Difference between Full Trust and Everything

23 Mar 2005 2:45 PM

Tim Anderson

What is the difference between Full Trust and Everything in .NET security
configuration?

I know there is a difference, because if I take the following steps, I can't
even get a simple winform app to run:

1. Create a code group for the My Computer Zone

2. Set the new code group to use the permission set Everything

3. Check the box for "This policy level will only have the permissions from
the permission set associated with this code group.

In fact, I get a warning that the .NET config tool itself will not run under
this permission set.

So what is in Full Trust that is not in Everything?

Tim

23 Mar 2005 3:04 PM

Nicole Calinoiu

The "missing" permission that is causing the warning is
SecurityPermission\SkipVerification. This is the only permission from the
"core" .NET Framework set that is missing from the Everything permission
set. However, that's not the only difference between the FullTrust and
Everything permission sets. The FullTrust set is special in that it doesn't
actually contain any permissions. Instead, it acts essentially like a flag
that an assembly should pass all demands for any code access permission.
This means that fully trusted assemblies will also pass demands for custom
code access permissions, including those that you might develop yourself.
This is not the case for code that is only granted Everything permission,
which includes only the permissions explicity included in its grant set.

HTH,
Nicole

Show quoteHide quote

"Tim Anderson" <timj***@hotmail.com> wrote in message
news:u5QaCc7LFHA.2824@TK2MSFTNGP10.phx.gbl...
> What is the difference between Full Trust and Everything in .NET security
> configuration?
>
> I know there is a difference, because if I take the following steps, I
> can't even get a simple winform app to run:
>
> 1. Create a code group for the My Computer Zone
>
> 2. Set the new code group to use the permission set Everything
>
> 3. Check the box for "This policy level will only have the permissions
> from the permission set associated with this code group.
>
> In fact, I get a warning that the .NET config tool itself will not run
> under this permission set.
>
> So what is in Full Trust that is not in Everything?
>
> Tim
>

23 Mar 2005 4:06 PM

Tim Anderson

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:OFUurm7LFHA.2748@TK2MSFTNGP09.phx.gbl...
> The "missing" permission that is causing the warning is
> SecurityPermission\SkipVerification. This is the only permission from the
> "core" .NET Framework set that is missing from the Everything permission
> set.

Thanks Nicole. However I'm still puzzled - even if I create an amended
Everything group with Skip Verification set to Yes as well as all the other
permissions, a simple windows forms app still won't run. It fails with a
security exception. So are there other custom permissions not listed in the
config tool?

Tim

23 Mar 2005 4:22 PM

Nicole Calinoiu

This is probably because of a demand or link demand for FullTrust, which
only a fully trusted assembly can pass.

Show quoteHide quote

"Tim Anderson" <timj***@hotmail.com> wrote in message
news:Odvb3I8LFHA.904@tk2msftngp13.phx.gbl...
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:OFUurm7LFHA.2748@TK2MSFTNGP09.phx.gbl...
>> The "missing" permission that is causing the warning is
>> SecurityPermission\SkipVerification. This is the only permission from
>> the
>> "core" .NET Framework set that is missing from the Everything permission
>> set.
>
> Thanks Nicole. However I'm still puzzled - even if I create an amended
> Everything group with Skip Verification set to Yes as well as all the
> other permissions, a simple windows forms app still won't run. It fails
> with a security exception. So are there other custom permissions not
> listed in the config tool?
>
> Tim
>