I'm a little fuzzy on a few code access security basics. It seems like a reasonable approach (essentially a "configurable sandbox") but I'm not exactly sure how .NET determines the evidence for an assembly. Some information could come from the strong name (that's simple enough), but what about the security "zone" (intranet/Internet/local)?
For example, I'm trying out a few different deployment methods with a distributed application. Which ones of these could cause the downloaded assembly to have a new zone (and thus restricted permissions, unless I specifically modify the security policy): * Dynamically retrieving an assembly from a web service as an array of bytes, then saving it to disk and running it with Assembly.LoadFrom() and a local path. * Downloading and running a "shadow copy" of an assembly using the Assembly.LoadFrom() method with a URI to a remote server. * Using the codeBases attribute in a configuration file to specify a remote computer URI for updates to an assembly. My thinking is that the zone evidence will change for the last two, but not the first one. Is this right? Thanks, Matthew You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
