Wednesday, August 27, 2008

Running a .NET Executable from a Network Drive

Rob Smyth is developing NUnitGridRunner, a tool to run nunit.console on several machines at once.

As any application under test grows, so does the number of UATs. Rob's project aims to allow us to scale the running of UATs by adding network boxes.

What does this have to do with Running .NET executables on network drives?

Well, Rob needs to distribute the latest version of the assemblies and tests to each machine so they could run the tests. It's simpler if they just all run from a network path. ,However .NET got in the way.

1/2 a day later we had a solution.

If you run nunit-console.exe from a command shell accessing it from the network drive, you get the following error.

Unhandled Exception: System.Security.SecurityException: That assembly does not allow partially trusted callers.
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, Runti
ityAction action, Object demand, IPermission permThatFailed)
at NUnit.ConsoleRunner.Class1.Main(String[] args)
The action that failed was:
The assembly or AppDomain that failed was:
nunit-console, Version=, Culture=neutral, PublicKeyToken=null
The method that caused the failure was:
Int32 Main(System.String[])
The Zone of the assembly that failed was:
The Url of the assembly that failed was:

This is due to .NET's permissions system. There are lots of articles online telling you how to recompile your exe to make it run. This is a 3rd party exe though, so I don't want to have to recompile it. That would mean that each time I want to upgrade I would have to do extra steps.

Anyway.. here is the solution I used.

First I changed the Zone that .Net things the network drive belongs to.

Control Panel >> Internet Options >> Security >> Local Intranet >> Click Sites... >> Advanced...
in 'Add this Web site to the zone:' enter the network path.. and click Add
eg. \\MyNetworkMachine\DirectoryContainingExe

You can test this worked by running the executable again from a dos prompt...

The Zone of the assembly that failed was:

Notice it moved to Intranet.

Now all you have to do is tell .NET to trust executables in that zone.

Control Panel >> Administrative Tools >> .NET Framework 2.0 Configuration >> Configure Code Access Security Policy >> Adjust Zone Security >> Next >>

Click "Local Intranet" and slide the slider up to Full. Then click Next a couple to of times.

You can now run the executable... TADA!

What you've done is allow .NET assemblies in the local intranet to be executable on your machines. If this represents a security risk for your machines then this is not the right solution for you.

For us it works great.

1 comment:

Rob Smyth said...

Hi Nigel,

Great you blogged this as I needed it to test NUnitGridRunner on my home network. Just to add a detail, possible due to my home box being a Vista box, in the Security Adjustment Wizard after selecting 'Local Intranet' I had to click on the 'Default Level' button so I could raise the trust level.

Thx for the help.

Rob Smyth

GitHub Projects