.NET code security: FullTrust vs. Everything

G

Guest

I have made a strong named code group for our application and granted it "FullTrust". The application can now be startet from a server mounted drive

When, however, I grant "Everything" the application throws a security exception

When I define a set of permissions including all predefined permission sets (all configured as "Unrestricted") the same thing happens: a Security exception is thrown

Can anybody tell me why it is not possible to build a full trust code group out of single permissions??

What does FullTrust have that cannot be added to Everything??

Tanx for your help
Hans
 
R

Rob Teixeira [MVP]

Full trust isn't exactly the same thing as Everything, or all permissions.
If i remember correctly, Full Trust means the assembly runs without checking
permissions at all. There's a good MSDN article on permission sets, but i
don't have the URL handy.

-Rob Teixeira [MVP]

Hans said:
I have made a strong named code group for our application and granted it
Click to expand...
"FullTrust". The application can now be startet from a server mounted drive.
When, however, I grant "Everything" the application throws a security exception.

When I define a set of permissions including all predefined permission
Click to expand...
sets (all configured as "Unrestricted") the same thing happens: a Security
exception is thrown.
Can anybody tell me why it is not possible to build a full trust code
Click to expand...
group out of single permissions???
 
M

mikeb

Hans said:
I have made a strong named code group for our application and granted it "FullTrust". The application can now be startet from a server mounted drive.

When, however, I grant "Everything" the application throws a security exception.

When I define a set of permissions including all predefined permission sets (all configured as "Unrestricted") the same thing happens: a Security exception is thrown.

Can anybody tell me why it is not possible to build a full trust code group out of single permissions???

What does FullTrust have that cannot be added to Everything???

Tanx for your help,
Hans
Click to expand...

Without FullTrust you cannot call assemblies that reside in the GAC
unless the assembly specifically grants permission for partially trusted
callers (anything without FullTrust is considered partially trusted,
even if they have all assignable permissions).

Also, by default the Security permission for the Everything permission
set does not include "Skip Verification", so unsafe code is still not
permitted.

See docs regarding the AllowPartiallyTrustedCallersAttribute, and


http://msdn.microsoft.com/library/en-us/cpguide/html/cpconusinglibrariesfrompartiallytrustedcode.asp

An important aspect of this is that not all .NET Framework assemblies
have that attribute applied:


http://msdn.microsoft.com/library/en-us/dnforms/html/winforms11122002.asp

Here's a utility which will tell you what assemblies have this attribute:


http://www.develop.com/us/technology/resourcedetail.aspx?id=843c6027-b697-469d-933b-014b61f7d500
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Different Permissions For Forms Control in Internet Explorer Applied 14
Security settings for intranet zone 1
Running Caspol from a batch file 2
Grant FullTrust permissions to VS .NET Projects on Network (Intranet) share 3
Security Permissions with embedded Winforms App 3
FileInfo.CopyTo to a mapped or network drive 1
Run ado.net application from network share requires FullTrust permission set? 4
using Code Groups 2

Top