.Net 2.0 application from network share without FullTrust

笑着哭i 提交于 2019-12-22 14:17:04

问题


I am trying to run a .Net 2.0 application from a network share without using the FullTrust permission set. I want to create a new permission set that has just the permissions my assemblies require, and then assign that to the exe on the shared path. Is it possible to do this? From my limited experiments, I find that I am unable to do get any application working from a network share without FullTrust. I tried creating a new perm set, and also tried the Everything and other perm sets, but none seem to work. Has anyone had any experience with this?


回答1:


You need to sign your assemblies with a strong name and then set the cas-policy for your strong-name to full trust.

The easiest way for setting up FullTrust to all code signed with your strong-name is:

caspol.exe -q -m -ag MyZone -strong -hex [HexCodeOfYourStrongName] -noname -noversion FullTrust -name MyCode -description "Code trust for my code"';

If your code is split up to multiple assemblies you need every assembly to be signed with that strong name. You may need to set the SecurityPermission-Attribute with a link demand, that the security of the caller taken over.

[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.ControlPrincipal)]



回答2:


Prior to .NET 3.5, you need to fully trust the share to run a .NET application from there. Shawn explains this here with: "without some modification to the default CAS system, we're in a never ending cycle between loading assemblies that contain security objects and granting them policy. ... enter the FullTrust list."

In .NET 3.5 this limitation is overcome by "... granting set of FullTrust by default, making them act the same as if they were launched off of your computer directly" (from Shawn's another post here)




回答3:


Giving the strong named assmebly FullTrust permission sounds good, but unfortunately my assembly references several third-party COM Dlls which are also required to be strong-named if I strong-name the main assembly. I'm guessing then that giving FullTrust to the path as given by Shawn is the best solution: CasPol.exe -pp off -m -ag 1.2 -url file://\ShawnFa-Srv/Tools/* FullTrust



来源:https://stackoverflow.com/questions/423504/net-2-0-application-from-network-share-without-fulltrust

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!