CAS, mixing assembly (RequestOptional) and method permissions

[codefragment]

Hi
(Second CAS question)

At the assembly level I have:

[assembly: PermissionSet(SecurityAction.RequestOptional)]

at the method level I have

[ReflectionPermission(SecurityAction.Demand,
Flags=ReflectionPermissionFlag.RestrictedMemberAccess,
RestrictedMemberAccess=true)]

my method is empty.

However this gives me this message:

Request for the permission of type "..ReflectionPermission..." failed

Can you mix and match these permissions? I thought the method level
permission was an explicit Demand for the security so would be ok?

thanks

 

[codefragment]

Also, this might be useful for other people to know as its taken a
while to get this working

(1) Permissions at the policy level (user/machine/enterprise) are
intersected
(2) Permissions at the Code group level (regardless of if nested) are
union'd

assuming they are applicable to your assembly of course

So, in practice, how can I make my assembly more or less secure?

(1) To make it more secure add a new code group which applies to just
your assembly. Once you've created it right click on it, properties,
and click on the first checkbox you can see. This means only the
permissions you see here are applicable, others are ignored
(2) To make it less secure just add a new Code Group which applies
just to your assembly. The permissions you add will get union'd with
the others to make it less secure

Last thing, how can you refer to your assembly? One of 2 ways
(1) StrongName (purely for testing)

// run this in Visual Studio command prompt, place the new file where
the application can see it
sn -k PublicPrivatePair.snk

// add these attributes to the AssemblyInfo.cs file
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyKeyFile("PublicPrivatePair.snk")] (this is
deprecated but it does the job for testing)

(2) By URL, e.g. file://C$/<rest of path to your executables filename)