You might want to consider making the additional permission grant a bit more
restrictive, both with respect to code group membership and the granted
permission set. Granting unrestricted permissions to all code originating
on any network (even an intranet) leaves client machines open to additional
risk that could easily be avoided. For example, in your particular
scenario, it might be quite sufficient to grant only one additional
permission (WebPermission to connect to the target web service address) over
the baseline intranet grant, and you could probably be quite restrictive
about the code group membership criteria that are used to grant this
additional permissions. For example, on top of intranet zone evidence, you
could probably use URL evidence corresponding to your control's URL and
strong name and/or publisher evidence corrresponding to strong name and/or
authenticode signatures applied to the control assembly.
"James" <j DOT w AT zoom DOT co DOT uk> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:ep******** *****@TK2MSFTNG P11.phx.gbl... You cannot elevate the assembly's permissions from within its own code.
The only code change you could make that would remove the requirement for
the additional CAS permissions is one that alters the application's
behaviour so that it no longer needs any permissions besides those
granted to the zone from which it will run (presumably the intranet zone
in your case). If connecting to a web service on a different web site is
a fixed and unavoidable requirement for the control, then I don't see how
you can avoid the additional permissions requirement. That said, moving
the web service (or at least a pass-through facade for the existing web
service) to the control host site would be an obvious approach to
consider, but nothing you've mentioned so far indicates whether that's an
option that's available to you...
Hi Nicole,
We spent this morning trying out your suggestion... It Works!
We raised the permissions for our domain to Full Trust for Intranet based
assemblies. Everything now runs perfectly.
Thanks very much for taking the time to answer my post, it is sincerely
appreciated.
James