C# network security management

[cryptic]

I created a C# assembly with no security permissions, started it from a
mapped network drive and execute a file io algorithm - it fails with a
SecurityException (FileIOPermission). If I added a FileIOPermissionAttribute
and a ClickOnce Manifest, it fails with the same error. Next step was that I
execute the mscorcfg.msc and config the zonerights for the hole computer, the
result: it works. My question: If I create a assembly for a customer and they
will execute the asm from a mapped drive, it's really necessary that I give
the customer a *.msi package with full network rights or give it another way,
because it seems that the logical way not worked when the zonerights are not
setup.
Next: Has anybody a german article about this problem?

 

[Norman Yuan]

That is not a problem, it is the way how .NET code works. You need to learn
a little bit on .NET Code Access Security (CAS). Googling ".NET code access
security" brings you tons of links. .NET documentation is also good source
of learning.

To simplize it, .NET treat all code loaded from outside running computer as
unsafe (not trusted) by default. You need to configure the running computer
to give certain trust to the code loaded from somewhere other than from
local disk. You use .NET framework configuration applet (mscorcfg.msc, only
available with .NET 1.1 and .NET2.0 SDK) or CASPOL.exe (.NET2.0 without SDK)
to do that.

If you do not want to (or do not know how to) do this CAS configuration, you
need to install your app (WIN form app) to each running computer (most Win
form apps are still deployed this way). To run your app from network drive,
it is maybe too much to give full trust to entire intranet/LAN. It is better
ti scale down the CAS scope to its really needed, such as only give a
certain network folder needed trust.