I've set up an activex control to run on a webpage. The server is able to serve this webpage to itself, but other machines on the intranet and internet aren't able to access it.
The Caspol settings look like this:
Code Groups:
1. All code: FullTrust
1.1. Zone - MyComputer: FullTrust
1.1.1. StrongName - (omitted) : FullTrust
1.1.2. StrongName - 00000000000000000400000000000000: FullTrust
1.2. Zone - Intranet: FullTrust
1.2.1. All code: Same site Web
1.2.2. All code: Same directory FileIO - 'Read, PathDiscovery'
1.3. Zone - Internet: Internet
1.3.1. All code: Same site Web
1.4. Zone - Untrusted: Nothing
1.5. Zone - Trusted: Internet
1.5.1. All code: Same site Web
1.6. Url - http://MYSERVERNAME/APPLICATIONNAME/*: FullTrust
Success
The application I'm trying to access is group 1.6. Am I doing something wrong here?
[Edit] It's worth mentioning that the IEDebug Error Log on a machine attempting to access the control from the intranet displays a long exception. The most noteworthy of it being:
System.Net.WebPermission
The first permission that failed was:
<IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
A long time ago I read somewhere that for .Net usercontrols, Url evidence doesn't work. Only Site and Zone evidence work.
caspol -machine -quiet -addgroup Trusted_Zone -site mysite.com FullTrust -name mysite -description "Code group granting trust to code from mysite.com"
You can do this for each Zone.
When using IE8, make sure mysite.com is added to the Trusted Sites list 3. I'm not sure if Protected Mode has to be off.
When you're on a 64-bit system, there are two caspol's, with separate permissions:
I a lot of time setting permissions on the 32-bit caspol, and then banging my head against the wall because it wouldn't work. Turns out I used 64-bit IE8 because that made a IEDebug.log. Best to set the permissions on both versions.