Console Applications requre UIPermission

Starting with beta 2, we’ve made a change around what permissions are required to launch a console application.  When I talk about console applications here, I’m talking about applications that specify they should run with the WINDOWS_CUI subsystem (.subsystem 0x0003 in the assembly manifest), rather than the WINDOWS_GUI subsystem (.subsystem 0x0002).  Console applications are generally created by default by the VB and C# compilers, by specifying /target:exe to the command line compilers, or by setting “Output type: Console Application” in Visual Studio.  In contrast, GUI applications are created with /target:winexe or by setting “Output type: Windows Application”.  Note that simply using the Console class in your code does not make your application a console application.

Here’s where the new security rules come into play.  Console applicatiosn require unrestricted UIPermission to execute.  This means that any console application that is launched over the Internet via Internet Explorer will now cause a SecurityException since the default Internet permission set does not grant unrestricted UIPermission.  To work around the issue, you can simply launch these applications from a command prompt.  Since LocalIntranet and higher already include unrestricted UI permission, you shouldn’t run into this problem when starting programs off of a network share.

Aside from applications being started over the Internet, the other big set of applications this change can affect are ClickOnce applications.  If your ClickOnce application is built as a console application rather than a GUI application, you’ll need to remember to request UIPermission when building the application's manifests in order to prevent this exception from showing up.

[Updated 3/18/2010: Clarified that this rule does not apply only to new allocation of console windows, but to all console apps]