Trusting an assembly configuration

[Guest]

I develop software (.NET) with strong name that needs to access network
drives by default.
Is there any way to make sure that this program have network access without
forcing the user to manually add this strong key to be trusted more?
And not to globally trust all .NET applications by default?

You know, to avoid the "Control panel/ Administrative Tools/ Microsoft .NET
Framework Wizards/ Trust an assembly", but during setup automatic configured
instead.

It appears that our users have problems setting up this trust.

 

[Mohamoss]

HI
you can set these security configurations on your assambly manifist
Mohamed Mahfouz
MEA Developer Support Center
ITworx on behalf of Microsoft EMEA GTSC

 

[Guest]

Hi,

you can set these security configurations on your assambly manifist

Thanks for the reply, but any tips how to set this up? Example or a link to
a page that describes this?
It must be somewhere in the documentation, but first you must find it. ;-)

I am refering to the administative settings that can be configured through
control panel... (policy settings) by user intervention
I am not refering to the settings that the program requests (permissen
settings), because these are already set up in the assembly.cs.

It would be nice if the user must not have to go through control panel
anymore to set up te security settings for my program that needs network
access, and keep his other security settings in place for other programs.
..

 

[Guest]

I develop software (.NET) with strong name that needs to access network

drives by default.
Is there any way to make sure that this program have network access without
forcing the user to manually add this strong key to be trusted more?
And not to globally trust all .NET applications by default?

You know, to avoid the "Control panel/ Administrative Tools/ Microsoft ..NET
Framework Wizards/ Trust an assembly", but during setup automatic configured
instead.

It appears that our users have problems setting up this trust.

I have a potentional sollution to my problem.
3 actually, but below is the code that gets my biggest favourite since it
use .NET code.

What I want to have is that my program, with current strong signed key found
in the executable, registers itself as policy that it automaticall have full
trust because it needs access to network drives. How could I modify the code
below that it does this? It could be machine dependend, but it also might be
user dependend.

I prefer to have this registration process into my application and not as
part of the setup program.

But here comes a scary conclusion, if it is possible, then that mean that
any bad program can give itself enoutgh rights to acces the internet without
the user intervention??? Can this be protected by an administrator?

-------------------------------------------
IEnumerator levels = SecurityManager.PolicyHierarchy();
while (levels.MoveNext()) {
PolicyLevel level = (PolicyLevel)levels.Current;
//Machine policy?
if (level.Label.ToString( ) == "Machine") {
//Start from the Top Level CodeGroup for each Policy Level
CodeGroup group = level.RootCodeGroup;
//Is it for "All code"?
if (group.MembershipCondition.ToString( ) == "All code"){
//Define the PermissionSet as "FullTrust"
PermissionSet psFulltrust =
level.GetNamedPermissionSet("FullTrust");
//Define a URL membership condition for
http://www.contoso.com/bin/*
UrlMembershipCondition umc = new
UrlMembershipCondition("http://www.contoso.com/bin/*");
//Add the Child CodeGroup - this is what the caspol tool
does for us
//caspol -quiet -machine -addgroup 1. -url
http://www.contoso.com/bin/* FullTrust -name TestCodeGroup
UnionCodeGroup ucg = new UnionCodeGroup(umc,new
PolicyStatement(psFulltrust));
ucg.Name ="DICOM-CT";
group.AddChild(ucg);
//Save the policy
SecurityManager.SavePolicy();
}
}
}
}


Thanks in advance.