[dba-VB] Deploying MSSQL2008 C#/VB.NET UDF's Assemblywith PermissionlLevel = External or Unsafe

Shamil Salakhetdinov shamil at smsconsulting.spb.ru
Thu Jun 24 04:11:24 CDT 2010


Hello Gustav --

No, I didn't try to use a certificate or an asymmetric key... - I just
wanted to have that "UDF with pInvoke" task done ASAP, and using certificate
or asymmetric key will need time (and money) I can't afford to invest now...

Well, it may happen that learning how to/applying "straightforward" usage of
"EXTERNAL ACCESS ASSEMBLY permission or UNSAFE ASSEMBLY permission for DBO,
and TRUSTWORTHY database property set to 'On'" will take more time than
investigating certificates and asymmetric keys, still hope it will not...

I'm looking through this article now:

http://www.devx.com/codemag/Article/31193/1763/page/2 and this one

http://www.codeproject.com/KB/database/SQLCLRIntegrationSecurity.aspx 

and I'm hoping they have all the information I currently need to have the
things here ready ASAP...

Thank you.

-- Shamil


-----Original Message-----
From: dba-vb-bounces at databaseadvisors.com
[mailto:dba-vb-bounces at databaseadvisors.com] On Behalf Of Gustav Brock
Sent: Thursday, June 24, 2010 12:12 PM
To: dba-vb at databaseadvisors.com
Subject: Re: [dba-VB] Deploying MSSQL2008 C#/VB.NET UDF's Assemblywith
PermissionlLevel = External or Unsafe

Hi Shamil

I don't work with SQL Server at this level but - stupid question perhaps -
did you try this option:

<quote>
.. the assembly is signed with a certificate or an asymmetric key that has a
corresponding login with EXTERNAL ACCESS ASSEMBLY permission.
</quote>

Yes I know, handling and implementing certificates is boring and can be
troublesome (and expensive if public certificates are needed) and - don't
forget - may require renewal, but once set up it works reliably.

/gustav


>>> shamil at smsconsulting.spb.ru 24-06-2010 09:52 >>>
Hi All --

I have to develop a set of MSSQL2008 C#/VB.NET UDFs using windows DLLs calls
(pInvoke). And when pInvoke is used in C#/VB.NET UDFs then UDFs' assembly
should be marked as External or Unsafe. But when I'm marking UDFs' assembly
as External or Unsafe I'm getting the following error messages on their
deployment using VB2008:

Permission Level = External

CREATE ASSEMBLY for assembly 'TestUDF.SqlServerProject' failed 
because assembly 'TestUDF.SqlServerProject' is not authorized
for PERMISSION_SET = EXTERNAL_ACCESS.  The assembly is authorized 
when either of the following is true: the database owner (DBO) 
has EXTERNAL ACCESS ASSEMBLY permission and the database 
has the TRUSTWORTHY database property on; or the assembly
 is signed with a certificate or an asymmetric key that has a 
corresponding login with EXTERNAL ACCESS ASSEMBLY permission.	

Permission Level = Unsafe

CREATE ASSEMBLY for assembly 'Racing.SqlServerProject' failed 
because assembly 'Racing.SqlServerProject' is not authorized 
for PERMISSION_SET = UNSAFE.  The assembly is authorized 
when either of the following is true: the database owner (DBO) 
has UNSAFE ASSEMBLY permission and the database 
has the TRUSTWORTHY database property on; or the assembly 
is signed with a certificate or an asymmetric key that has a
corresponding login with UNSAFE ASSEMBLY permission.

My question is: Do you have experience in developing C#/VB.NET UDFs with
pInvoke calls? How did you then set EXTERNAL ACCESS ASSEMBLY permission or
UNSAFE ASSEMBLY permission for DBO, and TRUSTWORTHY database property to
'On'? I can't find how to do that "straightforward way" using T-SQL
scripts...

And I see TRUSTWORTHY database property is disabled when I'm looking at
database properties window.

Thank you.

-- Shamil



_______________________________________________
dba-VB mailing list
dba-VB at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-vb
http://www.databaseadvisors.com




More information about the dba-VB mailing list