Policy Strong Name Trust Through Code?

L

localhost

I opened the .NET Framework Configuration 1.1 and created a policy
manually to give my assembly Full Trust at the Computer level. I then
was able to create a seperate MSI.

I want to do this over and over for apps I distribute, but the thought
of manually making a seperate MSI is not a good one.

I already have a VS.NET 2003 setup project, is there a way to
programatically set the policy explicitly in C#? I already override
the Install method in my installer class, I could just add the extra
code to enable trust, but I need a sample.

Help?

Thanks.
 
F

Felix Wang

Hello,

Thanks for posting. I think we can use Process.Start to launch the
CASPol.exe to set the security policy. We can go to the following key to
locate the root path of the Framework:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot

CASPol.exe is located in the [InstallRoot]\[version] folder.

I hope the information is useful to you.

Regards,

Felix Wang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
F

Felix Wang

Hi,

Some sample code:

string fxInstallRoot =
Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\.NETFr
amework").GetValue("InstallRoot").ToString();
string casPol = fxInstallRoot + @"\v1.1.4322\CasPol.exe";
string arg = @"-quiet -machine -addgroup 1 -url
http://www.contoso.com/bin/* FullTrust";
System.Diagnostics.ProcessStartInfo psi = new
System.Diagnostics.ProcessStartInfo (casPol, arg);
psi.CreateNoWindow = true;
psi.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
System.Diagnostics.Process.Start(psi);

Regards,

Felix Wang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
L

localhost

I have seen "PolicyLevel" and "PermissionSet" classes floating around.
Can they be used to do the same thing without resorting to caspol or
hunting through the Registry?

Thanks.



Hi,

Some sample code:

string fxInstallRoot =
Click to expand...
Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\.NETFr
amework").GetValue("InstallRoot").ToString();
string casPol = fxInstallRoot + @"\v1.1.4322\CasPol.exe";
string arg = @"-quiet -machine -addgroup 1 -url
http://www.contoso.com/bin/* FullTrust";
System.Diagnostics.ProcessStartInfo psi = new
System.Diagnostics.ProcessStartInfo (casPol, arg);
psi.CreateNoWindow = true;
psi.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
System.Diagnostics.Process.Start(psi);

Regards,

Felix Wang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no
Click to expand...
rights.
 
F

Felix Wang

Hello,

To use the classes under "System.Security.Policy" to achieve the goal, the
following code is for your reference:

using System.Security;
using System.Security.Policy;

...

IEnumerator levels = SecurityManager.PolicyHierarchy();
while (levels.MoveNext())
{
PolicyLevel level = (PolicyLevel)levels.Current;
//Machine policy?
if (level.Label.ToString( ) == "Machine")
{
//Start from the Top Level CodeGroup for each Policy Level
CodeGroup group = level.RootCodeGroup;
//Is it for "All code"?
if (group.MembershipCondition.ToString( ) == "All code")
{
//Define the PermissionSet as "FullTrust"
PermissionSet psFulltrust = level.GetNamedPermissionSet("FullTrust");
//Define a URL membership condition for http://www.contoso.com/bin/*
UrlMembershipCondition umc = new
UrlMembershipCondition("http://www.contoso.com/bin/*");
//Add the Child CodeGroup - this is what the caspol tool does for us
//caspol -quiet -machine -addgroup 1. -url http://www.contoso.com/bin/*
FullTrust -name TestCodeGroup
UnionCodeGroup ucg = new UnionCodeGroup(umc,new
PolicyStatement(psFulltrust));
ucg.Name ="MyNewCodeGroup";
group.AddChild(ucg);
//Save the policy
SecurityManager.SavePolicy();
}
}
}

Please give it a try and see whether this helps or not.

Regards,

Felix Wang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with Trust for User 1
(Security) Full trust programmatically - caspol not suitable 1
security exception when running .net app from network drive 1
Trust an Assembly 1
Security Issue: run app from network drive (v3.5 + v1.1) 1
Question about modify security policy in client machine 3
.NET Intranet Zone Permission to Full Trust?? 3
Code Access Security issue 6

Top