"Claus Konrad" <som@meal.it> wrote in message
news:%235NZ9JNgFHA.1204@TK2MSFTNGP12.phx.gbl...

"Claus Konrad" <som@meal.it> wrote in message
news:OYdqZOZgFHA.1444@TK2MSFTNGP10.phx.gbl...
> Hi Nicole
>
> Thanks for the informative input!
> What I did not specify is that I naturally DID attempt with granting
> Full_Thrust to the assemblies (see below for a cut-paste from this
> Codegroup)
>
> ****************
> Description:
> WSE 2.0 related assemblies.
>
> Assembly evidence must match this membership condition to belong to the
> code group: Url - file://C:/Program Files/Microsoft WSE/v2.0/*.

> You are correct about the AllowPartiallyThrustedCallers - but the caller
> here is a Microsoft Assembly (VS.NET),

> and assemblies exibiting strongnameidentity of <Microsoft snkey> does
> receive Fullthrust, so VS.NET is therefore not partially thrusted.

> Has it to do with the fact that VS.NET (the caller) is a COM application?

>
> Thanks
> /Claus
>
>
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:%23QiKKmVgFHA.1048@tk2msftngp13.phx.gbl...
>> Actually, the Everything permission set is quite different from the
>> FullTrust set. There are three key differences in practice:
>>
>> 1. Everything excludes SecurityPermission\SkipVerification.
>>
>> 2. Everything includes only permissions that ship with the .NET
>> Framework, so new permissions deployed with other assemblies are not
>> granted with the Everything set.
>>
>> 3. It is possible for a demand for full trust to be made (e.g.: implicit
>> LinkDemand for FullTrust when calling into a strongly named assembly that
>> is not marked with AllowPartiallyTrustedCallersAttribute). Such demands
>> will not be passed by assemblies that are granted only the Everything
>> set.
>>
>> I suspect that #3 is the culprit here since the add-in assembly
>> references WseSettings2.dll, which is a strongly named assembly that is
>> not marked with AllowPartiallyTrustedCallersAttribute. To work around
>> this problem, you might want to consider granting full trust to
>> assemblies signed with the WSE setting strong name key (similar to the
>> My_Computer_Zone\Microsoft_Strong_Name group).
>>
>>
>>
>> "Claus Konrad" <som@meal.it> wrote in message
>> news:%235NZ9JNgFHA.1204@TK2MSFTNGP12.phx.gbl...
>> Having done a standard installation of WSE 2.0 (SP3), I'm perfectly able
>> to right-click a project and use the dialog from "WSE Settings...".
>> However - once I change the PermissionSet (CAS) for the CodeGroup called
>> "My_Computer_Zone" from 'FullThrust' -> 'Everything' (effectively to
>> enable CAS!), I am no longer able to run the WSE 2.0 Add-in. The error
>> is: "The Add-in Microsoft WSE 2.0 Settings Tool" failed to load or threw
>> an Exception (Error 8013150a)".
>>
>> Does anybody have an idea of what is going on? The "Everything" CodeGroup
>> is effectively the same as FullThrust (or mayby not?).
>>
>> /Claus
>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%23QiKKmVgFHA.1048@tk2msftngp13.phx.gbl...
> Actually, the Everything permission set is quite different from the
> FullTrust set. There are three key differences in practice:
>
> 1. Everything excludes SecurityPermission\SkipVerification.
>
> 2. Everything includes only permissions that ship with the .NET
> Framework, so new permissions deployed with other assemblies are not
> granted with the Everything set.
>
> 3. It is possible for a demand for full trust to be made (e.g.: implicit
> LinkDemand for FullTrust when calling into a strongly named assembly that
> is not marked with AllowPartiallyTrustedCallersAttribute). Such demands
> will not be passed by assemblies that are granted only the Everything set.
>
> I suspect that #3 is the culprit here since the add-in assembly references
> WseSettings2.dll, which is a strongly named assembly that is not marked
> with AllowPartiallyTrustedCallersAttribute. To work around this problem,
> you might want to consider granting full trust to assemblies signed with
> the WSE setting strong name key (similar to the
> My_Computer_Zone\Microsoft_Strong_Name group).
>
>
>
> "Claus Konrad" <som@meal.it> wrote in message
> news:%235NZ9JNgFHA.1204@TK2MSFTNGP12.phx.gbl...
> Having done a standard installation of WSE 2.0 (SP3), I'm perfectly able
> to right-click a project and use the dialog from "WSE Settings...".
> However - once I change the PermissionSet (CAS) for the CodeGroup called
> "My_Computer_Zone" from 'FullThrust' -> 'Everything' (effectively to
> enable CAS!), I am no longer able to run the WSE 2.0 Add-in. The error is:
> "The Add-in Microsoft WSE 2.0 Settings Tool" failed to load or threw an
> Exception (Error 8013150a)".
>
> Does anybody have an idea of what is going on? The "Everything" CodeGroup
> is effectively the same as FullThrust (or mayby not?).
>
> /Claus
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uPTyR7ZgFHA.2916@TK2MSFTNGP14.phx.gbl...
> "Claus Konrad" <som@meal.it> wrote in message
> news:OYdqZOZgFHA.1444@TK2MSFTNGP10.phx.gbl...
>> Hi Nicole
>>
>> Thanks for the informative input!
>> What I did not specify is that I naturally DID attempt with granting
>> Full_Thrust to the assemblies (see below for a cut-paste from this
>> Codegroup)
>>
>> ****************
>> Description:
>> WSE 2.0 related assemblies.
>>
>> Assembly evidence must match this membership condition to belong to the
>> code group: Url - file://C:/Program Files/Microsoft WSE/v2.0/*.
>
> Code groups based on file paths can be tricky. You need to be using the
> exact path that will be used at runtime, and finding that exact path can
> require considerable troubleshooting. In this case, I would recommend
> using a strong name membership condition instead of a URL membership
> condition when defining the code group.
>
>
>> You are correct about the AllowPartiallyThrustedCallers - but the caller
>> here is a Microsoft Assembly (VS.NET),
>
> Actually, the problem assembly here is probably WseSettingsVS2.dll, which
> is not signed with the same Microsoft strong naming key that is used for
> signing the .NET Framework assemblies (which is granted full trust via the
> My_Computer_Zone\Microsoft_Strong_Name group).
>
>
>> and assemblies exibiting strongnameidentity of <Microsoft snkey> does
>> receive Fullthrust, so VS.NET is therefore not partially thrusted.
>
> WseSettingsVS2.dll (the add-in assembly) is not signed with the same key,
> so it isn't granted full trust under the
> My_Computer_Zone\Microsoft_Strong_Name group. I would recommend creating
> a similar group (e.g.: My_Computer_Zone\MicrosoftWseSettings_Strong_Name)
> that uses the key from the WseSettingsVS2.dll assembly. Just so you know,
> I've tested this approach, and it does work.
>
>
>> Has it to do with the fact that VS.NET (the caller) is a COM application?
>
> Probably not since granting full trust to the add-in assembly resolves the
> problem.
>
>
>>
>> Thanks
>> /Claus
>>
>>
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:%23QiKKmVgFHA.1048@tk2msftngp13.phx.gbl...
>>> Actually, the Everything permission set is quite different from the
>>> FullTrust set. There are three key differences in practice:
>>>
>>> 1. Everything excludes SecurityPermission\SkipVerification.
>>>
>>> 2. Everything includes only permissions that ship with the .NET
>>> Framework, so new permissions deployed with other assemblies are not
>>> granted with the Everything set.
>>>
>>> 3. It is possible for a demand for full trust to be made (e.g.:
>>> implicit LinkDemand for FullTrust when calling into a strongly named
>>> assembly that is not marked with AllowPartiallyTrustedCallersAttribute).
>>> Such demands will not be passed by assemblies that are granted only the
>>> Everything set.
>>>
>>> I suspect that #3 is the culprit here since the add-in assembly
>>> references WseSettings2.dll, which is a strongly named assembly that is
>>> not marked with AllowPartiallyTrustedCallersAttribute. To work around
>>> this problem, you might want to consider granting full trust to
>>> assemblies signed with the WSE setting strong name key (similar to the
>>> My_Computer_Zone\Microsoft_Strong_Name group).
>>>
>>>
>>>
>>> "Claus Konrad" <som@meal.it> wrote in message
>>> news:%235NZ9JNgFHA.1204@TK2MSFTNGP12.phx.gbl...
>>> Having done a standard installation of WSE 2.0 (SP3), I'm perfectly able
>>> to right-click a project and use the dialog from "WSE Settings...".
>>> However - once I change the PermissionSet (CAS) for the CodeGroup called
>>> "My_Computer_Zone" from 'FullThrust' -> 'Everything' (effectively to
>>> enable CAS!), I am no longer able to run the WSE 2.0 Add-in. The error
>>> is: "The Add-in Microsoft WSE 2.0 Settings Tool" failed to load or threw
>>> an Exception (Error 8013150a)".
>>>
>>> Does anybody have an idea of what is going on? The "Everything"
>>> CodeGroup is effectively the same as FullThrust (or mayby not?).
>>>
>>> /Claus
>>>
>>
>>
>
>

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:uPTyR7ZgFHA.2916@TK2MSFTNGP14.phx.gbl...
> "Claus Konrad" <som@meal.it> wrote in message
> news:OYdqZOZgFHA.1444@TK2MSFTNGP10.phx.gbl...
>> Hi Nicole
>>
>> Thanks for the informative input!
>> What I did not specify is that I naturally DID attempt with granting
>> Full_Thrust to the assemblies (see below for a cut-paste from this
>> Codegroup)
>>
>> ****************
>> Description:
>> WSE 2.0 related assemblies.
>>
>> Assembly evidence must match this membership condition to belong to the
>> code group: Url - file://C:/Program Files/Microsoft WSE/v2.0/*.
>
> Code groups based on file paths can be tricky. You need to be using the
> exact path that will be used at runtime, and finding that exact path can
> require considerable troubleshooting. In this case, I would recommend
> using a strong name membership condition instead of a URL membership
> condition when defining the code group.
>
>
>> You are correct about the AllowPartiallyThrustedCallers - but the caller
>> here is a Microsoft Assembly (VS.NET),
>
> Actually, the problem assembly here is probably WseSettingsVS2.dll, which
> is not signed with the same Microsoft strong naming key that is used for
> signing the .NET Framework assemblies (which is granted full trust via the
> My_Computer_Zone\Microsoft_Strong_Name group).
>
>
>> and assemblies exibiting strongnameidentity of <Microsoft snkey> does
>> receive Fullthrust, so VS.NET is therefore not partially thrusted.
>
> WseSettingsVS2.dll (the add-in assembly) is not signed with the same key,
> so it isn't granted full trust under the
> My_Computer_Zone\Microsoft_Strong_Name group. I would recommend creating
> a similar group (e.g.: My_Computer_Zone\MicrosoftWseSettings_Strong_Name)
> that uses the key from the WseSettingsVS2.dll assembly. Just so you know,
> I've tested this approach, and it does work.
>
>
>> Has it to do with the fact that VS.NET (the caller) is a COM application?
>
> Probably not since granting full trust to the add-in assembly resolves the
> problem.
>
>
>>
>> Thanks
>> /Claus
>>
>>
>>
>>
>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> news:%23QiKKmVgFHA.1048@tk2msftngp13.phx.gbl...
>>> Actually, the Everything permission set is quite different from the
>>> FullTrust set. There are three key differences in practice:
>>>
>>> 1. Everything excludes SecurityPermission\SkipVerification.
>>>
>>> 2. Everything includes only permissions that ship with the .NET
>>> Framework, so new permissions deployed with other assemblies are not
>>> granted with the Everything set.
>>>
>>> 3. It is possible for a demand for full trust to be made (e.g.:
>>> implicit LinkDemand for FullTrust when calling into a strongly named
>>> assembly that is not marked with AllowPartiallyTrustedCallersAttribute).
>>> Such demands will not be passed by assemblies that are granted only the
>>> Everything set.
>>>
>>> I suspect that #3 is the culprit here since the add-in assembly
>>> references WseSettings2.dll, which is a strongly named assembly that is
>>> not marked with AllowPartiallyTrustedCallersAttribute. To work around
>>> this problem, you might want to consider granting full trust to
>>> assemblies signed with the WSE setting strong name key (similar to the
>>> My_Computer_Zone\Microsoft_Strong_Name group).
>>>
>>>
>>>
>>> "Claus Konrad" <som@meal.it> wrote in message
>>> news:%235NZ9JNgFHA.1204@TK2MSFTNGP12.phx.gbl...
>>> Having done a standard installation of WSE 2.0 (SP3), I'm perfectly able
>>> to right-click a project and use the dialog from "WSE Settings...".
>>> However - once I change the PermissionSet (CAS) for the CodeGroup called
>>> "My_Computer_Zone" from 'FullThrust' -> 'Everything' (effectively to
>>> enable CAS!), I am no longer able to run the WSE 2.0 Add-in. The error
>>> is: "The Add-in Microsoft WSE 2.0 Settings Tool" failed to load or threw
>>> an Exception (Error 8013150a)".
>>>
>>> Does anybody have an idea of what is going on? The "Everything"
>>> CodeGroup is effectively the same as FullThrust (or mayby not?).
>>>
>>> /Claus
>>>
>>
>>
>
>

"Claus Konrad" <som@meal.it> wrote in message
news:Ou4SrgagFHA.1948@TK2MSFTNGP12.phx.gbl...
> Thanks a zillion!
> SN did the trick.
>
> Now - I'm just puzzled as to why the built-in CodeGroup (My_Computer_Zone)
> does not give everything fullthrust as it's condition is Zone = My
> Computer?

> I mean - everything on my C-drive fullfils this condition?

> That MS has made a SN-condition in addition to this group is just to
> maintain full trust to their own assemblies (maching a cretain sn).

> Am I totally way out here?
>
> /Claus
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:uPTyR7ZgFHA.2916@TK2MSFTNGP14.phx.gbl...
>> "Claus Konrad" <som@meal.it> wrote in message
>> news:OYdqZOZgFHA.1444@TK2MSFTNGP10.phx.gbl...
>>> Hi Nicole
>>>
>>> Thanks for the informative input!
>>> What I did not specify is that I naturally DID attempt with granting
>>> Full_Thrust to the assemblies (see below for a cut-paste from this
>>> Codegroup)
>>>
>>> ****************
>>> Description:
>>> WSE 2.0 related assemblies.
>>>
>>> Assembly evidence must match this membership condition to belong to the
>>> code group: Url - file://C:/Program Files/Microsoft WSE/v2.0/*.
>>
>> Code groups based on file paths can be tricky. You need to be using the
>> exact path that will be used at runtime, and finding that exact path can
>> require considerable troubleshooting. In this case, I would recommend
>> using a strong name membership condition instead of a URL membership
>> condition when defining the code group.
>>
>>
>>> You are correct about the AllowPartiallyThrustedCallers - but the caller
>>> here is a Microsoft Assembly (VS.NET),
>>
>> Actually, the problem assembly here is probably WseSettingsVS2.dll, which
>> is not signed with the same Microsoft strong naming key that is used for
>> signing the .NET Framework assemblies (which is granted full trust via
>> the My_Computer_Zone\Microsoft_Strong_Name group).
>>
>>
>>> and assemblies exibiting strongnameidentity of <Microsoft snkey> does
>>> receive Fullthrust, so VS.NET is therefore not partially thrusted.
>>
>> WseSettingsVS2.dll (the add-in assembly) is not signed with the same key,
>> so it isn't granted full trust under the
>> My_Computer_Zone\Microsoft_Strong_Name group. I would recommend creating
>> a similar group (e.g.: My_Computer_Zone\MicrosoftWseSettings_Strong_Name)
>> that uses the key from the WseSettingsVS2.dll assembly. Just so you
>> know, I've tested this approach, and it does work.
>>
>>
>>> Has it to do with the fact that VS.NET (the caller) is a COM
>>> application?
>>
>> Probably not since granting full trust to the add-in assembly resolves
>> the problem.
>>
>>
>>>
>>> Thanks
>>> /Claus
>>>
>>>
>>>
>>>
>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>> message news:%23QiKKmVgFHA.1048@tk2msftngp13.phx.gbl...
>>>> Actually, the Everything permission set is quite different from the
>>>> FullTrust set. There are three key differences in practice:
>>>>
>>>> 1. Everything excludes SecurityPermission\SkipVerification.
>>>>
>>>> 2. Everything includes only permissions that ship with the .NET
>>>> Framework, so new permissions deployed with other assemblies are not
>>>> granted with the Everything set.
>>>>
>>>> 3. It is possible for a demand for full trust to be made (e.g.:
>>>> implicit LinkDemand for FullTrust when calling into a strongly named
>>>> assembly that is not marked with
>>>> AllowPartiallyTrustedCallersAttribute). Such demands will not be passed
>>>> by assemblies that are granted only the Everything set.
>>>>
>>>> I suspect that #3 is the culprit here since the add-in assembly
>>>> references WseSettings2.dll, which is a strongly named assembly that is
>>>> not marked with AllowPartiallyTrustedCallersAttribute. To work around
>>>> this problem, you might want to consider granting full trust to
>>>> assemblies signed with the WSE setting strong name key (similar to the
>>>> My_Computer_Zone\Microsoft_Strong_Name group).
>>>>
>>>>
>>>>
>>>> "Claus Konrad" <som@meal.it> wrote in message
>>>> news:%235NZ9JNgFHA.1204@TK2MSFTNGP12.phx.gbl...
>>>> Having done a standard installation of WSE 2.0 (SP3), I'm perfectly
>>>> able to right-click a project and use the dialog from "WSE
>>>> Settings...".
>>>> However - once I change the PermissionSet (CAS) for the CodeGroup
>>>> called "My_Computer_Zone" from 'FullThrust' -> 'Everything'
>>>> (effectively to enable CAS!), I am no longer able to run the WSE 2.0
>>>> Add-in. The error is: "The Add-in Microsoft WSE 2.0 Settings Tool"
>>>> failed to load or threw an Exception (Error 8013150a)".
>>>>
>>>> Does anybody have an idea of what is going on? The "Everything"
>>>> CodeGroup is effectively the same as FullThrust (or mayby not?).
>>>>
>>>> /Claus
>>>>
>>>
>>>
>>
>>
>
>

"Claus Konrad" <som@meal.it> wrote in message
news:OiumwnagFHA.2156@TK2MSFTNGP14.phx.gbl...
> Or put in another way - the CodeGroup "My_Computer_Zone" with
> PermissionSet = "Full Trust" simply just trusts everything running from my
> harddrive, correct?
>
> It effectively disables CAS on my local harddrive?
>
> /Claus
>
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:uPTyR7ZgFHA.2916@TK2MSFTNGP14.phx.gbl...
>> "Claus Konrad" <som@meal.it> wrote in message
>> news:OYdqZOZgFHA.1444@TK2MSFTNGP10.phx.gbl...
>>> Hi Nicole
>>>
>>> Thanks for the informative input!
>>> What I did not specify is that I naturally DID attempt with granting
>>> Full_Thrust to the assemblies (see below for a cut-paste from this
>>> Codegroup)
>>>
>>> ****************
>>> Description:
>>> WSE 2.0 related assemblies.
>>>
>>> Assembly evidence must match this membership condition to belong to the
>>> code group: Url - file://C:/Program Files/Microsoft WSE/v2.0/*.
>>
>> Code groups based on file paths can be tricky. You need to be using the
>> exact path that will be used at runtime, and finding that exact path can
>> require considerable troubleshooting. In this case, I would recommend
>> using a strong name membership condition instead of a URL membership
>> condition when defining the code group.
>>
>>
>>> You are correct about the AllowPartiallyThrustedCallers - but the caller
>>> here is a Microsoft Assembly (VS.NET),
>>
>> Actually, the problem assembly here is probably WseSettingsVS2.dll, which
>> is not signed with the same Microsoft strong naming key that is used for
>> signing the .NET Framework assemblies (which is granted full trust via
>> the My_Computer_Zone\Microsoft_Strong_Name group).
>>
>>
>>> and assemblies exibiting strongnameidentity of <Microsoft snkey> does
>>> receive Fullthrust, so VS.NET is therefore not partially thrusted.
>>
>> WseSettingsVS2.dll (the add-in assembly) is not signed with the same key,
>> so it isn't granted full trust under the
>> My_Computer_Zone\Microsoft_Strong_Name group. I would recommend creating
>> a similar group (e.g.: My_Computer_Zone\MicrosoftWseSettings_Strong_Name)
>> that uses the key from the WseSettingsVS2.dll assembly. Just so you
>> know, I've tested this approach, and it does work.
>>
>>
>>> Has it to do with the fact that VS.NET (the caller) is a COM
>>> application?
>>
>> Probably not since granting full trust to the add-in assembly resolves
>> the problem.
>>
>>
>>>
>>> Thanks
>>> /Claus
>>>
>>>
>>>
>>>
>>> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
>>> message news:%23QiKKmVgFHA.1048@tk2msftngp13.phx.gbl...
>>>> Actually, the Everything permission set is quite different from the
>>>> FullTrust set. There are three key differences in practice:
>>>>
>>>> 1. Everything excludes SecurityPermission\SkipVerification.
>>>>
>>>> 2. Everything includes only permissions that ship with the .NET
>>>> Framework, so new permissions deployed with other assemblies are not
>>>> granted with the Everything set.
>>>>
>>>> 3. It is possible for a demand for full trust to be made (e.g.:
>>>> implicit LinkDemand for FullTrust when calling into a strongly named
>>>> assembly that is not marked with
>>>> AllowPartiallyTrustedCallersAttribute). Such demands will not be passed
>>>> by assemblies that are granted only the Everything set.
>>>>
>>>> I suspect that #3 is the culprit here since the add-in assembly
>>>> references WseSettings2.dll, which is a strongly named assembly that is
>>>> not marked with AllowPartiallyTrustedCallersAttribute. To work around
>>>> this problem, you might want to consider granting full trust to
>>>> assemblies signed with the WSE setting strong name key (similar to the
>>>> My_Computer_Zone\Microsoft_Strong_Name group).
>>>>
>>>>
>>>>
>>>> "Claus Konrad" <som@meal.it> wrote in message
>>>> news:%235NZ9JNgFHA.1204@TK2MSFTNGP12.phx.gbl...
>>>> Having done a standard installation of WSE 2.0 (SP3), I'm perfectly
>>>> able to right-click a project and use the dialog from "WSE
>>>> Settings...".
>>>> However - once I change the PermissionSet (CAS) for the CodeGroup
>>>> called "My_Computer_Zone" from 'FullThrust' -> 'Everything'
>>>> (effectively to enable CAS!), I am no longer able to run the WSE 2.0
>>>> Add-in. The error is: "The Add-in Microsoft WSE 2.0 Settings Tool"
>>>> failed to load or threw an Exception (Error 8013150a)".
>>>>
>>>> Does anybody have an idea of what is going on? The "Everything"
>>>> CodeGroup is effectively the same as FullThrust (or mayby not?).
>>>>
>>>> /Claus
>>>>
>>>
>>>
>>
>>
>
>