>It's saying that my strongly named assembly implicitly demands that my >caller(s) are fully trusted (unless I use APTC to say otherwise). So that >statement has nothing do with with my assembly's set of granted >permissions, but the set of permissions my caller(s) will be >required to have by default.
It does and it doesn't. The demand doesn't "grant" the permissions, it means it can only run with those permissions--essentially ensuring a minimum set of permissions are granted. >"By default, strongly named, **fully trusted** assemblies are given an >implicit LinkDemand for FullTrust on every public and protected method of >every publicly visible class." You can't explicitly grant full-trust to an assembly, you can grant full- trust to a zone where an assembly is run from. So, I read the quote to mean strongly-named assemblies are run in FullTrust because of the LinkDemand when APTC or RequestRefuse is not used. >I don't think that's correct. An assembly developer might use > RequestRefuse to specifically not allow his/her code to run with > full trust. Yes, you are correct. I had RequestMinimum in my head. >I think you're intermixing orthogonal issues. I think some of these issues overlap; so, I don't consider them orthogonal. >It's easy enough for me to envision using strong name identity >permissions to place some restrictions on who calls me (subject >to the new-in-2.0 characteristic that this no longer works if my >caller is not fully trusted) w/o particularly knowing or caring at the >time what their exact set of permissions is going to be. I'm talking strictly 2.0 here. From what MS has said they view what SNIP gives you in 1.x to be a defect. You're not really placing restrictions on callers though; you're at the very least unrestricting self-restricted callers. >For example, at the time the identity requirement is made and >implemented using a SNIP, the configured permissions of the calling >assembly(ies) happens to be X. Those permissions should be allow to >change from X to Y w/o negating the demand that said assembly(ies) >still be strongly named with a particular keypair. If LinkDemand is performed only at JIT compile, does this affect how permission changes are handled with SNIP? It's more than just forcing callers to be trusted or not. For example, I can run a strong-name assembly from the local drive (thus running in FullTrust, by default). If that assembly loads a strong-named assembly from an un-trusted zone the load is refused despite the caller being fully- trusted--SNIP would never come into play. >I don't understand that question. Assembly X uses a SNIP to request that >the runtime require X's caller be strongly named with a particular key. In 2.0, what SNIP does is essentially: "If a strong-named assembly with this set of evidence has explicitly relinquished full-trust let it load/run me". That's the opposite of how I would expect to request caller permissions. If the zone in which a strongly-named assembly that doesn't relinquish full-trust does not grant full-trust the SNIP isn't encountered because the caller can't attempt to load the assembly. =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
