Jaa


FullTrust Means FullTrust

One of the items on my long list of blog todo's has been a change that the security team has been calling "FullTrust Means FullTrust" internally.  Basically, this change means that demands for identity permissions will now always succeed in FullTrust, where they may have failed in previous runtime versions.  Eugene beat me to the punch on this one, and has a good post up explaining the change and the reasoning behind it.  Definitely worth a read if you're interested in one of the bigger changes in security for Whidbey.

Comments

  • Anonymous
    August 24, 2005
    There's a ton of new and enhanced security features coming with the v2.0 release of the CLR.  However,...

  • Anonymous
    August 31, 2005
    There's a ton of new and enhanced security features coming with the v2.0 release of the CLR.  However,...

  • Anonymous
    October 20, 2005
    The comment has been removed

  • Anonymous
    March 19, 2006
    Is there any steps for .NET Framework 2 to protect our assembly. It seem I have problem after signing my assembly still the other application that doesn't have the key still can use my assymbly. I have been set many assembly with different keys, but still after I create other application that doesn't set a key can reference into my assembly and use any methods that I want it secret.

  • Anonymous
    March 21, 2006
    Hi Ariston,

    Strong name signing does not prevent an application without your key from calling your methods, it simply gives your assembly a unique name.  It sounds like you'll want to use the StrongNameIdentityPermission with a demand for your key.  This will prevent partial trust code without your key from calling into your APIs.  However, it will not prevent FullTrust code from doing the same.

    -Shawn

  • Anonymous
    March 21, 2006
    Hi Ariston,

    Strong name signing does not prevent an application without your key from calling your methods, it simply gives your assembly a unique name.  It sounds like you'll want to use the StrongNameIdentityPermission with a demand for your key.  This will prevent partial trust code without your key from calling into your APIs.  However, it will not prevent FullTrust code from doing the same.

    -Shawn

  • Anonymous
    January 08, 2007
    Full Trust means unrestricted permissions to system resources. The GAC has FullTrust because it’s on the local harddisk i.e  code is allowed to do anything in the framework. We can change Security policy using caspol.exe or .NET Framework Configuration tool.

  • Anonymous
    January 08, 2007
    Full Trust means unrestricted permissions to system resources. The GAC has FullTrust because it’s on the local harddisk i.e  code is allowed to do anything in the framework. We can change Security policy using caspol.exe or .NET Framework Configuration tool.

  • Anonymous
    May 07, 2007
    A while back I wrote about the performance penalty of loading an assembly with an Authenticode signature