I've been hearing conflicting facts about this topic. What is correct?
+4
A:
You've been hearing conflicting views because it's a topic of great confusion, even among senior engineers. In short, simply placing an assembly in the GAC does implicitly give it full trust, but this can be overriden via security policy.
EDIT1: Let me add that a common thought is if you don't trust an assembly fully, why are you placing it in the GAC?
EDIT2: I had a link in here to a blog post from Michelle Bustamante, but as you can see in the comment below, it's no longer available so I removed it from this answer.
Kilhoffer
2008-09-25 15:54:12
That Michelle Bustamente url is a 404. Please check your urls.
cori
2008-09-25 17:54:51
@cori: Thanks. I've since removed the broken link.
Kilhoffer
2009-11-17 20:42:34
+1
A:
I'll try to give an example that may help clear things up. Let's say you have a web app that runs medium trust. It needs to do something that requires full trust, so you create a class library project (assembly) to do that task and install it to the GAC. In testing, the new assembly performs it's function flawlessly, but when you try to use it in your web app, you discover that you still only have medium trust.
Joel Coehoorn
2008-09-25 16:11:11