views:

301

answers:

1

I am trying to configure the IPermission node as part of medium trust. However I am unable to find the valid values list for the PathDiscovery attribute on the node

<IPermission class="FileIOPermission" version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$"/>

I need to set the permission so that the account will be able to access all subdirectories under the main path. currently a .svc (WCF service file) throws a 404 error because the ASP.Net account is not able to get it from a sub-folder couple of levels deep. I am trying to avoid changing the node to

<IPermission class="FileIOPermission" version="1" Unrestricted="true"/>

Any ideas?

TIA

+2  A: 

I certainly agree that you shouldn't change the node to Unrestricted, as that would pretty much defeat the purpose of partial trust.

According to the System.Security.Permissions.FileIOPermission documentation on MSDN, FileIOPermission is supposed to imply permissions to everything below that path as well. From that doc:

Access to a folder implies access to all the files it contains, as well as access to all the files and folders in its subfolders. For example, Read access to C:\folder1\ implies Read access to C:\folder1\file1.txt, C:\folder1\folder2\, C:\folder1\folder2\file2.txt, and so on.

Of course, building custom trust .config files is woefully poorly documented by Microsoft, so it's possible that the .config markup for FileIOPermission behaves differently than the code class... That would be surprising to me though.

Is it possible some other problem is causing the 404? Double-check that the service is executing under the credentials you'd expect, and that the path is being evaluated correctly...

Grank
The 404 is because of the FileIO permission because if Unrestricted is set to true, the service call does not fail. I wonder if $AddDir$ restricts anything
rams