Re: how to programatically give assembly loaded from network the same trust as those loaded from local host?

From: JS (someone_at_somewhere.com)
Date: 06/24/03


Date: Mon, 23 Jun 2003 22:16:19 -0400


I would like to programmatically configure policy.

In the server process, I would like to programatically give assembly loaded
from network the same trust as those loaded from local host? I know that
this is possible by using .NET admin tools or deploy *.msi files. I would
like to know other alternatives. Thanks.

"Stephen McCloskey [MSFT]" <stemccl@online.microsoft.com> wrote in message
news:#7h9lYdODHA.1072@TK2MSFTNGP10.phx.gbl...
> Hello,
>
>
>
> Would you like to programmatically configure policy on your machine(s) or
> programmatically allow an assembly to raise it's own permissions?
>
>
>
> You can't programmatically allow an assembly to elevate its own permission
> grant. If this were possible, it would constitute a serious security
> weakness, allowing any malicious code the ability to own your machine.
>
>
>
> You can programmatically configure policy by scripting the caspol.exe
tool,
> or by creating a managed application that manipulates policy. These
options
> require a high degree of trust. Let me know if you need more details on
> this.
>
>
>
> You should never give full trust to the local intranet zone when you want
to
> run a single assembly. Instead, do the following:
>
>
>
> 1) Sign the assembly with a strong name.
>
> 2) Create a custom code group that has that strong name as a membership
> condition.
>
> 3) Assign the code group a permission set that has only the permissions
that
> the assembly needs to run and no more.
>
>
>
> This will allow the assembly to run in any zone without sacrificing the
> overall security of your box.
>
>
>
> I hope this helps.
>
>
>
> Stephen
>
> "JS" <someone@somewhere.com> wrote in message
> news:#Yy50hbODHA.304@tk2msftngp13.phx.gbl...
> > I have a .net assembly accesing COM service, the .net assembly resides
on
> > network drive. When the assembly is run, I got 'securitypermission'
> > exception. If in '.net wizard->adjust .net security->adjust the
security
> > level for each zone', I gave 'local intranet' zone 'full trust'; the
same
> as
> > for 'my computer' zone, then there is no such exception.
> >
> > How do I programatically do so? When I load the assembly (and run the
> > assmbly) in a program, I would like to give this assemnly full trust in
> this
> > program so that it can access COM service.
> >
> > If this assembly is not using COM service, I think that there won't be
> such
> > a problem.
> >
> > Thanks.
> >
> >
> >
>
>