Security settings for intranet zone

[Roland Dick]

Hi,

I have a problem executing a managed application from a server's share -
hopefully, someone can give me a hint. The application and all DLLs are
signed with a key, therefore have a strong name.

Now, I was assuming that if I create a code group under the
"Organization" level with that strong name as criterium and the
FullTrust permission set, my assemblies should be able to access all
ressources (including reflection which is causing all the trouble); but
when executing the application, I get a SecurityException. I tried
setting that policy to LevelFinal and Exclusive, but still that nasty
SecurityExceptions keep popping up. The only way I found to make it work
is when I set the LocalIntranet zone security setting to the highest
level. But of course, customers will not be wanting to grant full access
to just any assembly on the intranet.

Therefore, my questions are:
1. How does the zone security setting affect the runtime policies?
2. How can I grant my application FullTrust permission set, but only my
application?

Thanks for any hints on this!

Roland

 

[Nicole Calinoiu]

You definitely should not have to elevate the permission grant of the entire
intranet zone for this. If you are seeing problems after setting up the
code groups that uses strong name evidence, either your policy modifications
are incorrectly configured, or you might have a assembly in the mix that
isn't signed with the same key. Since the policy modification issue is
likely to be more difficult to troubleshoot, let's first try to rule out the
possibility of an assembly with an alternate signature in the mix. Would
you be able to post the full exception details (incl. call stack) of one of
your SecurityExceptions, as output by its ToString method?