locked
Code access security question RRS feed

  • Question

  • Hello,

    I have created one executable file and run it on client machine. but I have received and error

    System.Security.SecurityException: Request for the permission of type System.Security.Permissions.FileIOPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.

    Solution for this problem is, set security and create an Deployment Package from mscorcfg.msc.

    my question is for Which policy Level I have to create Deployment Package,
    it shows me three options Enteprise, machine and user?

    OR

    In which code group .net exe will run by default?

    Thanks





    Friday, April 3, 2009 12:52 PM

Answers

  • This comes from Essential .NET by Don Box with Chris Sells.

    One can specify security policy at up to four levels, which are represented by the System.Security.PolicyLevelType enumeration:

    namespace System.Security {
    public enum PolicyLevelType {
    User,
    Machine,
    Enterprise,
    AppDomain
    }
    }

    The User policy level is specific to an individual user, whereas the Machine policy level applies to all users on a specific host machine. The Enterprise policy level applies to a family of machines that are part of an Active Directory installation. Finally, the AppDomain policy level is specific to a particular application running inside an operating system process.

    To that end, the default Enterprise , User , and AppDomain policy levels all grant full-trust permission regardless of the presented evidence. However, the default Machine policy level grants full-trust permissions only to code loaded from the MyComputer security zone or code that carries the Microsoft or ECMA public keys. The Machine policy grants considerably fewer permissions to non-Microsoft or non-ECMA code loaded from other security zones.

     

    Also refer to this article about how CLR use code group to grant the permission to your assembly.

    The CLR computes the allowed permission set for an assembly in the following way:

    1. Starting from the All_Code code group, all the child groups are searched to determine which groups the code belongs to, using identity information provided by the evidence . (If the parent group doesn't match, then that group's child groups are not checked.)
    2. When all matches are identified for a particular policy level, the permissions associated with those groups are combined in an additive manner (union ).
    3. This is repeated for each policy level and permissions associated with each policy level are intersected with each other.

    So all the permissions associated with matching code groups in one policy level are added together (union ) and the result for each policy level is intersected with one another. An intersection is used to ensure that policy lower down in the hierarchy cannot add permissions that were not granted by a higher level.

     

     

     


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Thursday, April 9, 2009 8:51 AM
    Moderator