.NET assembly runs in partial trust on a network d

2019-01-12 10:36发布

问题:

We have a strange issue with our C++ solution (which calls .NET 4.0 assemblies) when running on a network drive. The solution hosts several WCF services with NetTcpBinding, one of them with a non-default binding configuration. A non-default NetTcpBinding is per se not possible under partial trust (see Stack Overflow question When does WCF NetTcpBinding need full trust on the client?), but the solution runs under a fully trusted network drive. This does work on several different computers (Windows Vista and Windows 7) but fails on one (Windows Vista) with throwing an exception,

An error occurred creating the configuration section handler for "system.serviceModel/bindings": That assembly does not allow partially trusted callers. (K:\Somepath\Testing.exe.Config line 6)

This exception would be totaly OK, if the solution would indeed run under partial trust on that computer, but it does run under full trust. Even if I check for full trust in code it is true.

We double checked the Internet options with one of the computers it works on - no differences.

All DLL files and the EXE file are strong named.

Update: The network drive is under full trust on the particular computer (caspol.exe).

What should we look for?

If you need additional information, please let me know.

Update 2: We still have that issue and now even on one computer more (Windows 7). So it seems to be OS independent.

回答1:

It's called code access security (CAS), and it forces all untrusted network drives to be treated as untrusted network code.

Local code has full trust, network code has partial trust and Internet code has no trust. It's a .NET only security model. Your options are to either designate the network drive as a 'trusted' drive by giving it full rights (search for caspol.exe full trust network drive) or to copy the EXE file to a local drive.

Using CASPOL to Fully Trust a Network Share should help you out.

Or on the command line:

CasPol.exe -m -pp off -ag 1.2 -url file://///server/share/* FullTrust .


回答2:

We didn't find a solution here but a workaround: Don't use the app.config for the binding settings. Setting them in code works for us in the same environment.

This question by the way seems to handle a similar issue. HTH



回答3:

Right click on app.config -> Properties -> Unbock