name"
Description="This code group grants Report Server code full trust. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"


PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100272736AD6E5F9586BAC2D531EABC3ACC666C2F8EC879FA94F8F7B0327D2FF2ED523448F83C3D5C

5DD2DFC7BC99C5286B2C125117BF5CBE242B9D41750732B2BDFFE649C6EFB8E5526D526FDD130095ECDB7BF210809C6CDAD8824FAA9AC0310AC3CBA2AA0523567B2DFA7FE250B30FACBD62D4EC99B

94AC47C7D3B28F1F6E4C8"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Dundas_Strong_Name"
Description="This code group grants Dundas assemblies. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"


PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010043D98F8A9067EF3BCD442ADE2DD48CC6A6FACBCEB1C42DE2847B0A464096C02EEBF6FD87E3889B

EED32B9ABD1525A11A282232CD4C46CC8123F8CC08A113CD435429646220969FF4447348D1C21874670834C7A7E89EA8956FC00E0F84FD3DF6FB3EBF21774438AF9E760414FDE06BC2C3AF35FF3DD

87578630ED13FE12CBDBC"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<IMembershipCondition >
class="UrlMembershipCondition"
version="1"
Url="$CodeGen$/*"
/>
</CodeGroup>
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="SharePoint_Server_Strong_Name"
Description="This code group grants SharePoint Server code full trust. ">
<IMembershipCondition >
class="StrongNameMembershipCondition"
version="1"


PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100AFD4A0E7724151D5DD52CB23A30DED7C0091CC01CFE94B2BCD85B3F4EEE3C4D8F6417BFF763763

A996D6B2DFC1E7C29BCFB8299779DF8785CDE2C168CEEE480E570725F2468E782A9C2401302CF6DC17E119118ED2011937BAE9698357AD21E8B6DFB40475D16E87EB03C744A5D32899A0DBC596A6B

2CFA1E509BE5FBD09FACF"
/>
</CodeGroup>

<!-- custom dataset extension -->

<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="AWCExtensionsCodeGroup">
<IMembershipCondition >
class="UrlMembershipCondition"
version="1"
Url="Csmilierogram FilesMicrosoft SQL ServerMSSQLReporting ServicesReportServerinAWC.RS.Extensions.dll"/>
</CodeGroup>
<!-- ****** second custom codegroupg -->
<CodeGroup >
class="UnionCodeGroup"
version="1"
PermissionSetName="MyNewFilePermissionSet"
Name="MyNewCodeGroup"
Description="A special code group for my custom assembly.">
<IMembershipCondition >
class="UrlMembershipCondition"
version="1"
Url="Csmilierogram FilesMicrosoft SQL ServerMSSQLReporting ServicesReportServerinAWC.RS.Extensions.dll"/>
</CodeGroup>

<!-- end second custom codegroup -->
</CodeGroup>
</CodeGroup>
</PolicyLevel>
</policy>
</security>
</mscorlib>
</configuration>


Thank in Advane
tlachev (687) [Avatar] Offline
#4
Re: Access denied on xml file on a unc path that is given as a paramter.
If you debug the extension, does it fail on the following line?
// file
FileIOPermission permission = new FileIOPermission(FileIOPermissionAccess.Read, dataSource);
try
{
permission.Assert();
}
Kamran (9) [Avatar] Offline
#5
Re: Access denied on xml file on a unc path that is given as a paramter.
Atlast i have found an issue.
When the IE extended security configuration is enabled this arrurs.
it IE extended security configurations are disabled then it does not happen,

Does dataset Extension have any issue with IE extended security configuration enabled on server or any link to known ways to reslove it.
tlachev (687) [Avatar] Offline
#6
Re: Access denied on xml file on a unc path that is given as a paramter.
All custom extension security revolves around the .NET CAS security model. I am not quite sure why would the IE security configuration impact the data extension security.