Re: AddDomain with FullTrust
Date: 4 Mar 2005 07:38:00 -0800
The short answer is yes.
The long answer is that unamanged application can only have "FullTrust"
or no trust. If the application is permitted to run it is granted full
trust, depending on the location of the unmanaged application, your OS
and service pack level the user *might* be prompted to allow the
application to run, XP SP2 will not even ask the user to run an
unmanaged application from an untrusted source such as the internet it
will simply block the applicaiton and preventing it from doing anything
at all, so as far as "simplifying deployment" you have not found a way
to bypass the security policy you have only reduced the granularity of
the permission request, run or do not run. A managed host on the other
hand can be pre-granted a defined permission set such as full trust
from a local intranet site in which case the application is not blocked
nor is the user prompted it just runs, the less permissions your
application requires the more likely the user will be able to grant the
application permission to run. If the application requires full trust
the user can install it on his machine or an administrator can
pre-grant the assemlby permissions to run from the local intranet.
However, if the assembly only requires execute permissions the default
policy will permit the assembly to run from the local intranet without
any additional steps, confirmation dialogs, or whatever.