Re: AddDomain with FullTrust
Date: 03/05/05

Date: 4 Mar 2005 20:58:47 -0800

A PermissionSet is granted to an *assembly* not an appdomain. You
cannot grant more permissions then you already have, so you must have
full trust in order to grant full trust however just because the host
has full trust does not imply everyone else will too. When an assembly
is loaded the policy manager determines the grant set based on the
grantset based on the interesection of the enterprise, machine, user,
and appdomain policies using host provided evidence if any, and
internally determined evidence such as the location of the assembly and
strong name. A lower level policy such as appdomain level cannot grant
more permissions to an assembly then would be granted by the user,
machine, or enterprise level policies. An unmanaged or managed host
with ControlEvidence can provide additional evidence for use in policy
evaluation, this is generally used to reduce rather then increase
permissions, such as Zone, Site, and Url evidence can then be used by
the security policy to reduce the granted permission set, however one
can also use this evidence to increase the permissions granted by the
security policy, for example add a site based codegroup to grant everything permission instead of nothing. As an unmanaged
host you have ControlEvidence permission and can add custom evidence,
however an unmanaged host can only provide appdomain evidence so this
doesn't really buy you anything as far as granting permissions that are
not already granted by the machine policy. So as I said before I don't
think this approach does anything as far as reducing the administrative
overhead of tweaking security policies, if you want to grant full trust
to an assembly not located on the local machine you must modify the
polciy or install the assembly on the local machine.

- Kurt

Joel Lucsy wrote:
> wrote:
> > The short answer is yes.
> > - Kurt
> >
> Well, in short, you're wrong, or at least I'm not seeing the behavior
> you described. The unmanaged host shows the exact same behavior as
> running the assembly directly, i.e. it throws a security exception
> the native p/invoked library. If I grant the right zone permissions,
> both work, managed and unmanaged.
> I could be writing the unmanaged host wrong, but I'm not seeing a
> trust/no trust dichotomy. I'm doing the standard CorBindToRuntime,
> CreateDomain,ExecuteAssembly. I'm suspecting that I need to create
> Evidence, or perhaps SetAppDomainPolicy, but so far I can't get it
> So, does anyone have any examples of "opening" the permissions
> of further restricting them?
> --
> Joel Lucsy
> "The dinosaurs became extinct because they didn't have a space
> -- Larry Niven

Relevant Pages

  • Re: USERS group has the ability to change security permissions???
    ... Please use the Advance view in the NTFS permissions dialog to ... When there is a generic grant and a special grant to the same entity ... the RESULT: user level access can change NTFS ...
  • Re: DCOM Event ID 10015
    ... Grant the user permissions to start the COM component ... Run the MPSRPT_DirSvc.exe on the server box. ... Microsoft CSS Online Newsgroup Support ...
  • Re: NTFS woes
    ... "In some cases with a grant of Full is reduced ... NTFS permissions dialog. ... check Allow Delete Subfolders and Files ... Explicit Deny Delete on file does not work (user can still delete ...
  • Re: NTFS woes
    ... "In some cases with a grant of Full is reduced ... NTFS permissions dialog. ... check Allow Delete Subfolders and Files ... Explicit Deny Delete on file does not work (user can still delete ...
  • RE: HowTo manage IIS via MMC SnapIn without admin-rights...
    ... called Metabase Explorer. ... modifies permissions on certain metabase keys. ... The following steps will grant a specific user permissions to administer ... -- Grant the specific user FULL CONTROL ...