We deploy our .NET applications by putting them on the LAN, and allowing users to run from there. We are part of a very large organization and do not have have admin rights to the individual computers, the servers, nor the domain. We don't even have admin rights to our development machines.
When a user runs application a Dot-Net application from a network share, it fails due to a security exception. In the past, we've used CASPOL (user level) to trust the file server, but this is a headache. We've developed custom code to copy the assembly to the local drive before execution, effectively bypassing trust issue. Neither solution is a good answer. I understand that Dot Net 3.5 will eliminate the issue.
When we broached the topic with our IT section, they gave us blank stares when we asked about setting trust on a machine or server basis.
A Microsoft site says
If you are the code's developer or publisher, you may also digitally sign it and then modify security policy to grant more permissions to code bearing that signature.
One of our IT people is asking me about what we need in regards to the cryptographic key. I want to make sure my assumptions are correct before responding.
Are my assumptions correct, or am I way off base? One last question, could this same key be used to sign vba macros?
I've also had this problem in the past, however we solved it not by signing the assemblies, but by granting the caspol premission set "LocalIntranet" full trust (done with caspol or the .net 2.0 sdk) and adding our file servers to the local intranet sites in windows.
This way you dont have to caspol every folder that you want to run code out of, and you dont have to sign all assemblies and deal with sending keys around to IT
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With