Dela via


How Do You Customize Your Policy?

As part of planning for our next release, we're interested in collecting some data on how you customize your security policy.  We're intereseted in as much information as you have to offer.  For instance, do you mainly add code groups to the machine level, or do you use the enterprise and user levels as well?  Generally are you just adding StrongNameMembershipConditions and PublisherMembershipConditions to grant higher trust to specific assemblies, or does your tinkering get more involved than that?  Is the main tool you use caspol, or do you use the .NET Framework Configuration tool in the Control Panel, or possibly even use your own tools?

Comments

  • Anonymous
    January 12, 2006
    The comment has been removed
  • Anonymous
    January 12, 2006
    Thanks Chris. I take it from your comments that you basically exclusively use the UrlMembershipCondition to trust a site, and use caspol except for the case where you need to deploy your policy via group policy.

    -Shawn
  • Anonymous
    January 12, 2006
    We are using .NET control in IE. For this to do we have strongly named our assembly. Then the XML file is used to import setting with .NET Framework Configuration tool. It is done manualy with a document describing the process. XML file is stored on a web server. So, we are using StrongNameMembershipCondition.
  • Anonymous
    January 14, 2006
    We are building VSTO applications and have taken the URLMembership approach. Deploying the applications has been a pain because of the security problems. What we have done is created a "Security Installer" that the customes run to setup the correct code policy.

    This installer also adds an entry to fix the "temporary assembly" problem that comes from the Xml serializer.

  • Anonymous
    January 17, 2006
    We usually customise policy via a custom policy file for each asp.net application. It's strange that there's no GUI for this.

    For Windows, it's mainly done using caspol.

    The Framework Configuration Wizard is useful for viewing settings, but as it doesn't refresh it's not really the best tool to work with.
  • Anonymous
    February 12, 2006
    The comment has been removed
  • Anonymous
    February 27, 2006
    Do we get to put forward a wish list?

    How about a version of caspol and the gui that will work with ASP.Net CAS files. That'd be top banana.
  • Anonymous
    May 12, 2006
    Sorry, never checked back to this thread.

    In answer to your question, yes we use the URL condition almost exclusively, as http is the mechanism for deployment, and with full-trust grant, we want to control the scope as tightly as possible without requiring lots of manual steps.