We deploy our .NET applications by placing them on a LAN and allowing users to run from there. We are part of a very large organization and do not have administrator rights for individual computers, servers or domain. We don’t even have administrator rights for our development machines.
When a user starts the Dot-Net application from a network share, it crashes due to a security exception. We used to use CASPOL (user level) to trust the file server, but this is a headache. We developed special code to copy the assembly to a local disk before execution, effectively bypassing the trust issue. None of the solutions are a good answer. I understand that Dot Net 3.5 will fix the problem.
When we touched on a topic in our IT section, they gave us blank looks when we asked about trust settings on a machine or server.
A Microsoft site says
If you are a code developer or publisher, you can also digitally sign it and then modify the security policy to provide additional permissions for the code with this signature.
One of our IT professionals asks me what we need regarding a cryptographic key. I want to make sure my assumptions are correct before answering.
- Assumption 1 . The key created by the SN.EXE tool can be somehow trusted either in the domain or at the enterprise level.
- Assumption 2 : after such a key is trusted, and we sign it with it, the assemblies will be trusted to disable the network resource.
- The alleged three . A “power of attorney” is an action of a part of the domain / enterprise administrators and will be global for the domain / enterprise. I guess they will add it to the enterprise / domain key store using some active directory magic.
Are my assumptions correct, or am I wrong? Last question, can the same key be used to sign vba macros?
Andrew Neely
source share