|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here. ArchiveDisclaimer|
Running Intranet Applications in Full Trust
Updated: July 2008
Starting with the .NET Framework version 3.5 Service Pack 1 (SP1), applications and their library assemblies can be run as full-trust assemblies from a network share. MyComputer zone evidence is automatically added to assemblies that are loaded from a share on the intranet. This evidence gives those assemblies the same grant set (which is typically full trust) as the assemblies that reside on the computer. This functionality does not apply to ClickOnce applications or to applications that are designed to run on a host.
The following rules apply to assemblies that are loaded by an executable on a network share:
Library assemblies must reside in the same folder as the executable assembly. Assemblies that reside in a subfolder or are referenced on a different path are not given the full-trust grant set.
If the executable delay-loads an assembly, it must use the same path that was used to start the executable. For example, if the share \\network-computer\share is mapped to a drive letter and the executable is run from that path, assemblies that are loaded by the executable by using the network path will not be granted full trust. To delay-load an assembly in the MyComputer zone, the executable must use the drive letter path.
In earlier versions of the .NET Framework, shared assemblies were granted Intranet zone evidence. You had to specify code access security policy to grant full trust to an assembly on a share.
This new behavior is the default for intranet assemblies. You can return to the earlier behavior of providing Intranet evidence by setting a registry key that applies to all applications on the computer. This process is different for 32-bit and 64-bit computers:
On 32-bit computers, create a subkey under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework key in the system registry. Use the key name LegacyMyComputerZone with a DWORD value of 1.
On 64-bit computers, create a subkey under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework key in the system registry. Use the key name LegacyMyComputerZone with a DWORD value of 1. Create the same subkey under the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework key.