I am trying to run a .Net 2.0 application from a network share without using the FullTrust permission set. I want to create a new permission set that has just the permissions my assemblies require, and then assign that to the exe on the shared path. Is it possible to do this? From my limited experiments, I find that I am unable to do get any application working from a network share without FullTrust. I tried creating a new perm set, and also tried the Everything and other perm sets, but none seem to work. Has anyone had any experience with this?
You need to sign your assemblies with a strong name and then set the cas-policy for your strong-name to full trust.
The easiest way for setting up FullTrust to all code signed with your strong-name is:
caspol.exe -q -m -ag MyZone -strong -hex [HexCodeOfYourStrongName] -noname -noversion FullTrust -name MyCode -description "Code trust for my code"';
If your code is split up to multiple assemblies you need every assembly to be signed with that strong name. You may need to set the SecurityPermission-Attribute with a link demand, that the security of the caller taken over.
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.ControlPrincipal)]
Prior to .NET 3.5, you need to fully trust the share to run a .NET application from there. Shawn explains this here with: "without some modification to the default CAS system, we're in a never ending cycle between loading assemblies that contain security objects and granting them policy. ... enter the FullTrust list."
In .NET 3.5 this limitation is overcome by "... granting set of FullTrust by default, making them act the same as if they were launched off of your computer directly" (from Shawn's another post here)
Giving the strong named assmebly FullTrust permission sounds good, but unfortunately my assembly references several third-party COM Dlls which are also required to be strong-named if I strong-name the main assembly. I'm guessing then that giving FullTrust to the path as given by Shawn is the best solution: CasPol.exe -pp off -m -ag 1.2 -url file://\ShawnFa-Srv/Tools/* FullTrust
来源:https://stackoverflow.com/questions/423504/net-2-0-application-from-network-share-without-fulltrust