Setting CAS policy for a network share

[Guest]

I have a .Net application that is going to run from a network share. The
application needs Full Trust to run.
If I set the CAS policy under the .Net Runtime Security Policy / Machine
code group it runs fine, however when setting the policy under the User code
group it fails to run. I'm using location evidence.
I need to set the policy under the User group because the users running the
setup will not have admin rights, so they can no alter the settings under
Machine.
The only problem appears when the app is ran from a network share, if the
app runs locally I can set the permissions in the User group with no problem.
Is there a way to set up the policy under the User group and run the app
from a network share?

Thanks in advance!
Ram

 

[Peter Huang [MSFT]]

Hi Ram,

If we run the mscorcfg.msc and observe the Runtime Security Policy, there
will be three nodes, Enterprise, Machine and User. When the NET Runtime is
trying to calculate the result security policy. It will try to use the
intersection of the three categories.
e.g.
For certain URL, the enterprise level, we fulltrust it, but in the machine
level, we did not trust it. Now even if we set in the user level, we full
trust it, but the result is that we did not trust it.

That is why only set security policy in the user level will not make the
Assembly work, because in the machine level we deny it.

If you still have any concern, please feel free to post here.


Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.