S h o r t S t o r i e s

// Tales from software development

.NET 3.5 SP1: Full Trust for .NET executables on network shares

leave a comment »

In the early days of .NET it was possible to create a .NET executable, copy it to a network share, and anyone with access to the share could run the executable directly from the share without any security issues. 

It was a very practical solution for applications used within corporate LANs but Microsoft identified a security risk and tightened things up. Network shares were categorized as belonging to the Intranet Zone within the standard .NET security implementation. This meant that you could not run a .NET executable from a network share without altering the local machine’s security configuration to allow this.

Things took a bizarre turn with a bug introduced with Internet Explorer 6 or 7 (I can’t remember which) that incorrectly categorized a network share as belonging to the Internet Zone rather than the Intranet Zone. No matter how much the Intranet Zone security settings were tweaked to allow code execution, the application on the network share would fail with a security exception. One of the possible solutions was to add the network share to the Trusted Sites list in Internet Explorer. This forced the re-categorization of the network share from the Internet Zone to the Intranet Zone. No, I’m not making this up!

Even without that particular bug, changing the security configuration for every machine that you wanted to run the executable on was a nuisance and cancelled out the convenience of using a network share this way.

But, with .NET 3.5 SP1, this issue has come full circle – Microsoft has moved network shares into the default Full Trust security group. So, once again, .NET executables will run directly from a Network share without any changes to the local machine’s default security configuration.

Thanks Microsoft, good call.

Advertisements

Written by Sea Monkey

May 20, 2009 at 8:00 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: