SP1 now plays with new trust rules when using assemblies across a network share. By default these assemblies are now granted full trust where in previous versions the Microsoft .NET Framework 2.0 Configuration utility was used in order to increase security trust from partial to full on signed assemblies. The problem with this new change is since .NET 3.x+ versions are basically service packs of the 2.0 framework anyone with a VS2005 application built against the v2.0 framework can kiss this security goodby as once the 3.5 SP1 is installed the v2.0 application now operates in full trust mode across a network share by default even though it wasn't compiled against the v3.5 framework. I agree that this was a good improvement to make, but this is also going to create a QA nightmare as applications which shouldn't require the v3.5 framework will now operate in a different fashion if it is installed.
Correcto. I had my issues with this which I raised all the way to the top brass and them some. As it turns out, you can revert the behavior to 'legacy' mode by tweaking a registry key. But that is not the default behavior and depending on your environment and you would have to plan appropriately to implement it across your enterprise. It may require at least a QA regression as well. The change was made to 'unify' the behavior across the windows operating platform with regard to managed v. unmanaged execution. The reason for the change was customer driven. -- Regards, Alvin Bruney [MVP ASP.NET] [Shameless Author plug] Download OWC Black Book, 2nd Edition Exclusively on www.lulu.com/owc $15.00 Need a free copy of VSTS 2008 w/ MSDN Premium? http://msmvps.com/blogs/alvin/Default.aspx ------------------------------------------------------- "Techno_Dex" wrote in message news:eNXwD5X$IHA.872@TK2MSFTNGP05.phx.gbl... > SP1 now plays with new trust rules when using assemblies across a network > share. By default these assemblies are now granted full trust where in > previous versions the Microsoft .NET Framework 2.0 Configuration utility > was used in order to increase security trust from partial to full on > signed assemblies. The problem with this new change is since .NET 3.x+ > versions are basically service packs of the 2.0 framework anyone with a > VS2005 application built against the v2.0 framework can kiss this security > goodby as once the 3.5 SP1 is installed the v2.0 application now operates > in full trust mode across a network share by default even though it wasn't > compiled against the v3.5 framework. I agree that this was a good > improvement to make, but this is also going to create a QA nightmare as > applications which shouldn't require the v3.5 framework will now operate > in a different fashion if it is installed. >
I would be interested to find out more about this if you have more details. Since v3.0+ uses the .NET Framework 2.0 Configuration utility for security levels what kind of interactions to this Full Trust change have in the Code Acces Security Policy section, mainly the Local Intranet zone? I would have expected the Local Intranet zone to be raised to Full Trust but its not. Is the Local Intranet zone completely ignored once SP1 is installed? Do you happen to know what the Registry key is in the event that we need to support the "legacy" mode? My fear at this point is that a client with a 2.0 app already installed will have SP1 pushed out via Windows Update and not know any different until things start behaving differently. TIA "Alvin Bruney [ASP.NET MVP]" <vapor dan using hot male spam filter> wrote in message news:41AD16C7-66E1-4DE6-9365-BAB2F505EFCB@microsoft.com... > Correcto. I had my issues with this which I raised all the way to the top > brass and them some. As it turns out, you can revert the behavior to > 'legacy' mode by tweaking a registry key. But that is not the default > behavior and depending on your environment and you would have to plan > appropriately to implement it across your enterprise. It may require at > least a QA regression as well. > > The change was made to 'unify' the behavior across the windows operating > platform with regard to managed v. unmanaged execution. The reason for the > change was customer driven. > > -- > > Regards, > Alvin Bruney [MVP ASP.NET] > > [Shameless Author plug] > Download OWC Black Book, 2nd Edition > Exclusively on www.lulu.com/owc $15.00 > Need a free copy of VSTS 2008 w/ MSDN Premium? > http://msmvps.com/blogs/alvin/Default.aspx > ------------------------------------------------------- > > > "Techno_Dex" wrote in message > news:eNXwD5X$IHA.872@TK2MSFTNGP05.phx.gbl... >> SP1 now plays with new trust rules when using assemblies across a network >> share. By default these assemblies are now granted full trust where in >> previous versions the Microsoft .NET Framework 2.0 Configuration utility >> was used in order to increase security trust from partial to full on >> signed assemblies. The problem with this new change is since .NET 3.x+ >> versions are basically service packs of the 2.0 framework anyone with a >> VS2005 application built against the v2.0 framework can kiss this >> security goodby as once the 3.5 SP1 is installed the v2.0 application now >> operates in full trust mode across a network share by default even though >> it wasn't compiled against the v3.5 framework. I agree that this was a >> good improvement to make, but this is also going to create a QA nightmare >> as applications which shouldn't require the v3.5 framework will now >> operate in a different fashion if it is installed. >>
Read more here: http://msdn.microsoft.com/en-us/library/cc713717.aspx -- Regards, Alvin Bruney [MVP ASP.NET] [Shameless Author plug] Download OWC Black Book, 2nd Edition Exclusively on www.lulu.com/owc $15.00 Need a free copy of VSTS 2008 w/ MSDN Premium? http://msmvps.com/blogs/alvin/Default.aspx ------------------------------------------------------- "Techno_Dex" wrote in message news:eEf9SVh$IHA.5004@TK2MSFTNGP05.phx.gbl... > I would be interested to find out more about this if you have more > details. Since v3.0+ uses the .NET Framework 2.0 Configuration utility for > security levels what kind of interactions to this Full Trust change have > in the Code Acces Security Policy section, mainly the Local Intranet zone? > I would have expected the Local Intranet zone to be raised to Full Trust > but its not. Is the Local Intranet zone completely ignored once SP1 is > installed? Do you happen to know what the Registry key is in the event > that we need to support the "legacy" mode? My fear at this point is that > a client with a 2.0 app already installed will have SP1 pushed out via > Windows Update and not know any different until things start behaving > differently. > > TIA > > "Alvin Bruney [ASP.NET MVP]" <vapor dan using hot male spam filter> wrote > in message news:41AD16C7-66E1-4DE6-9365-BAB2F505EFCB@microsoft.com... >> Correcto. I had my issues with this which I raised all the way to the top >> brass and them some. As it turns out, you can revert the behavior to >> 'legacy' mode by tweaking a registry key. But that is not the default >> behavior and depending on your environment and you would have to plan >> appropriately to implement it across your enterprise. It may require at >> least a QA regression as well. >> >> The change was made to 'unify' the behavior across the windows operating >> platform with regard to managed v. unmanaged execution. The reason for >> the change was customer driven. >> >> -- >> >> Regards, >> Alvin Bruney [MVP ASP.NET] >> >> [Shameless Author plug] >> Download OWC Black Book, 2nd Edition >> Exclusively on www.lulu.com/owc $15.00 >> Need a free copy of VSTS 2008 w/ MSDN Premium? >> http://msmvps.com/blogs/alvin/Default.aspx >> ------------------------------------------------------- >> >> >> "Techno_Dex" wrote in message >> news:eNXwD5X$IHA.872@TK2MSFTNGP05.phx.gbl... >>> SP1 now plays with new trust rules when using assemblies across a >>> network share. By default these assemblies are now granted full trust >>> where in previous versions the Microsoft .NET Framework 2.0 >>> Configuration utility was used in order to increase security trust from >>> partial to full on signed assemblies. The problem with this new change >>> is since .NET 3.x+ versions are basically service packs of the 2.0 >>> framework anyone with a VS2005 application built against the v2.0 >>> framework can kiss this security goodby as once the 3.5 SP1 is installed >>> the v2.0 application now operates in full trust mode across a network >>> share by default even though it wasn't compiled against the v3.5 >>> framework. I agree that this was a good improvement to make, but this >>> is also going to create a QA nightmare as applications which shouldn't >>> require the v3.5 framework will now operate in a different fashion if it >>> is installed. >>> > >
