> >"By default, strongly named, **fully trusted** assemblies > are given an > >implicit LinkDemand for FullTrust on every public and > protected method of > >every publicly visible class." > > You can't explicitly grant full-trust to an assembly, you can > grant full- > trust to a zone where an assembly is run from. So, I read > the quote to > mean strongly-named assemblies are run in FullTrust because of the > LinkDemand when APTC or RequestRefuse is not used.
I guess we'll have to agree to disagree :-) Just because an assembly is strongly named, does not imply that it runs w/full trust. Likewise, running an assembly from something like the internet zone does not prevent it from being configured to run with full trust. Have you tried this? Strongly name an assembly, put it on a network share, then bring up the mscorcfg.msc snapin and use the 'evaluate assembly' wizard to see what kind of permissions it's granted (being careful to use the fully qualified share/site url to that assembly). It won't be fully trusted, even though it's strongly named. The use the 'trust assembly' wizard to trust that assembly (or all assemblies signed with the same key); granting it full trust. Then rerun the 'evaluate assembly' wizard and see what it says - it should reflect the new set of permissions. > It's more than just forcing callers to be trusted or not. > For example, I > can run a strong-name assembly from the local drive (thus running in > FullTrust, by default). If that assembly loads a > strong-named assembly > from an un-trusted zone the load is refused despite the > caller being fully- > trusted--SNIP would never come into play. Huh? Have you tried that? A fully trusted exe, for example, running off the hard drive and with full trust, can indeed load strongly named assemblies from partially trusted zones. The load may fail for other reasons, but not solely because a fully trusted app tried to load a strongly named assembly from a partially trusted zone. And when that dll is loaded from a partially trusted zone, it isn't magically assigned full trust just because it has a strong name (unless someone has configured policy to do just that). -Mike Bear Canyon Consulting LLC http://www.bearcanyon.com http://www.pluralsight.com/mike =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
