Re: Moving application that depends on deserialization on a CD

From: Tobi (
Date: 02/15/05

Date: Tue, 15 Feb 2005 13:19:02 -0800


> > using(FileStream fs = file.Open(FileMode.Open, FileAccess.Read))
> I'm guessing that you actually got the file to open by changing from a
> statement to requested read/write access to the above statement requesting
> only read access. An assembly in the intranet code group does have read
> access to the files in its own directory under default CAS policy.
Yeah, in retrospect I believe you are right. But you know how it is, at 3 in
the morning everything links together. :-)

> Default policy does not grant SecurityPermission\SerializationFormatter to
> code in the intranet code group. Therefore, you're likely stuck with either
> altering either the CAS policy or the deserialization mechanism. That said,
> I've never tried running a .NET app from CD, but I am a little surprised to
> see assemblies on removable media be evaluated as falling in the intranet
> group. Could it be that you're launching the app from an HTML page? If so,
> do you get the same security exception if you launch your application from a
> command line?
Hmm, believe me, I was surprised as well - but it seriously seems like it.
The app (which is a straightforward GUI and does not depend on IE) does run
smoothly as long as the .exe and the serialized.dat are on the harddrive...
But as soon as I burn it to a CD it throws the exception.

Well, to make a long story short - I got tired of the problem, and found out
that the XmlSerializer does not have that problem. There are no security
checks there. Which is weird, but hey. ;o) Anyway, all I did was create 3
extra classes that were just proxies for the underlying "real" data. And I
just serialized those into xml. All that was loosly based on:
Just for all of you out there struggling with the same problem. Nobody
struggling? Oh, well...

Thanks anyway!