Giving a Mapped Drive .NET FullTrust

Lately, I've been running Virtual PC a lot to test various versions of WinFX on various platforms. To save me for locking any valuable code into a VPC HD, I use VPC shares, mapping Z to the D HD on my VPC host PC. That's all well and good 'til I try to load a project from Z which, according to the OS, is a mapped network drive (in spite of the fact that it's just the other partition on the very same PC), and Visual Studio complains that since I don't have FullTrust on that drive, things may not work out the way I'd hoped (and for whoever decided to write the code and put up that message box, thank you!):

The project location is not trusted.
Running the application may result in security exceptions when it
attempts to perform actions which require full trust.

What's happening is that VS is detecting that the project on the network drive is getting Intranet permissions according to the good and true workings of .NET Code Access Security (CAS). However, since I'm just trying to pretend that Z is on my PC (and, in fact, it is), I want it to have FullTrust permissions. To accomplish this, you need to add a new Code Group with an URL membership permission specifying the folder (in URL form) to which you'd like to grant full trust. You can do with the .NET Framework Configuration tool or you can do it from the command line like so:

c:\>caspol -q -machine -addgroup 1 -url file://z:/* FullTrust -name "Z Drive"

Once this new code group is in place, any new .NET processes you start will give any assemblies on the Z drive full trust (make sure to cycle the devenv.exe process if you want these new permissions and that message box to go away).

Since awarding new permissions, full trust or not, to any chunk of code is something that can cause a security hole, be careful. In this case, I'm awarding full trust so that Z acts just like a normal HD which has full trust by default, so I'm OK. Please make sure that you're OK before adding permission via code groups willy nilly.



Comment Feed 17 comments on this post

dru sellers:


How can I get this to work? caspol is not recognized as an internal or external command. What am I doing wrong?

Tuesday, Sep 21, 2004, 1:49 PM


Joel Martinez:


Wow ... that's really useful ... thanks for posting :-)

Tuesday, Sep 21, 2004, 1:50 PM


dru sellers:


ok so I found the caspol executable. DO I just need to run caspol once for all version or once for each .Net version?

Tuesday, Sep 21, 2004, 2:53 PM


Mike Kolitz:


Dru - CASPOL.EXE has to be in your path (or the current directory) to work. Either run it from your Visual Studio .NET Command Prompt, or add %systemroot%\Microsoft.Net\Framework\(version) to your path.

Tuesday, Sep 21, 2004, 2:59 PM


dru sellers:


Cool thank you for the info. Hadn't played with PATH before this could make life interesting. Thanks!

Tuesday, Sep 21, 2004, 3:10 PM


Chris Sells:


You need to run the appropriate caspol for each version of .NET installed (each of them has their own security settings).

Tuesday, Sep 21, 2004, 4:55 PM


Maxim V. Karpov:


I recommend you give full-trust to a directory on the drive rather to the entire drive, but again this is just my suggestion. What do i know ;)?

My two cents, Maxim

By the way, I heard caspol utility will be missing in the next release, because people just use it to compelelty disable CAS.
[www.ipattern.com do you?]

Tuesday, Sep 21, 2004, 5:00 PM


Chris Sells:


Some folks need a quick, easy way to turn CAS off, so I don't see caspol going away any time soon (although I could be totally wrong -- they sometimes neglect to tell me these things : ).

Thursday, Sep 23, 2004, 12:04 PM


Yves:


This works fine for win applications. If I do the same thing with an asp.net application and create a virtual folder on my network drive, I get an error icon.
 

Monday, Jan 3, 2005, 3:23 PM


Harjit S. Batra:


On a related note, from one assembly I am using the Process object to execute another assembly, using process.StartInfo.FileName = "\\127.0.0.1\share\assembly2.exe". Because of caspol settings both assemblies are trusted, however before assembly2 is executed, I get the File Download dialog "Would you like to open the file or save it to your computer?", with the open checkbox greyed out! Anyway to get around that prompt? Do I have to add something to my internet security settings, maybe?

Thursday, Feb 17, 2005, 3:22 PM


Ayende Rahien:


You just saved me quite a bit of problem, thanks.

Sunday, Oct 23, 2005, 6:27 AM


Festus Redelinghuys:


Thankyou very much, this tip saved me many an hour.

Monday, Aug 7, 2006, 10:38 AM


elisha:


One thing to add, if you're running a 64-bit OS, you should make sure to run both the 32- and 64- bit versions of caspol:

ok I got it. Thanks a lot.

[url=http://simulationpretimmobilier.net][color=#FFFFFF][u]Simulation pret immobilier[/u][/color][/url]

Sunday, May 24, 2009, 5:28 AM


JXL14:


The fact that he is shocked that these students have a different culture and upbringing from his has never struck his mind. ,

Saturday, Oct 10, 2009, 3:01 PM


Mark60:


Larry Hodges, the computer scientist on the team, thinks that audio quality is, in several of their applications and exper- iments, consistently more important than visual quality. ,

Tuesday, Oct 13, 2009, 1:42 AM


Thomas Gravgaard:


Thanks SO much! You have no idea how many times I have tried getting this to work using old obscure posts i found with no success. This just works! Fantastic!

Saturday, Jan 30, 2010, 2:17 AM


Tony Rogerson:


2 hours it took to fix this - I wish I'd found this page sooner - man so so thank you!

Thursday, Feb 25, 2010, 10:28 AM





comment on this post

HTML tags will be escaped.

Powered By ASP.NET

Hosted by SecureWebs

Mensa

IEEE