We have a problem since converting our products to .NET 4.0 and using the updated code access security model. Basically we have component libraries that may or may not be installed to the GAC on a machine.
If someone makes an XBAP with default partial trust settings that uses these libraries and an end user installs the XBAP (which deploys the libraries during its install), it works fine if our libraries weren't already in the GAC.
If they were in the GAC, the XBAP will fail at run-time with security exceptions. I believe the problem is due to this: http://msdn.microsoft.com/en-us/library/aa970906.aspx
When managed assemblies are installed into the global assembly cache (GAC), they become fully trusted because the user must provide explicit permission to install them. Because they are fully trusted, only fully trusted managed client applications can use them.
It seems that since they get pulled from the GAC, their security is elevated more even though they are the exact same .dlls deployed with the XBAP. But in that case, everything breaks.
Is there any way to work around this issue short of adding the AllowPartiallyTrustedCallersAttribute to all the libraries?
Or is there a way to prevent an XBAP from looking in the GAC for an assembly and just using the exact copy of the reference it is deployed with?
Thanks in advance for any assistance.
