Scott Hanselman

Giving a Mapped Network Drive "FullTrust" with .NET Code Access Security

October 27, '04 Comments [0] Posted in Programming | Tools
Sponsored By

I'm saving this so I can find it easily later. Chris Sells has a post that describes how to give a Mapped Network Drive "FullTrust." Thanks Chris!

[When loading a Project from a Network Drive (like Z:\, perhaps within a VPC) you may receive:]

The project location is not trusted.
Running the application may result in security exceptions when it
attempts to perform actions which require full trust.

What's happening is that VS is detecting that the project on the network drive is getting Intranet permissions according to the good and true workings of .NET Code Access Security (CAS). However, since I'm just trying to pretend that Z is on my PC (and, in fact, it is), I want it to have FullTrust permissions.

To accomplish this, you need to add a new Code Group with an URL membership permission specifying the folder (in URL form) to which you'd like to grant full trust. You can do with the .NET Framework Configuration tool or you can do it from the command line like so:

c:\>caspol -q -machine -addgroup 1 -url file://z:/* FullTrust -name "Z Drive"

Once this new code group is in place, any new .NET processes you start will give any assemblies on the Z drive full trust.

Since awarding new permissions, full trust or not, to any chunk of code is something that can cause a security hole, be careful.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.