c# - .net 4.0 security permission attributes

In some enterprise environment, where the corporation may have their own deployment strategy that every assemblies is centrallized deployed to some remote shared locations. 

 

Then it might have the peril of Security exception.

 

The cause of the exception is that executable from remote share is trated as untrusted zone, and the caspol setting does not work anymore.  And if the assemblies is from remote share, the assemblies are in partial trusted state. 

 

The problem with partially trusted assembiles for the libraries developers is that when you deploy the assemblies on the remote share, when other people uses your assemblies some security critical operation checked at runtime will throw out exception and the invocation to your Assemblies will result in error. 

 

The solution is to enable the so called level 1 security rule, while by deafult the security rule  turned on for .net assemblies is the level 2...

 

 

here is what you might put in to the assembly attribute. 

 

[assembly: AllowPartiallyTrustedCallers]
[assembly: SecurityRules(SecurityRuleSet.Level1)]
[assembly: SecurityCritical]

 

 The level 1 rule is bascially saying use the old security policy. But why do we have the SecurityCritical attributes?

 

From the MSDN Security Critical Attribute:

 

The SecurityCriticalAttribute is equivalent to a link demand for full trust. A type or member marked with the SecurityCriticalAttribute can be called only by fully trusted code; it does not have to demand specific permissions. It cannot be called by partially trusted code.

 

 

There is also the SecuritySafeCritical attribute:

 

 

It is because the SecurityCrtical code can be access by the SecurityTransparent code or the AllowPartialllyTrustedCallerAttribute. But the SecurityCriticalAttibute code cannot accesss the code that is SecurityTransparent code or the AllowPartialllyTrustedCallerAttribute...