We have a scenario (much like everyone else I'm sure) where we have
some applications that reside on the intranet, a local share, but are
run from independant client machines. Some of these applications need
FullTrust.
It was our understanding that :
The CLR will determine permissions a .NET assembly has when the
assembly is loaded.
By default, any assembly loaded from a local share is given FullTrust
permissions.
By default, any assembly loaded from a network share is given
restricted permissions.
So, when a utility is built that sits on a network share a user may
not be able to run it successfully
from the network share unless that assembly or location is granted
FullTrust (or appropriate permissions)
For our local utility applications we decided to sign all assemblies
with the CompanyNameInternalFullTrust.snk key file. On every machine
that may need to run these we add a security policy that grants any
application
signed with the CompanyNameInternalFullTrust.snk key file FullTrust,
thus ensuring the application will run.
used caspol as follows to accomplish this task
caspol -m -ag 1.2 -strong - file "filename" -noname -noversion
FullTrust -n CompanyNameInternalFullTrust
All of this worked just fine until recently, not sure exactly when but
it seems some Windows Update has broken this model. Now the
applications do not seem to be granted FullTrust anymore.
Does anyone know of an update that would invalidate the LocalIntranet
trusts, reset them or otherwise break this model? Thanks in advance.
James
