I am trying to run a .Net 2.0 application from a network share without using the FullTrust permission set. I want to create a new permission set that has just the permissions my assemblies require, and then assign that to the exe on the shared path. Is it possible to do this? From my limited experiments, I find that I am unable to do get any application working from a network share without FullTrust. I tried creating a new perm set, and also tried the Everything and other perm sets, but none seem to work. Has anyone had any experience with this?
MegaWhiz
问问题
2410 次
3 回答
2
您需要使用强名称对程序集进行签名,然后将您的强名称的 cas-policy 设置为完全信任。
为使用您的强名称签名的所有代码设置 FullTrust 的最简单方法是:
caspol.exe -q -m -ag MyZone -strong -hex [HexCodeOfYourStrongName] -noname -noversion FullTrust -name MyCode -description "Code trust for my code"';
如果您的代码被拆分为多个程序集,您需要使用该强名称对每个程序集进行签名。您可能需要SecurityPermission
使用链接需求设置 -Attribute,以确保调用者的安全性接管。
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.ControlPrincipal)]
于 2009-01-08T08:25:37.703 回答
0
给予强命名的程序集 FullTrust 权限听起来不错,但不幸的是,我的程序集引用了几个第三方 COM Dll,如果我对主程序集进行强命名,它们也需要强命名。我猜然后将 FullTrust 赋予 Shawn 给出的路径是最好的解决方案: CasPol.exe -pp off -m -ag 1.2 -url file://\ShawnFa-Srv/Tools/* FullTrust
于 2009-01-08T10:40:28.057 回答