Re: setting permissions / trusting company via certificate?

From: "Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx>
Date: Thu, 9 Mar 2006 07:43:01 -0500

added benefit of grant based on publisher is that it works for all
assemblies signed by that "trusted" publisher.
Easy to spoof urls .. so publisher condition if better assuming you
really trust the person protecting the private key associated with
the publishers certificate.
- Mitch Gallant
MVP Security

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:ueAa0V3QGHA.4952@xxxxxxxxxxxxxxxxxxxxxxx

This is the expected behaviour for IE-hosted controls. The permission grant is evaluated before the control assembly
is actually loaded, so evidence "internal" to the assembly isn't used during code group membership evaluation. As
you've already discovered, using a URL membership condition for your extended permission code group is one workaround.
Assertion can also be used if you would prefer to stick with signature evidence for your code group (see
http://blogs.msdn.com/shawnfa/archive/2003/06/26/57026.aspx for details).

"Xafier" <xafier@xxxxxxxxxxxxxxxx> wrote in message news:1141895052.809785.109700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

URL works, Publisher doesn't. I'd much prefer Publisher as who knows
where the end-users will host our product in their intranet.

It's quite strange how the same .dll's control can work fine with
fulltrust for everything, fulltrust for a URL, but not for strong name
and publisher which I would have thought would be the prefered choice
for most people as its more secure.

Very strange... any ideas why publisher and strong name don't work? =(
.Net is becoming a major thorn in my side... who said all these new
languages made things easier? I'll have to look for a job working in C
hehe

Follow-Ups:
- Re: setting permissions / trusting company via certificate?
  - From: Xafier
- Re: setting permissions / trusting company via certificate?
  - From: Nicole Calinoiu
- Re: setting permissions / trusting company via certificate?
  - From: Xafier

References:
- Re: setting permissions / trusting company via certificate?
  - From: Xafier
- Re: setting permissions / trusting company via certificate?
  - From: Dominick Baier [DevelopMentor]
- Re: setting permissions / trusting company via certificate?
  - From: Xafier
- Re: setting permissions / trusting company via certificate?
  - From: Nicole Calinoiu

Prev by Date: Re: setting permissions / trusting company via certificate?
Next by Date: Re: Socket Server with Encryption help
Previous by thread: Re: setting permissions / trusting company via certificate?
Next by thread: Re: setting permissions / trusting company via certificate?
Index(es):
- Date
- Thread

Relevant Pages

Re: setting permissions / trusting company via certificate?
... I would probably use both URL and publisher evidence ... together (within deployment zone only), but then I'm a bit of a hard-ass ... membership condition for your extended permission code group is one ...
(microsoft.public.dotnet.security)
Re: setting permissions / trusting company via certificate?
... URL works, Publisher doesn't. ... where the end-users will host our product in their intranet. ... fulltrust for everything, fulltrust for a URL, but not for strong name ... Very strange... ...
(microsoft.public.dotnet.security)