Re: security/strong name/zones clarification needed

From: Mark Levison (levisonmark@hotmail.com)
Date: 04/11/03


From: "Mark Levison" <levisonmark@hotmail.com>
Date: Fri, 11 Apr 2003 16:10:13 -0400


> 2) Assert permissions in your control so that the stack walk never makes
it
> to the app domain.
>

But doesn't CodeAccessPermission.Assert() require the
SecurityPermissionFlag.Assertion to be set? Which if I check caspol isn't
enabled by default for the internet permission set.

This leads me to the difficult problem. How I can tell if the end-user has
granted our application more than the internet level of trust? It seems
that any call to Demand() for a non-internet permission will fail for the
reasons you and Shawn outline in this thread.

Should I try an Assert on SecurityPermissionFlag.Assertion, then if that
fails just try the normal demand route?

Is there a good set of Examples/Tutorials on using CodeAccessPermissions
with Internet deployed apps? (I'm familiar with the msdn articles by Don
Box, Chris Sells and Jason Clark).

Insecure and having trouble Asserting my self
Mark Levison