Curious to know why my 2.0 .net application is being allowed to execute when I have restricted the permissions assigned to the assembly.

I’ve created a new Code Group at the Enterprise level which will match for any assembly with a particular digital signature. The code group has been set so that only permissions from the associated permission set will be used and also that lower policy levels will not be evaluated.

Running the .Net 2.0 PermCalc states that my application needs the following permissions:

• UnmanagedCode,
• Environment
• FileIO
• Registry
• Reflection

I’ve assigned to my custom code group the permission for unmanaged code but nothing else.

The first method in my application demands all of the above permissions upfront so I can display a sensible message to the user before exiting.

Running the .NET 2.0 Configuation “Evaluate Assembly” tool on my assembly indeed shows that my application will only be given the UnmanagedCode permission.

However when I execute my application is runs and completes, quite obviously doing various FileIO and Registry operations.

My app is signed with the digital signature that should match the restricted code group.

Can anyone explain why this works.

Note: My ultimate aim is to make sure that my application does not crash horribly if executed from a network share. I would have liked to check the assembly evidence zone is My_Computer but I can no longer do that with .NET 3.5 SP1. See FullTrust On the LocalIntranet

Thanks in advance for any help/suggestions.