Re: Can an Assert issued following a Deny override it?

From: Novice (6tc1ATqlinkDOTqueensuDOTca)
Date: 08/26/04 

Date: Thu, 26 Aug 2004 09:33:04 -0700

Well... I was able to translate his instructions as far as:
caspol -ag myStronglyNamedAssembly

But I don't know how to tell caspol that all assemblies with a particular
strong name belong to a code group.

On a related note - how do I add unrestricted file access to my intranet or
internet permission sets or do I have to do this to the code groups?

I have tried manually editing the security config files - but the behavior
of trying to run .net applications in my brower didn't change.

Thanks,
Novice

"Nicole Calinoiu" wrote:

> Is Shawn's description detailed enough, or do you need step-by-step
> instructions?
>
>
> "Novice" <6tc1ATqlinkDOTqueensuDOTca> wrote in message
> news:5D859B29-AA57-4194-AC85-9B3779617C87@microsoft.com...
> > Actually I know of those tools:
> > caspol and
> > mscorcfg.msc
> >
> > But what I would like to know is how to specifically restrict an
> > assembly's
> > ability to use the Assert method.
> >
> > I have used the above tools to do some basic security configuration
> > things -
> > but I don't know how to specifically restrict an assembly's ability to use
> > the Assert method.
> >
> > Thanks,
> > Novice
> >
> > "Nicole Calinoiu" wrote:
> >
> >> Permission to assert is granted via the Assertion flag on
> >> SecurityPermission. It can be denied via policy as you would any other
> >> permission/sub-permission (e.g.: caspol.exe, .NET Framework Configuration
> >> manager, policy deployment package).
> >>
> >> HTH,
> >> Nicole
> >>
> >>
> >> "Novice" <6tc1ATqlinkDOTqueensuDOTca> wrote in message
> >> news:A5D876B3-5AF5-4B84-943B-A6BF67C6E54E@microsoft.com...
> >> >I have tried this and it is the case, that a fully trusted assembly can
> >> >use
> >> > an assert after a fully trusted assembly (higher up in the call stack)
> >> > has
> >> > issued a Deny on a particular permission (like FileIO for example).
> >> >
> >> > However, I still don't know how to configure my security policy such
> >> > that
> >> > I
> >> > restrict the ability of an assembly to use the Assert method.
> >> >
> >> > Any suggestions???
> >> >
> >> > Thanks,
> >> > Novice
> >> >
> >> > "Novice" wrote:
> >> >
> >> >> Another poster wrote:
> >> >> ------------------
> >> >> Additionally, assuming I have FullTrust, and I write the .dll that
> >> >> doesn't
> >> >> have correct public key (so you try to block me from the file), all I
> >> >> have to
> >> >> do is do an Assert on that permission, and the Assert will be found in
> >> >> the
> >> >> callstack before your deny, allowing me access to the directory.
> >> >> ------------------
> >> >> Is it the case that you can override an existing Deny that my
> >> >> application
> >> >> has
> >> >> already specified?
> >> >>
> >> >> I.E. if I write an application and the first line of code I put is a
> >> >> "Deny"
> >> >> on File IO to the C drive and then I invoke code (exp a method) in
> >> >> your
> >> >> assembly - you can subsequently write an Assert that will override the
> >> >> Deny
> >> >> that has already been processed (and yes this assumes your assembly
> >> >> has
> >> >> full
> >> >> trust)?
> >> >>
> >> >> Thanks,
> >> >> Novice
> >> >>
> >> >> PS If the above is true - what permission in .Net would stop someone
> >> >> from
> >> >> being able to override a previously issued Deny?
> >>
> >>
> >>
>
>
>