Running "partially trusted" .NET assemblies from a network share

Question

When I try to run a .NET assembly (boo.exe) from a network share (mapped to a drive), it fails since it's only partially trusted:

Unhandled Exception: System.Security.SecurityException: That assembly does not allow partially trusted callers.
   at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
   at BooCommandLine..ctor()
   at Program..ctor()
   at ProgramModule.Main(String[] argv)
The action that failed was:
LinkDemand
The assembly or AppDomain that failed was:
boo, Version=0.0.0.0, Culture=neutral, PublicKeyToken=32c39770e9a21a67
The Zone of the assembly that failed was:
Intranet
The Url of the assembly that failed was:
file:///H:/boo-svn/bin/boo.exe

With instructions from a blog post, I added a policy to the .NET Configuration fully trusting all assemblies with file:///H:/* as their URL. I verified this by entering the URL file:///H:/boo-svn/bin/boo.exe into the Evaluate Assembly tool in the .NET Configuration and noting that boo.exe had the Unrestricted permission (which it didn't have before the policy).

Even with the permission, boo.exe does not run. I still get the same error message.

What can I do to debug this problem? Is there another way to run "partially trusted" assemblies from network shares without having to change something for every assembly I want to run?

Answer 1

With .NET 3.5 SP1, .NET assemblies running from UNC shares have full permissions.

See Brad Abrams's Allow .exes to be run off a network shares for workaround and discussions, and finally the follow up .NET 3.5 SP1 allows managed code to be launched from a network share.