Why does my .net application require full trust?

Question

I've developed a .net 3.0 application, which is deployed using clickonce.

I'd like to move from full trust to partial trust to ease deployment.

I've tried the "Calculate Permissions" tool in the "Security" tab of my project under visual studio, and the answer is quite clear :

---------------------------
Microsoft Visual Studio
---------------------------
This application requires full trust to run correctly.

However, I've not been able to figure out why full trust is required. I've tried to change the security settings to "partial trust", but the application raises a SecurityException immediately upon launch :

System.Security.SecurityException   {"Request failed.", Action= "System.Security.Permissions.SecurityAction.LinkDemand"
   at MyNameSpace.Program.Main(String[] args)
   at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)
   at System.AppDomain.nExecuteAssembly(Assembly assembly, String[] args)
   at System.Runtime.Hosting.ManifestRunner.Run(Boolean checkAptModel)
   at System.Runtime.Hosting.ManifestRunner.ExecuteAsAssembly()
   at System.Runtime.Hosting.ApplicationActivator.CreateInstance(ActivationContext activationContext, String[] activationCustomData)
   at System.Runtime.Hosting.ApplicationActivator.CreateInstance(ActivationContext activationContext)
   at System.Activator.CreateInstance(ActivationContext activationContext)
   at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssemblyDebugInZone()
   at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
   at System.Threading.ExecutionContext.runTryCode(Object userData)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()

My software probably doesn't need full trust (I only connect to a webserver using https, and access the filesystem only upon user request, for importation/exportation purposes)

How can I figure out why my application requires full trust?

Answer 1

It seems my problem is caused by the fact that my assembly is strongly signed.

Quoted from msdn

In strong-named assemblies, a LinkDemand is applied to all publicly accessible methods, properties, and events therein to restrict their use to fully trusted callers. To disable this feature, you must apply the AllowPartiallyTrustedCallersAttributeattribute.

I'm adding the needed attribute to my assembly, and I'll let you know how things turn out :

[assembly:AllowPartiallyTrustedCallers]

Update : I've added the attribute to my assemblies, but I'm also using some .net assemblies.

Not all .net assemblies can be used by partially trusted assemblies (here's a list), namely, WCF assemblies (ie System.ServiceModel) is not on the list

However, Microsoft states that it's possible to use WCF in a partial trust environment (see here)

I've tried to remove all the unneeded assemblies from my references, I've used the AllowPartiallyTrustedCallers in all my assemblies, and I'm still stucked...