imagine the following environment: an XBAP application running in partial trust mode (default behaviour; requiring Full Trust is not an option – but before you ask, if full trust is given to the XBAP, everything works as expected) is referencing a locally installed assembly, which is located in the GAC. To achieve this, we enable the “AllowPartiallyTrustedCallers” option to the local assembly, and also full trust is granted. (imagine this is some kind of a local connectivity counterpart)

(by the way we are aware of the security aspects of using the AllowPartiallyTrustedCallers attribute, this is out of scope of this post though, just don’t care)

Now, even if our local GAC assembly has full trust (we can check this by calling Assembly.GetExecutingAssembly().IsFullyTrusted at any time), it will fail any demands (implicit or explicit) since it’s called by a partially trusted caller (our XBAP). (correct me if i am misunderstanding something). Fortunatelly, we can do explicit asserts to gain permissions inside our local GAC assembly, for example:

new System.Security.Permissions.FileIOPermission(.....).Assert();

By that, we could prevent a full stack walk on demands right at this point and do any file access as we want. (again, please correct me…)
This actually works perfectly! (in this case)

The problem is, we just don’t do any file IO, in fact we are calling external libraries which should be able to do anything they want (and they might do a lot of stuff, accessing the registry, making web service requests, write files, call unmanaged code – in detail we don’t know, but we can trust them), and prevent the demand stack walk to reach our partially trusted caller. We should be able achieve this, since everything is done from our locally installed and trusted GAC assembly. (again, please don’t care about security aspects here, just assume, that we can trust the client)

Approach to solve this:

• What we thought of first, was asserting a set of permissions (PermissionSet) to nearly any permission before working with the external library. This almost works, but it looks like at some point still a security exception occurs – either, because the external library might start more threads which fail by some reason, or because its accessing the entryassembly – in fact, we don’t know.

• Second, we tried the following ttribute

[System.Security.Permissions.PermissionSet(
  System.Security.Permissions.SecurityAction.Assert, Name = "FullTrust")]

it didn’t work either.

• Third, we thought of opening a new AppDomain, making the fully trusted GAC assembly the AppDomains entry point, and run anything inside this appdomain – any stack walk could never reach the partially trusted caller anymore – in our theory). Unfortunatelly, we’re not able to achive this… Or newly created AppDomain fails even more demands, even if set up to run under “MyComputer” security zones Evidence or unrestricted SecurityPermission. I am not able to explicitly grant full trust to the whole AppDomain.

• Fourth, using caspol is not an option. (due to deployment reasons)

Now, since this should be a lot of information, i hope you understand what we want to archive.

To get this to the point: How can a fully trusted assembly assert a complete full trust to assemblies it calls, stopping all stack walks to reach the partially trusted caller?

many Thanks in Advance