2

Is there a tool that lets me validate effective code access security rather than just the list specifications like caspol does? A review tool, if you like.

We have a problem where a 3rd party application fails to load .NET assemblies on a network drive. In order to have the drive available on service level, the drive is mapped using LGP, alternatively using symlink (and before anyone points that out; no we can't use unc paths :-)) to make the drive available machine wide. If we map the drive in this convoluted fashion the application fails with a missing trust. If we map the drive in a normal fashion in the current user context, the assemblies load just fine. With either mapping method, the trusted paths are exactly the same. But the result of the check is obviously not. Therefor I am looking for a tool that can validate trusts. I am absolutely convinced that such a tool must exist but I simply cannot seem to find one.

thniels
  • 45
  • 1
  • 5
  • 1
    You already know it, caspol.exe, /resolvegroup and /resolveperm options. It is of course going to tell you what you already know, the assembly won't have full trust. Fix it with, you know it, caspol.exe – Hans Passant Dec 10 '15 at 14:35
  • Okay, it is *now* you have my permission to paint me purple and call me Shirley. I have completely missed that option. Considering how much I have looked, this is fairly embarrassing. Well, the long and short of it is, that it does and did the trick. Now I need to figure out why symbolic links cause a difference in behaviour. Thank you! – thniels Dec 11 '15 at 10:29

1 Answers1

0

Commenter Hans Passant hits the nail on the head. CASPOL /ResolveGroup and /ResolvePerm do indeed give me the information needed. The underlying problem remains to be solved but that was outside the scope of this question.

thniels
  • 45
  • 1
  • 5