Using CasPol to Fully Trust a Share

Since network shares by default only get LocalIntranet permissions, it’s relatively common to want to use CasPol to fully trust some shares that you control and know are safe.  However, CasPol syntax being what it is, the command to do this isn’t immediately obvious.  If I wanted to trust everything on the share \\ShawnFa-Srv\Tools, the…

73

Home for the Holidays

I’m going to be on vacation until the end of December, so this blog will be going dark for about a week and a half.  It’ll be nice to get away for a while, especially since I haven’t taken a vacation since last December … I’m definitely looking forward to some time off.  On the…

2

Why Do I Still Get an Exception Accessing a File with Full FileIOPermission?

This issue (and its cousin: Why Do I Still Get an Exception Accessing the Registry with Full RegistryPermission?) come up fairly frequently on the newsgroups.  The reasoning is actually very simple. The exception being thrown in these cases arises from the fact that the CAS model sits on top of the security model provided by…

5

Hitting the Mailbag

I’ve gotten quite a few questions from this blog over the past several months.  And although I can’t answer all of them, here’s some quick answers to some of the more common ones.  If you do have more questions, its usually best to post them in the comments here or in the microsoft.public.dotnet.security newsgroup.  That way if…

2

Handling Assemblies that Won’t Load: Method 2.1

Yesterday, I showed an alternate to the shim method of gracefully failing from an assembly using an AppDomainManager.  However, as David pointed out  this method isn’t particularly useful if you’re going to be using it to detect failure to load your main assembly.  The reasoning is that AppDomainManagers need FullTrust to run.  If your application…

0

Handling Entry Assemblies that Won’t Load: Method 2

The last two days we worked on a shim application that allowed us to handle gracefully the condition where a program’s main assembly will not load due to declarative security issues.  While we were definitely able to improve on the shim yesterday, there are still several issues with using this approach.  Namely: Assembly.GetEntryAssembly() will still…

3

Handling Entry Assemblies that Won’t Load: Method 1.1

Yesterday we developed a simple Shim application in order to fail gracefully when our application’s entry assembly doesn’t have enough permission to meet its minimum grant set, and therefore won’t be loaded.  However, there were quite a few problems with that version of the Shim.  Today, lets improve on it a bit, to make a nicer…

2

Handling Entry Assemblies that Won’t Load: Method 1

Last week, when I posted about failing to run in partial trust gracefully, the method I showed only worked if your main assembly could be loaded.  However, if it has a minimum permission request that cannot be satisfied, your main method won’t ever be called, and you won’t be able to fail gracefully. For instance,…

8

Managed StrongName Refactoring Complete

I’ve completed refactoring the Managed StrongName project, and I’ve uploaded the new sources.  The changes I made were all pretty much what I laid out in the previous post.  We now have two modules built, msn.exe which is a thin wrapper around MS.StrongName.dll.  MS.StrongName.dll contains everything in the old StrongName.Native.dll, plus a lot of what…

2

MS.StrongNameSignatures.cs

1  using System;2  using System.Diagnostics;3  using System.Globalization;4  using System.IO;5  using MS.StrongName.Native;6  7  namespace MS.StrongName8  {9      /// <summary>10      ///     Class that exposes the managed StrongName API for dealing with signatures11      /// </summary>12      public static class Signatures13      {14          /// <summary>15          ///     Verify an assembly’s strong name16          /// </summary>17          /// <exception cref=”ArgumentNullException”>18          ///     If <paramref name=”signedAssembly”/> is null19          /// </exception>20          /// <exception cref=”ArgumentException”>21          ///     If <paramref name=”signedAssembly”/> is empty22          /// </exception>23          /// <exception cref=”InvalidOperationException”>24          ///     If verification could not complete25          /// </exception>26          /// <param…

0