views:

1225

answers:

3

I am trying to run a .Net 2.0 application from a network share without using the FullTrust permission set. I want to create a new permission set that has just the permissions my assemblies require, and then assign that to the exe on the shared path. Is it possible to do this? From my limited experiments, I find that I am unable to do get any application working from a network share without FullTrust. I tried creating a new perm set, and also tried the Everything and other perm sets, but none seem to work. Has anyone had any experience with this?

A: 

Prior to .NET 3.5, you need to fully trust the share to run a .NET application from there. Shawn explains this here with: "without some modification to the default CAS system, we're in a never ending cycle between loading assemblies that contain security objects and granting them policy. ... enter the FullTrust list."

In .NET 3.5 this limitation is overcome by "... granting set of FullTrust by default, making them act the same as if they were launched off of your computer directly" (from Shawn's another post here)

Recep
+1  A: 

You need to sign your assemblies with a strong name and then set the cas-policy for your strong-name to full trust.

The easiest way for setting up FullTrust to all code signed with your strong-name is:

caspol.exe -q -m -ag MyZone -strong -hex [HexCodeOfYourStrongName] -noname -noversion FullTrust -name MyCode -description "Code trust for my code"';

If your code is split up to multiple assemblies you need every assembly to be signed with that strong name. You may need to set the SecurityPermission-Attribute with a link demand, that the security of the caller taken over.

[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.ControlPrincipal)]
BeowulfOF
A: 

Giving the strong named assmebly FullTrust permission sounds good, but unfortunately my assembly references several third-party COM Dlls which are also required to be strong-named if I strong-name the main assembly. I'm guessing then that giving FullTrust to the path as given by Shawn is the best solution: CasPol.exe -pp off -m -ag 1.2 -url file://\ShawnFa-Srv/Tools/* FullTrust

MegaWhiz
You could strong name the third-party dlls with your strong-name too, or set the strong option for the files explicitly. Are those COM-dlls from depended applications which need to be installed on the target-machine?
BeowulfOF
Ok I think you mean to use tlbimp for the third-party DLLs. Yes I will try that.The COM Dlls are basically 3rd party controls developed in VB5. Yes they do need to be installed on the target machine.
MegaWhiz