I have the following problem. I am using Reporting Services 2005 to create some report. I call method from my custom assembly and it works fine when my method is as follows:
public static string TestMethod() {
return "test"; }
However, when return "test"; is replaced by the code that calls third party web service, there is nothing returned to my RS report. I can't even log my exception to EventLog (probably because of security reasons).
I class is decorated by the following statement:
[System.Web.AspNetHostingPermission(SecurityAction.Assert, Level = System.Web.AspNetHostingPermissionLevel.Unrestricted)]
additionally, for the purpose of calling web service I've added the following in my custom assembly:
string serviceUri = "http://externallink/Default.asmx";
WebPermission p = new WebPermission(NetworkAccess.Accept, serviceUri);
p.Assert();
This does not help either. The error that is thrown in my custom assembly is as follows:
Request for the permission of type
'System.Net.WebPermission, System,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089'
failed
Can someone can please help me?
EDIT1:
I figured out that reporting services uses custom trust level called: RosettaSrv. Custom policy is set in rssrvpolicy.config. When I changed trust level to Full, everything works fine. However I don't want to specify full trust, just possibility to access custom web services, how can I do this?
you have to create your specific CodeGroup section in the CAS policy config file (as you mentioned) for RS, which tells it to grant that permission for your assembly.
Follow steps found in this MSDN article for details: http://support.microsoft.com/kb/842419
Related
I am fairly new to GCP API functions.
I am currently trying to the use text-to-speech module following these steps: https://cloud.google.com/text-to-speech/docs/libraries
I did not set up the environmental variable since I used the authExplicit(String jsonPath) for its authentication: https://cloud.google.com/docs/authentication/production
my code looks like following;
public void main() throws Exception {
String jsonPath = "/User/xxx/xxxx/xxxxxx/xxxx.json";
authExplicit(jsonPath);
//calling the text-to-speech function form the above link.
text2speech("some text");
}
authExplicit(jsonPath) goes through without any problem and prints a bucket. I thought the credential key in JSON was checked. However, text2speech function returns the error as follows:
java.io.IOException: The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
I want to get the text2speech function work by call Google Cloud API functions.
Please let me know how to solve this issue.
Your advice would be highly appreciated.
It's confusing.
Application Default Credentials (ADC) is a process that looks for the credentials in various places including the env var GOOGLE_APPLICATION_CREDNTIALS.
If GOOGLE_APPLICATION_CREDNTIALS is unset and the code is running on a Google Cloud Platform (GCP) Compute Engine (GCE) service (e.g. Compute Engine), then it use the Metadata service to determine the credentials. If not, ADC fails and raises an error.
Your code fails because, authExplicit does not use ADC but loads the Service Account key from the file and creates a Storage account client using these credentials. Only the Storage client is thus authenticated.
I recommend a (simpler) solution: Use ADC and have Storage and Text2Speech clients both use ADC.
You will need to set the GOOGLE_APPLICATION_CREDENTIALS env var to the path to a key if you run your code off GCP (i.e. not on GCE or similar) but when it runs on GCP, it will leverage the service's credentials.
You will need to create both the Storage and Text2Speech clients to use ADCs:
See:
Cloud Storage
Text-to-Speech
Storage storage = StorageOptions.getDefaultInstance().getService();
...
And:
TextToSpeechClient textToSpeechClient = TextToSpeechClient.create()
...
Recently I was trying to get the status of an operation calling operation.get on API explorer in GCP https://cloud.google.com/resource-manager/reference/rest/v1/operations/get
The request throws:
field [name] has issue [invalid operation name]
I tried the same request using node Lib for GCP and got the same result.
Operation name used is in format as below:
operations/operation-1552901443197-5845b0ae4997f-496bcbdb-xxxxxx
Did someone encounter this error before?
The issue is caused because the operation you are trying to fetch is from a different resource from the API that you are calling.
Most Cloud APIs have their own APIs, and each one performs its own operations under their own resource.
In this case you are trying to get your operation in the Resource Manager API, as a Resource Management resource, while it is from the Compute Engine resource, and this API (or this one if the operation is global to your project) should be used instead.
Using this API instead would solve this issue.
I agree that the response message could be improved in order to point users to which is the actual issue, when facing issues like the one in this question.
That's why I have opened a feature request that you can see in the following link. You can star it in order to give it more visibility and notifications on the updates made there, and add comments here if you have any additional information you might add to this improvement.
I am trying to learn how to use the cloud billing API and playing around with it's methods. I copied a code snippet in Java that shows how to use the updateBillingInfo method. I have a project in my cloud account, and it has a billing account associated with it, and I wanted to change it to a different billing account.
Here's what I tried:
String name = "projects/My project";
ProjectBillingInfo info = new ProjectBillingInfo();
info.setBillingAccountName("billingAccounts/$BILLING_ID");
Cloudbilling.Projects.UpdateBillingInfo request = cloudbillingService.projects().updateBillingInfo(name, info);
ProjectBillingInfo response = request.execute();
and my problem is that request.execute() (as well as the API browser explorer) throws an exception with code "500 - internal error encountered".
Am I not using it correctly? It was my understanding that after this, when I check my project in GCP, I should see my project listed to the new billing account. Help is much appreciated.
You are using an invalid Project ID, since GCP project IDs have no spaces in them. Note that Project IDs and Project names are different things. It needs to be the ID as seen here. The rest of your code snippet seems fine, just make sure you put the actual project ID like this: projects/your-project-id
I'm integrating application insights with my App service which has a WebJobs project, following these instructions.
Things are working smoothly except that the cloud_RoleName and cloud_RoleInstanceName in ai portal are not meaningful (random numeric values, and seem to be changing over time).
I used a custom TelemetryInitializer in the api role, and it is changing those values as desired. However the webjob project doesn't seem to be picking up the role names assigned in custom initializer. When debugging locally, the code does execute the custom initializer overriden values, but it seems that it is being changed when the log is being sent to ai.
Here is the custom initializer that I use:
public class AppInsightsTelemetryInitializer : ITelemetryInitializer
{
public void Initialize(ITelemetry telemetry)
{
telemetry.Context.Cloud.RoleName = ConfigurationManager.AppSettings["EnvironmentName"];
telemetry.Context.Cloud.RoleInstance = $"webjob-{ConfigurationManager.AppSettings["InstanceId"]}";
}
}
And it's hooked in WebJobs' Program.cs:
...
ApplicationInsights.Extensibility.TelemetryConfiguration.Active.TelemetryInitializers.Add(new AppInsightsTelemetryInitializer());
...
Could someone help me with this?
Thanks,
However the webjob project doesn't seem to be picking up the role names assigned in custom initializer.Could someone help me with this?
It should work correctly integration Azure Webjob, I test it on my side. Please have a try to get the log with Application Insight Analytics.
I want to create a secure ColdFusion environment, for which I am using multiple sandboxes configuration. The following tasks are easily achievable using the friendly administrator interface:
Restricting CFtags like: cfexecute, cfregistry and cfhttp.
Disabling Access to Internal ColdFusion Java components.
Access only to certain server and port ranges by third-party resources.
And the others using configuration of the web server accordingly.
The Problem:
So I was satisfied with the setup only to encounter later that regardless of the restriction applied to the cfexecute tag one can use java.lang.Runtime to execute system files or scripts easily;
String[] cmd = {"cmd.exe", 'net stop "ColdFusion 10 Application Server"'};
Process p = Runtime.getRuntime().exec(cmd);
or using the java.lang.ProcessBuilder:
ProcessBuilder pb = new ProcessBuilder("cmd.exe", 'net stop "ColdFusion 10 Application Server"');
....
Process myProcess = pb.start();
The problem is that I cannot find any solutions which allows me to disable these two classes: java.lang.Runtime & java.lang.ProcessBuilder for the createObject().
For the note: I have tried the file restriction in the sanbox and os permission as well, but unfortunately they seem to work on an I/O file operations only and I cannot mess with security policies of the system libraries as they might be used internally by ColdFusion.
Following the useful suggestions from #Leigh and #Miguel-F, I tried my hands on implementing the Security Manager and Policy. Here's the outcome:
1. Specifying an Additional Policy File at runtime instead of making changes to the default java.policy file. To enable this, we add the following parameters to JVM arguments using CFAdmin interface or alternatively appending it to the jvm.args line in the jvm.config file :
-Djava.security.manager -Djava.security.policy="c:/policies/myRuntime.policy"
There is a nice GUI utility inside jre\bin\ called policytool.exe which allows you to manage policy entries easily and efficiently.
2. We have enforced the Security manager and provided our custom security policy file which contains:
grant codeBase "file:///D:/proj/secTestProj/main/-"{
permission java.io.FilePermission
"<<ALL FILES>>", "read, write, delete";
};
Here we are setting FilePermission for all files to read, write, delete excluding execute from the list as we do not want any type of file to be executed using the java runtime.
Note: The codebase can be set to an empty string if we want the policy to be applied to all the applications irrespective of the source.
I really wished for a deny rule in policy file to make things easier similar to the grant rule we're using, but there isn't unfortunately. If you need to put in place a set of complex security policies, you can use Prograde library, which implements policy file with deny rule (stack ref.).
You could surely replace <<ALL FILES>> with individual file and set permissions accordingly or for a better control use a combination of <<ALL FILES>> and individual file permissions.
References: Default Policy Implementation and Policy File Syntax, Permissions in JDK and Controlling Applications
This approach solves our core issue: denying execution of files using java runtime by specifying permissions allowed on a file. In other approach, we can implement Security Manager directly in our application to define policy file from there, instead of defining it in our JVM args.
//set the policy file as the system securuty policy
System.setProperty("java.security.policy", "file:/C:/java.policy");
// create a security manager
SecurityManager sm = new SecurityManager();
//alternatively, get the current securiy manager using System.getSecuriyManager()
//set the system security manager
System.setSecurityManager(sm);
To be able to set it, we need these permissions inside our policy file:
permission java.lang.RuntimePermission "setSecurityManager";
permission java.lang.RuntimePermission "createSecurityManager";
permission java.lang.RuntimePermission "usePolicy";
Using Security Manager object inside an application has its own advantages as it exposes many useful methods For instance: CheckExec(String cmd) which checks whether a calling thread is allowed to create a sub-process or not.
//perform the check
try{
sm.checkExec("notepad.exe");
}
catch(SecurityException e){
//do something...show warning.
}