Adding Assemblies to Security Policy
An assembly that implements a custom permission, or implements any other custom security object that is not included in the .NET Framework, must be added to the fully trusted assembly list. There is a separate list for each policy level. The fully trusted assembly list grants its members full trust for the related policy level. This is necessary to keep the runtime from performing circular policy resolutions. Before you add an assembly to security policy, you must give it a strong name and put it in the global assembly cache.
To add an assembly that implements a custom security object to the fully trusted assembly list
- Type the following command at the command prompt:
caspol [-enterprise|-machine|-user] –addfulltrust AssemblyFile
Specify the policy-level option before the –addfulltrust option. If you omit the policy-level option, Caspol.exe lists the permission sets at the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.
The following command adds
MyCustomPermissionSet.exeto the user policy level's fully trusted assembly list.
caspol –user –addfulltrust MyCustomPermissionSet.exe
If the assembly you add depends on another assembly (that is, uses types implemented in another assembly), you must also add that assembly to the list.
Adding an assembly to a fully trusted assembly list does not guarantee that it will be granted full trust by the policy system as a whole, but only that it will be granted full trust at the policy level where it is listed. For example, if you add the MyCustomPermission.exe assembly to the user policy level's fully trusted assembly list, but MyCustomPermission.exe receives only execution rights from machine policy, MyCustomPermission.exe would eventually be granted only execution rights. It is therefore important to remember that putting an assembly into the fully trusted assembly list only helps avoid creating circular policy resolutions for the policy level where it is listed. It does not guarantee that the assembly implementing the custom permission actually receives a full trust grant.
Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe) | Configuring Permission Sets Using Caspol.exe | Security Policy Model | Code Access Security Policy Tool (Caspol.exe)