Framework Security Configuration

M

Matt Theule

Where can I find information about Runtime Security Policies?
I have a winform that is hosted in a webform that needs to access the
filesystem. Using the Configuration mmc snapin, I have created a code
group that has 'full trust' for any assembly from the specified URL (a
local intranet server). In this configuration, a Security exception is
thrown when trying to copy a file.

When I use the Security Wizard, and elevate the Local Intranet Zone to
'full trust', the application works as expected.

How can I find out what changes were made when moving the slider from
the default for the Local Intranet Zone to Full Trust?

Thanks

MATT
 
J

Joe Mayo

Hi Matt,

There is a lot of information out there explaining how .NET Code Access
Security works and sometimes it takes a while to really get what is going
on. Something that isn't always obvious when reading the materials are
where security is being applied. For example, there is Windows OS security
with ACLs and all that, then there is .NET Code Access Security, then there
is another security dimension that comes into play when deploying Smart
Client apps like you are. With Smart Client apps, IE is hosting the CLR and
applying its own policies in the AppDomain it creates for your application
to run in. So, this is just a little backgrounder to help out as you begin
learning CAS. Here are more sources of information for you to find answers
to how and why it works the way it does:

The MSDN Security Developer Center (For General Info)
http://msdn.microsoft.com/security/

Chapter 8 - Code Access Security in Practice (ASP.NET Security Guide)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh08.asp

Wonders of WinForms Column (Chris Sells has written some of the most
informative work there is on Smart Client deployment, including security
related issues)

http://www.sellsbrothers.com/writing/

The C# Tutorial @ C# Station (I've exposed all of the examples for the C#
Tutorial as Smart Client, which I call Smart Consoles <grin>, applications
and have a page that explains how to set up CAS to allow them to run)
http://www.csharp-station.com/Tutorial.aspx

Joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Adjust code access security rights programmaticly or through script? 1
.Net security for shared network driver 1
Security permissions for .NET v2.0 1
Trust permission opening a project. 2
.NET apps not being recognized as being in the Intranet Zone 8
SecurityAccess problem with .Net2.0 and COM 2
Test if current running assembly will trust a Security Zone 1
VB 2005 w/ 2.0 framework 1

Top