I just asked some people at Microsoft (Alex and Erwin) about security permissions for .net and their answer has led me onto the following posts which are finally giving me a better idea of how things work with the security policy. It’s amazing how helpful they are to random strangers 😉
When I’d been looking up the problem before I’d only really seen it from the clients side, and come across references to caspol.exe. As a developer you really want to start by looking at permcalc.exe and the things that you can do become a lot clearer.
Aaron Steele has written some very clear articles on the subject of trust.
- http://blogs.pointbridge.com/Blogs/floraday_burt/Pages/Post.aspx?_ID=2
- http://blogs.pointbridge.com/Blogs/floraday_burt/Pages/Post.aspx?_ID=3
- http://blogs.pointbridge.com/Blogs/floraday_burt/Pages/Post.aspx?_ID=4
Then there’s this possibly useful note of a use of permcalc.exe.
I’m still looking at the best way to deploy a security policy. From what I’m told it’s possible to deploy a custom security policy in an MSI file so that may be the way to ensure your application works from wherever it is deployed to; even network shares. At least for the person who installed it anyway.
Here’s an additional note on a potential limitation of permcalc.exe.