Monday, July 21, 2008

CAS & RefusedSet of permissions

I granted assemblies with a particular Strong Name "Full Trust" both in "My Computer" and "Intranet" zone.  When I run them out of VS.Net IDE they run with full set of permissions.  But, the moment I specify one or more permissions as "requisites" on my assembly, I get SecurityException (s) for the permissions I didn't mention on my assembly.

  1. I used .Net Framework 2.0 Configuration Wizard to grant all assemblies (in MyComputer zone as I'm debugging in my IDE)  that has a particular Strong Name.
  2. Now, I go ahead and specify a single pre-requisite for the assembly:
    • [assembly: SqlClientPermission(SecurityAction.RequestMinimum, Unrestricted = true)]
  3. I run the application
  4. A tell-tale security warning appears signifying the assembly is no longer running under "Full Trust" CAS-1
    • Warning: Indicates assembly is no longer running under "Full Trust"
  5. I specify UI permissions now:
    • [assembly: UIPermission(SecurityAction.RequestMinimum, Unrestricted=true)


    • Fig 2: UIPermission granted.  No warning messages
  6. The warning disappears
  7. As soon as I move to the next step in the wizard [where it requires a ConfigurationPermission], it throws a SecurityException CAS-3
    • Fig 3: Exception due to ConfigurationPermission denied
  8. But when I remove all CAS permission request declarations, the code appears to run with "Full Trust"


    • Fig 4: All access granted [including ConfigurationPermission]  

This leads me to wonder if the permissions I do not specify on the assembly become part of the permissions refused!

No comments: