A while back, I posted some information on how to get on demand assembly download to work for ClickOnce applications. As MVP Corrado Cavalli noted to me privately, however, this technique will not work in partial trust - and yet, the download APIs themselves are designed to work in partial trust!
To use on demand download in partial trust, you have a couple of options. All of them involve downloading the APIs before the CLR attempts to load the assembly, thus bypassing use of the AssemblyResolve event.
- User prompting. You can configure your application to include a number of optional "feature packages". Users can select which ones to install from a menu or another UI construct. You can even disable the features visibly in your application, and prompt users to download the feature's assemblies if they attempt to access them.
- Download before first use. This is the silent approach. When a user attempts to activate a feature for which you have not downloaded the assemblies, make the necessary call to DownloadFileGroup() or DownloadFileGroupAsync() to fetch the bits.
The AssemblyResolve approach is nice because it's low cost for the developer. You don't have to instrument your application to detect whether an optional feature is installed or not. However, you may choose to use one of the above two methods instead, even if your app is fully trusted.