PIAB and partial trust

Topics: Policy Injection Application Block
Jun 4, 2008 at 7:57 PM
I am going nuts here.  My application was working fine until I decided to add some CAS to it.  I added the following attribute to the assemblyinfo.cs of one of my assemblies

[assembly: FileIOPermission(SecurityAction.RequestRefuse, Write=@"C:\Windows")]

Since my app moves files, I wouldn't want it misconfigured and accidentally run under the wrong account.

According to the EntLib docs this shouldn't be a problem:

Versions of Enterprise Library from 4.0 onwards, including this release, have the Allow Partially-Trusted Caller attribute (APTCA) on all assemblies. This means that you can call the methods of Enterprise Library and the application blocks from an application running in a partial trust environment. You can do this with the signed assemblies provided with Enterprise Library. There is no longer any requirement, as there was in version 3.x, to recompile the source code and the source code for ObjectBuilder then either use the unsigned binaries or strong-name them yourself.


All of my assemblies are signed.  I even tried manually increasing their trust level and I still got the SecurityExpcetion saying that
"That assembly does not allow partially trusted callers."

Siting the PIAB as the offending dll on a LinkDemand request.  Here is the code that is failing

PolicyInjection.Create<MyObject>();

Can anyone tell me what I'm missing.  Granted my assembly will be running in partial trust because I have assembly level permission attributes.  I have tried class level attributes and the problem goes away, but I want to specifiy this permission on the entire assembly.  The application should be running in Full trust so I don't understand what the issue is.

Thanks
Jun 19, 2008 at 3:20 PM
Hi,

Can you provide additional information about the exception you get? Even better, can you set up a stand-alone repro project and attach it to a new Issue in the issue tracker? I couldn't create such a project with just PIAB.

Is it possible the assembly not allowing PTCs is one of your own? Without the exception details it's hard to tell...

Fernando



chriscap16 wrote:
I am going nuts here.  My application was working fine until I decided to add some CAS to it.  I added the following attribute to the assemblyinfo.cs of one of my assemblies

[assembly: FileIOPermission(SecurityAction.RequestRefuse, Write=@"C:\Windows")]

Since my app moves files, I wouldn't want it misconfigured and accidentally run under the wrong account.

According to the EntLib docs this shouldn't be a problem:

Versions of Enterprise Library from 4.0 onwards, including this release, have the Allow Partially-Trusted Caller attribute (APTCA) on all assemblies. This means that you can call the methods of Enterprise Library and the application blocks from an application running in a partial trust environment. You can do this with the signed assemblies provided with Enterprise Library. There is no longer any requirement, as there was in version 3.x, to recompile the source code and the source code for ObjectBuilder then either use the unsigned binaries or strong-name them yourself.


All of my assemblies are signed.  I even tried manually increasing their trust level and I still got the SecurityExpcetion saying that
"That assembly does not allow partially trusted callers."

Siting the PIAB as the offending dll on a LinkDemand request.  Here is the code that is failing

PolicyInjection.Create<MyObject>();

Can anyone tell me what I'm missing.  Granted my assembly will be running in partial trust because I have assembly level permission attributes.  I have tried class level attributes and the problem goes away, but I want to specifiy this permission on the entire assembly.  The application should be running in Full trust so I don't understand what the issue is.

Thanks