How Should Clients trust Strong Named Assemblies?

molloyr_at_nortel.com
Date: 07/06/05


Date: 6 Jul 2005 08:39:48 -0700

Hi
I've been banging my head against a wall on this one for the last few
weeks.....

Basically we have an exe and about 12 dlls on the web server.
We want to run them using ClickOnce smart client technology.

I created a code group, (whose parent is 'Internet') at the machine
policy level which gives full trust to assemblies which are signed with
our private key.

I then created a deployment package and rolled it out to all our
clients.

Once I deploy the msi to client machines the Internet zone now has full
trust, as does Local Intranet and Trusted Sites zones.

Couple of questions;

1) Should this new rolled out security policy now allow any user of
that machine to run those strong named assemblies. We have found that
the user needs to have local admin OR Domain Admin rights before the
assembly will download and run??
Does it totally depend on what the assembly is doing - e.g if we are
writing to the event log does granting the assembly full trust
facilitate this or does the user ALSO need admin rights to write to the
event log.

2) We have a 3rd party dll signed with a different strong name and yet
it still runs (once the user is an admin).
I'm not convinced that our new code group is getting evaluated at all -
I think that the Internet zone (parent) which now has full trust is
allowing anything from the the Internet zone to run.
What I want to happen is for CAS to evaluate my Assembly and allow it
to run IF a) its coming from the internet zone AND b) it has been
signed with our private key.
At the moment I only think a) is being evaluated.

Any help greatly appreciated.....