[OpenAFS] How To Execute from .NET applications from \\AFS

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 08 Dec 2010 14:46:17 -0500


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig335CA6648B63A5708A3DCC15
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

In order for .NET applications to access remote resources the local .NET
client access security policy must be modified for each UNC
\\server\share that is to be trusted.   This change is performed using
the caspol.exe tool provided with each .NET installation.

caspol.exe must be executed with Administrator privileges.

As an example:

c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -pp off
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -m -ag -l -URL
"file://afs/your-file-system.com/*" FullTrust
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -m -ag -l -URL
"file://afs/ir.stanford.edu/*" FullTrust
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -pp on

If there are multiple versions of .NET in use, the policy needs to
altered on all of them.

c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CasPol.exe -pp off
c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CasPol.exe -m -ag -l -URL
"file://afs/your-file-system.com/*" FullTrust
c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CasPol.exe -m -ag -l -URL
"file://afs/ir.stanford.edu/*" FullTrust
c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CasPol.exe -pp on

and if there are 64-bit versions those also need to be modified:

c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe -pp off
c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe -m -ag -l
-URL "file://afs/your-file-system.com/*" FullTrust
c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe -m -ag -l
-URL "file://afs/ir.stanford.edu/*" FullTrust
c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe -pp on

c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe -pp off
c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe -m -ag -l
-URL "file://afs/your-file-system.com/*" FullTrust
c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe -m -ag -l
-URL "file://afs/ir.stanford.edu/*" FullTrust
c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe -pp on

I hope this is helpful.

Jeffrey Altman



--------------enig335CA6648B63A5708A3DCC15
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJM/+CLAAoJENxm1CNJffh4C9oIAInQEx8IlomC0yZl5Bl7Fz7S
phmMG42+syuMoQ8WMe0wE7Y3zHmv/WhC9hdoIevf0iNOqup2S+DuGXPtAawlMNiJ
qp/k0FXm3F0V5OVWfX+ddf+gKmukLh5TrschaKcH9fk7ueNz+o0sUr7mhGb6gFpH
pl7RHqWLuSW6YITNEQwKuQomdRW8RbguGWPTahHUIE/6ssOmBGcPf8e2zXysKmo+
z79AmY/dx/D7fWftCLnbtyGC+7UhfKdIWIlPWajnlzIcEl0BxVq5Z3B7Bk5zNTJA
1A1wqPLbdWI7mUBHJq5aLfQuSd7kVq7Gx9gMrqNTkCK4Xhu179bfqMQd9M+kp2o=
=942y
-----END PGP SIGNATURE-----

--------------enig335CA6648B63A5708A3DCC15--