Fervent Coder

Coding Towards Utopia...by Rob Reynolds
posts - 278 , comments - 431 , trackbacks - 0

My Links


Rob Reynolds

Subscribe to Fervent Coder RSS
Subscribe to Fervent Coder by Email

About Me

I manage several open source projects. Need...
   ...package management for Windows?
   ...automated builds?
   ...database change management (migrations)?
   ...your application to check email?
   ...a monitoring utility?

I also write for

Like what you are reading? Want to buy me a cup of coffee?
PayPal - The safer, easier way to pay online!


Post Categories


.NET Framework 3.5 SP1: No More Need for CasPol on Network Shares


In the past, one could not run managed code from network shares due to security reasons. That feature was introduced in .NET from the beginning to prevent security attacks coming from network locations. The feature did not resolve the respective security threats because unmanaged code always was allowed to run in such a circumstance.

A pool organized by Brad Adams, Program Manager at Microsoft, shows that many people would like to have the possibility to run managed code from network shares. Microsoft responded to the general request enabling the feature in .NET 3.5 SP1.

Dru pointed this out to me and some others today.  I am not sure where I stand on this one yet (because I am compulsive about security).  To look at why they did it makes sense (from a consistency standpoint).  If you are running something from a network share you are inside your network.  Usually if you are running something on the network, it is because you want to run it. And if you can get to it, you can give yourself permissions to do it (provided you have the right privileges).

What happens when you don’t want to allow other people in your network the ability to run something (and you basically have not given them the privileges to run CasPol)? Hmmmm...

I guess that is where the application has its security and security checks (which is a good practice and what you would have to do with unmanaged code).

I am kind of on the fence with the change because I am used to CasPol and limiting and controlling permissions.

What are your thoughts?

Print | posted on Tuesday, August 19, 2008 10:22 PM | Filed Under [ Code ]



# re: .NET Framework 3.5 SP1: No More Need for CasPol on Network Shares

Only thought is "How can I go ahead and enable trust for shares?". All my dev data lives on network shares (highly redundant boxes with automated backup). I do all my dev work from whatever workstation I happen to be sitting at. The share is trusted by me, and I figured out caspol to get .Net 2.0 to trust it, but 3.5 won't!
4/3/2009 3:18 PM | Brian Knoblauch

# re: .NET Framework 3.5 SP1: No More Need for CasPol on Network Shares

@Brian: This is before 3.5 SP1 right? I haven't had any experience with it. 3.5 SP1 should trust all network shares by default.
4/3/2009 7:53 PM | Robz

# re: .NET Framework 3.5 SP1: No More Need for CasPol on Network Shares

This is on 3.5SP1 that it doesn't trust my network share. Is there some switch somewhere I need to flip?

I had the same problem with 1.1 and 2.0, but was able to solve it with caspol. 3.5SP1 doesn't work and I'm not sure why not.

4/6/2009 11:49 AM | Brian Knoblauch
Comments have been closed on this topic.

Powered by: