I'm running the labs in MCTS 70-536 Training Kit chapter 11 about Code Access Security. I'm running XP Pro. The first lab creates an assembly which checks for different permissions and reports a message if they exist. However when I run it as \\\127.0.0.1\c$\ListPermissions.exe it is supposed to recognize being in the intranet zone and use the intranet permission set. However all permissions seem to be granted. Does this behavior sound familiar to anyone? If not is there a way to check what zone the assembly thinks it is in when run from the share? If a specific part of this question is too vague, let me know and I will try to rephrase it.
views:
91answers:
2
A:
Hi I don't know if you found out what happens when running this example but using Evaluate Assembly under .NET Framework 2.0 Configuration Tool I can see that that assembly should run under Internet_Zone and Internet_Same_Site_Access code groups. These code groups grants the subset composed by 5 authorizations: - UI - Isolated Storages - Protection - IO Dialogs - Print
It seems ok under configuration tool... but the assembly behavior is quite different... Don't know :(
Marco
Marconline
2009-10-14 21:17:37
+1
A:
It seems that there has been a change to the .net platform. A new piece of evidence has been added when launching a managed exe. When the exe is launched from the win32 CreateProcess API directly the managed exe is given full trust.
Of course, the .net configuration tool doesn't launch the exe, merely inspects it. This means that the evidence is different and affects the code group assigned to it. This in turn affects the permissions.
It's mightily confusing. Even more confusing is the answer you should give in the exam. I think the answer will be as in the book. I don't imagine that this change has filtered through to the exam content teams.
More information can be found here:
Ed Sykes
2010-01-18 20:39:17
I'll need to play around with that. It sounds like its pointing in the right direction. Thanks.
kpierce8
2010-01-30 00:30:40