> I develop software (.NET) with strong name that needs to access network
drives by default.
Is there any way to make sure that this program have network access
without forcing the user to manually add this strong key to be trusted more?
And not to globally trust all .NET applications by default?
You know, to avoid the "Control panel/ Administrative Tools/ Microsoft
..NET Framework Wizards/ Trust an assembly", but during setup automatic
configured instead.
It appears that our users have problems setting up this trust.
I have a potentional sollution to my problem.
3 actually, but below is the code that gets my biggest favourite since it
use .NET code.
What I want to have is that my program, with current strong signed key found
in the executable, registers itself as policy that it automaticall have full
trust because it needs access to network drives. How could I modify the code
below that it does this? It could be machine dependend, but it also might be
user dependend.
I prefer to have this registration process into my application and not as
part of the setup program.
But here comes a scary conclusion, if it is possible, then that mean that
any bad program can give itself enoutgh rights to acces the internet without
the user intervention??? Can this be protected by an administrator?
-------------------------------------------
IEnumerator levels = SecurityManager.PolicyHierarchy();
while (levels.MoveNext()) {
PolicyLevel level = (PolicyLevel)levels.Current;
//Machine policy?
if (level.Label.ToString( ) == "Machine") {
//Start from the Top Level CodeGroup for each Policy Level
CodeGroup group = level.RootCodeGroup;
//Is it for "All code"?
if (group.MembershipCondition.ToString( ) == "All code"){
//Define the PermissionSet as "FullTrust"
PermissionSet psFulltrust =
level.GetNamedPermissionSet("FullTrust");
//Define a URL membership condition for
http://www.contoso.com/bin/*
UrlMembershipCondition umc = new
UrlMembershipCondition("http://www.contoso.com/bin/*");
//Add the Child CodeGroup - this is what the caspol tool
does for us
//caspol -quiet -machine -addgroup 1. -url
http://www.contoso.com/bin/* FullTrust -name TestCodeGroup
UnionCodeGroup ucg = new UnionCodeGroup(umc,new
PolicyStatement(psFulltrust));
ucg.Name ="DICOM-CT";
group.AddChild(ucg);
//Save the policy
SecurityManager.SavePolicy();
}
}
}
}
Thanks in advance.