I've been meaning to post on here for a while but always find the information I need; up untill now of course! I would appreciate any help you may be able to offer in regards to code access security, and in particular dll's on a network share.

I am looking for a way to dynamically load assembles for reflection, instantiation, and invocation from an unknown network share at runtime.

I have searched the forums and understand that as of .NET 3.5 SP1, assemblies will execute on a network share with full trust. This appears to be targetted at .exe files and not .dll's.

I understand why this is happening, what code trust is, and how CasPol and the '.NET Framework 2.0 Configuration' tool works. I am able to modify the policies in order to obtain full trust in a test environment for a specific share, although I won't know the exact network share after deployment.

I am unable to utilise any of the in-built membership conditions, such as strongly signed, url, certificates and what-not.

I understand that I can implement a custom condition type by implementing the IMembershipCondition interface and jumping through a few hoops.

Based on the above information I would like to implement a custom membership condition (in C#), however this appears to be a rather involving task, and there doesn't appear to be much information available from Microsoft or on t'internet. Currently I don't understand how you put 'Evidence' into an assembly so that it can be identified, nor do I understand how this Evidence is exposed during policy evaluation and how to write this programmatically.

I would like to implement for example, a policy which identifies all assemblies that have an assembly attribute of type AssemblyCompany with a value of 'My Company', i.e. [assembly: AssemblyCompany("My Company")]. This is not exactly what I intend to implement but it would help me to understand how the mechanism works.

I knew nothing about code security prior to tackling this product request, and as you can probably deduct, I've been extensively working my way through and found as much information as I can on the topic, but I am now stuck.

Have you implemented your own IMembershipCondition adapter? Do you have any links to a comprehensive guide on how to do this? Can you provide a working example?

Thank you for reading through my (long) post, and please help me! :D

Its called CAS,Code acces security and it forces all untrusted network drives to be treated as untrusted network code.

Local code has fulltrust, network code has partial trust and internet code has no trust. Its a .Net only security model. You're options are to either designate the network drive as a 'trusted' drive by giving it full rights (search for caspol.exe fulltrust network drive) or to copy the .exe to a local drive.

This link should help you out: https://julianscorner.com/wiki/programming/caspol_network_share

Or CasPol.exe -m -pp off -ag 1.2 -url file://///server/share/* FullTrust on the command line.