CAS privilege required for COM interop calls

20 Jul 2006 8:04 PM

googlegroups.20.gpw

My Application makes lots (i mean lots) of interop calls due to the
nature of what it does. (Screen scraping, MSAA, post messages to other
windows, etc..). It seems to me that the ability to call unmanaged code
is a pretty big thing, it can basically leave the environment
vulnerable to anything. So I ask you, at a practical level, does it
really make any sense for me to try to enumerate all the individual
privileges i require, or do i just assume FullTrust. My deployment
model is (hopefully) ClickOnce.

Thanks in advance.

20 Jul 2006 8:10 PM

googlegroups.20.gpw

Sorry, i forgot to mention my environment was C#, .NET 2.0 with XP or
later desktops.

Thanks again

20 Jul 2006 10:12 PM

Dominick Baier

If you need to interop with unmanaged code, that's equal to full trust.

You could shim all functionality, implement custom permissions and so forth.
But if unmanaged code access is a core feature of your app, i don't see much
of a sense here.

The story would be different i you would provide third party extensibility
and want to restrict access to win32...

dominick

Show quoteHide quote

> My Application makes lots (i mean lots) of interop calls due to the
> nature of what it does. (Screen scraping, MSAA, post messages to other
> windows, etc..). It seems to me that the ability to call unmanaged
> code is a pretty big thing, it can basically leave the environment
> vulnerable to anything. So I ask you, at a practical level, does it
> really make any sense for me to try to enumerate all the individual
> privileges i require, or do i just assume FullTrust. My deployment
> model is (hopefully) ClickOnce.
>
> Thanks in advance.
>