Hi,

I am in the process of working on ASP.NET web control. Basically the control
is just a timer which after a certain timespan posts the page back to
server. It is now functionally complete, and as good coding practice i ran
FxCop on the assembly.

Im a relative newbie in .NET, espacially when it comes to subjects like
security, which previously i just tended to ignore because it was
non-essential for a functionally complete product.

FxCop complained that Assemblies should declare minimum security. At the
moment im looking for a quick fix, so what should a security permissions of
such assembly be?

Kind regards,
nick Goloborodko

If you want the quick fix, then you could do a minimum request for
FullTrust.

[assembly: PermissionSet(SecurityAction.RequestMinimum, Unrestricted=true)]

Which will prevent your assembly from loading if its not going to be fully
trusted; this should work fine by default on the server side. If you're
deploying to the client side, then adding this permission will prevent your
assembly from loading. (More on assembly-level declarative security here:
http://blogs.msdn.com/shawnfa/archiv...0/222918.aspx).

If this is a client-side control, you'll need to start with the Internet
permission set, which will be quite a few more attributes. (caspol -lp and
then search for the Internet set to get an idea.) At the very least you'll
need:

[assembly: SecurityPermission(SecurityAction.RequestMinimum,
SecurityAction.Execution)]

You could start from there, and then work your way up as you encounter
security exceptions.

-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.


Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------
curity
3.phx.gbl