I think we're getting stuck on semantics and side-tracked on explicit FullTrust assignment.
On Thu, 16 Feb 2006 10:03:41 -0700, Mike Woodring <[EMAIL PROTECTED]> wrote: >Huh? Have you tried that? A fully trusted exe, for example, running off >the hard drive and with full trust, can indeed load strongly named >assemblies from partially trusted zones. How can can an assembly with a LinkDemand for FullTrust run from a partially trusted zone? (talking "default" strong-named assemblies here) I may not have been clear; but, I'm not saying all strong-named assemblies are "granted" FullTrust I'm saying (when they don't refuse it or use APTC) the implicit LinkDemand for FullTrust means their code can't run without it. From a running code point of view this is pedantically the same thing; the code can't run (and attributes are not evaluated) without FullTrust regardless of whether is was explicitly assigned or implicitly "inherited". This means that SNIP is only effectively evaluated when a strong-named assembly opts out of requiring FullTrust. If the assembly does not opt out of FullTrust and is running in a FullTrust zone FullTrust-means- FullTrust takes over and effectively ignores the SNIP. If the assembly is explicitly given FullTrust then FullTrust-means-FullTrust overrides again. For some reason I can now assign FullTrust to a publickey, regardless of the source zone. I'm not sure why I couldn't before. My mistake to assume observed behaviour was an indication of how things work. Regardless, forward of .NET 1.1, I don't see why SNIP was retained (or not deprecated if legacy issues are taken into account). Given the aforementioned conditions/assumptions why would I want to limit just strong-named-assemblies-who-have-refused-FullTrust-or-APTCed to a specific identity? In other words, in what situation would SNIP allow permission to an otherwise denied assembly, or deny an otherwise allowed assembly? It's clear that you can't limit based on identity; so, I'm assuming allowing an otherwise denied assembly is the only case where SNIP would be used--which is not what Demand and LinkDemand do. To think of it in other words: in what scenario would I need to use SNIP? Sorry for being long-winded or possibly sounding argumentative; I'm just trying to figure out SNIP in .NET 2.0. =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
