Exists a replacement for the command-line-tool CASPOL.exe?

Question

When trying to execute a .NET-App, it throws a "PolicyException", because "only one group is allowed". The tool should list existing settings, and allow to delete selected settings. Using caspol to list is not helpful, it is cruel.

I've seen there is a simple gui-frontend, which allows to define NEW settings, but it does not allow to list or delete existing settings.

Caspol is a nightmare, no wonder anyone uses it by choice. With .NET 1.1 Microsoft delivered a configuration-utility, but for .NET 2.0 i've found nothing.

Answer 1

There's a Configuration Applet for 2.0 as well, think it comes with the 2.0 SDK. If you got it installed it should be in the Admin Tools and be called "Microsoft .NET Framework 2.0 Configuration".

Answer 2

The utility is part of the SDK in .Net 2.0. Make sure that's installed.

Also, you might be interested to know that .Net 3.5 sp1 and later removed some of the pain points with CAS.

Answer 3

You can do your own tool (gui or command-line) with this piece of code:

static void SetPermission( string target ) {
    try {
        // Find the machine policy level
        PolicyLevel machinePolicyLevel = null;
        System.Collections.IEnumerator policyHierarchy = SecurityManager.PolicyHierarchy();

        while ( policyHierarchy.MoveNext() ) {
            PolicyLevel level = (PolicyLevel)policyHierarchy.Current;
            if ( level.Label == "Machine" ) {
                machinePolicyLevel = level;
                break;
            }
        }


        if ( machinePolicyLevel == null ) {
            throw new ApplicationException(
                "Could not find Machine Policy level. Code Access Security " +
                "is not configured for this application."
                );
        }

        // Create a new FullTrust permission set
        PermissionSet permissionSet = new NamedPermissionSet( "FullTrust" );

        IMembershipCondition membershipCondition = new UrlMembershipCondition( target );

        // Create the code group
        PolicyStatement policyStatement = new PolicyStatement( permissionSet );
        CodeGroup codeGroup = new UnionCodeGroup( membershipCondition, policyStatement );
        codeGroup.Description = "Custom code group created by PermSet utility.";
        codeGroup.Name = "CustomCodeGroup-" + Guid.NewGuid().ToString();

        // Add the code group
        machinePolicyLevel.RootCodeGroup.AddChild( codeGroup );

        // Save changes
        SecurityManager.SavePolicy();
    }
    catch ( Exception ex ) {
        Console.WriteLine();
        Console.WriteLine( ex.ToString() );
        throw;
    }
}

Answer 4

MsCorCfg doesn't seem to have been made available with later releases of visual studio. I have 2010, but have not been able to locate this file.