.NET Code Access Security == No ADO.NET for you

Working on creating my first smart client.

Now, .NET has some nice no-touch smart client deployment infrastructure built right in. Simple drop the .exe onto a network share or a IIS virtual directory, and presto!. Fat client deployments for all.

I knew that there would be some security implications in going with this route, such as file access, reflection, etc… I was fine with these, since this would be a simple app.

But, lo and behold, in the default .NET security configuration, ADO.NET access is denied by default in both the Internet & Intranet zones. Internet zone makes sense, but Intranet? Aren’t most remotely accessed applications some for of data entry.

This boggled me, but have no fear, everything is configurable. We simply add a new Code Group that gives Full Trust permissions to anything strongly named with our key.

Sounds good?

One small catch is that this must be done on a per COMPUTER basis. That means, before a computer can run the application, it has to have these security settings configured for it. Big pain in the ass.

Now, onto figuring out some way to remotely run caspol.exe on several hundred workstations. Me thinks pexec.exe will come into play.