Re: FullTrust Assemblies

---

• From: "KKS" <kks at synergi dot com>
• Date: Fri, 4 May 2007 14:57:40 +0200

---

Could it be that your app is running on another framework version now?

Regards
Kjetil Kristoffer Solberg

<groups.james@xxxxxxxxx> wrote in message
news:1178117853.542347.216710@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

We have a scenario (much like everyone else I'm sure) where we have
some applications that reside on the intranet, a local share, but are
run from independant client machines. Some of these applications need
FullTrust.

It was our understanding that :

The CLR will determine permissions a .NET assembly has when the
assembly is loaded.
By default, any assembly loaded from a local share is given FullTrust
permissions.
By default, any assembly loaded from a network share is given
restricted permissions.

So, when a utility is built that sits on a network share a user may
not be able to run it successfully
from the network share unless that assembly or location is granted
FullTrust (or appropriate permissions)

For our local utility applications we decided to sign all assemblies
with the CompanyNameInternalFullTrust.snk key file. On every machine
that may need to run these we add a security policy that grants any
application
signed with the CompanyNameInternalFullTrust.snk key file FullTrust,
thus ensuring the application will run.

used caspol as follows to accomplish this task

caspol -m -ag 1.2 -strong - file "filename" -noname -noversion
FullTrust -n CompanyNameInternalFullTrust

All of this worked just fine until recently, not sure exactly when but
it seems some Windows Update has broken this model. Now the
applications do not seem to be granted FullTrust anymore.

Does anyone know of an update that would invalidate the LocalIntranet
trusts, reset them or otherwise break this model? Thanks in advance.

James

.

---

• Follow-Ups:
  • Re: FullTrust Assemblies
    • From: groups . james

• References:
  • FullTrust Assemblies
    • From: groups . james

• Prev by Date: Re: Open Ports 21,22,23,80
• Next by Date: Re: Acced Adctive Directory in separate domain
• Previous by thread: FullTrust Assemblies
• Next by thread: Re: FullTrust Assemblies
• Index(es):
  • Date
  • Thread

---

Relevant Pages Reason behind implicit FullTrust LinkDemand? ... The .NET Framework assemblies ... One may counter argue that the implicit FullTrust ... LinkDemand just forces users to grant full trust to code that doesn't really ... permissions describing custom actions allowed or not in the system. ... (microsoft.public.dotnet.security) FullTrust Assemblies ... some applications that reside on the intranet, a local share, but are ... The CLR will determine permissions a .NET assembly has when the ... any assembly loaded from a local share is given FullTrust ... For our local utility applications we decided to sign all assemblies ... (microsoft.public.dotnet.security) Re: Reason behind implicit FullTrust LinkDemand? ... > behind strong naming an assembly also implies a FullTrust LinkDemand? ... > own non-Framework assemblies, such as Microsoft.mshtml) does not have the ... > permissions describing custom actions allowed or not in the system. ... (microsoft.public.dotnet.security) Re: Protecting .NET assemblies (runtime) ... Dominick Baier ... Developing More Secure Microsoft ASP.NET 2.0 Applications ... mentions nothing about how to use it to protect assemblies. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Protecting .NET assemblies (runtime) ... Dominick Baier ... Developing More Secure Microsoft ASP.NET 2.0 Applications ... mentions nothing about how to use it to protect assemblies. ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2007-05