Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am developing app in Visual studio 2010, my app is constantly connected to the internet. Should I activate This is a full trust application in Security tab?
If yes what does it exactly means? I was reading msdn docs but I can’t understand it. I need something in short lines of when to use this feature.
Don’t worry, it doesn’t influence the security of your internet connection, but it influences how the .NET framework treats your application. So – yes you can activate it without danger, but if possible you should declare in your code which level of access your application needs to refine security. To explain the details:
Full trust means that your application needs all rights that the .NET framework provides. As a developer, you declare which trust level your application needs in order to be able to run, this is known as "code access security".
Code access security means that you’re telling the compiler via attributes which kind of operation your code needs in order to succeed.
The .NET framework in turn estimates how much trust the application should be granted:
For example, if you deploy your application to a remote computer, which is accessible via a network share outside of your intranet*), then the .NET Framework gives it less than "Full trust". This is known as an "evidence based" security model, which is implemented through so-called managed code.
Managed code means that your .NET application is compiled into MSIL (Microsoft’s Intermediate Language) by the "Roslyn"-Compiler and then "just in time" (i.e. just when you execute it, unless you choose to create native code explicitly via NGEN before execution) into CPU-specific machine language by the "RyuJIT"-Compiler. This allows to establish an additional abstraction layer, which in turn enables the .NET Framework to control what your code does and to allow it or – if not – to throw an security exception.
All the code you write for the .NET framework in one of the languages C# or VB.NET is per default managed code. However, there are (very rare) situations where you want to embed unmanaged code – also known as "unsafe code" (in .NET terminology) as well. One way is to create an "unsafe" section in your code (which I only mention here for completeness – i.e. in case you might have come accross with it in source code).
As I mentioned before, you specify what the code does via attributes, but you can also change the rules that apply on your local computer to change this behaviour through the .NET security settings.
Usually it is a good idea to specify as precisely as possible which rights your application needs, and to be as restrictive as possible.
If you’re interested, you can find more here:
Exploring the .NET Framework Security Model
*) Thank you for your hint, Damien! Indeed, earlier versions of the framework gave resources on the network (network shares) less trust, with .NET 4 desktop and local intranet connections have full trust.