Hi

I'm struggling to come to grips with CASPOL.
I'm experimenting with a small utility program (written in VB 2005) called
Compare_Prog.exe.
From drive c:, it runs successfully.
From a network share, it crashes.

I have executed the following CASPOL command
caspol -m -af s:\compare_prog.exe

I get a warning that I don't understand
"Because all GAC assemblies always get full trust, the full trust list is no
long
er meaningful. You should install any assemblies that are used in security
polic
y in the GAC to ensure they are trusted.
The operation you are performing will alter security policy.
Are you sure you want to perform this operation? (yes/no)"

I don't see what the GAC has to do with my program.
I answer Y, and I get a response "Success"

But, when I run the program it still crashes, with a security exception.

I tried rerunning my CASPOL command, and got the response
"ERROR: This assembly is already fully trusted"

If I enter this command instead

CasPol.exe -pp off -m -ag 1.2 -url file:s:\* FullTrust

ThenI can run the program successfully.

Why doesn't my "addfulltrust" command allow me to run the program?

Thanks

Barry

The addfulltrust option doesn't do what you (and many other <g>) think it
ought to. Instead, it simply adds an assembly to a list of assemblies that
are allowed to provide security information to the CLR. To grant
unrestricted permissions to your assembly, try creating a code group with a
full trust permission grant and evidence that matches your assembly.
Alternatively, since you are using .NET 2.0, you might want to consider
deploying as a ClickOnce assembly so that CAS permissions can be elevated
without modifying CAS policy on the client machines.


"Barry Flynn" <Anonymouse> wrote

The addfulltrust option doesn't do what you (and many other <g>) think it
ought to. Instead, it simply adds an assembly to a list of assemblies that
are allowed to provide security information to the CLR. To grant
unrestricted permissions to your assembly, try creating a code group with a
full trust permission grant and evidence that matches your assembly.
Alternatively, since you are using .NET 2.0, you might want to consider
deploying as a ClickOnce assembly so that CAS permissions can be elevated
without modifying CAS policy on the client machines.


"Barry Flynn" <Anonymouse> wrote

Nicole

Thanks for the help.

Can you give me something a bit more specific?
If my assembly is "fred.exe", and I want it to run from a network share,
what do I need to do?
Do I run CASPOL with the -ag parameter?
What "evidence" do I then need to provide?

My code is running in the Microsoft Dynamics SL "environment", and I don't
think clickonce is an option (although I will look into that).

Thanks

Barry

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote

Nicole

Thanks for the help.

Can you give me something a bit more specific?
If my assembly is "fred.exe", and I want it to run from a network share,
what do I need to do?
Do I run CASPOL with the -ag parameter?
What "evidence" do I then need to provide?

My code is running in the Microsoft Dynamics SL "environment", and I don't
think clickonce is an option (although I will look into that).

Thanks

Barry

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote