Haibo just posted an excellent article about what happens when you use reflection to get a custom attribute across trust boundaries. The specific situation he talks about is when you have:
- A fully trusted assembly defining a custom attribute
- A partially trusted assembly containing that attribute in its metadata
- A fully trusted assembly reflecting over the partial trust assembly
It’s another case where APTCA can bite you if you’re not careful … and in this case the behavior might be quite surprising. Definitely worth a read.