v3.5 SP1 issue with previous versions

TheMSsForum.com: The Microsoft Software Forum

SP1 now plays with new trust rules when using assemblies across a network
share. By default these assemblies are now granted full trust where in
previous versions the Microsoft .NET Framework 2.0 Configuration utility was
used in order to increase security trust from partial to full on signed
assemblies. The problem with this new change is since .NET 3.x+ versions
are basically service packs of the 2.0 framework anyone with a VS2005
application built against the v2.0 framework can kiss this security goodby
as once the 3.5 SP1 is installed the v2.0 application now operates in full
trust mode across a network share by default even though it wasn't compiled
against the v3.5 framework. I agree that this was a good improvement to
make, but this is also going to create a QA nightmare as applications which
shouldn't require the v3.5 framework will now operate in a different fashion
if it is installed.
Top

Re: v3.5 SP1 issue with previous versions by Alvin

Alvin
Wed Aug 13 18:07:07 CDT 2008

Correcto. I had my issues with this which I raised all the way to the top
brass and them some. As it turns out, you can revert the behavior to
'legacy' mode by tweaking a registry key. But that is not the default
behavior and depending on your environment and you would have to plan
appropriately to implement it across your enterprise. It may require at
least a QA regression as well.

The change was made to 'unify' the behavior across the windows operating
platform with regard to managed v. unmanaged execution. The reason for the
change was customer driven.

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
Download OWC Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $15.00
Need a free copy of VSTS 2008 w/ MSDN Premium?
http://msmvps.com/blogs/alvin/Default.aspx
-------------------------------------------------------


"Techno_Dex" <nospamchurst@osi-corp.com> wrote in message
news:eNXwD5X$IHA.872@TK2MSFTNGP05.phx.gbl...
> SP1 now plays with new trust rules when using assemblies across a network
> share. By default these assemblies are now granted full trust where in
> previous versions the Microsoft .NET Framework 2.0 Configuration utility
> was used in order to increase security trust from partial to full on
> signed assemblies. The problem with this new change is since .NET 3.x+
> versions are basically service packs of the 2.0 framework anyone with a
> VS2005 application built against the v2.0 framework can kiss this security
> goodby as once the 3.5 SP1 is installed the v2.0 application now operates
> in full trust mode across a network share by default even though it wasn't
> compiled against the v3.5 framework. I agree that this was a good
> improvement to make, but this is also going to create a QA nightmare as
> applications which shouldn't require the v3.5 framework will now operate
> in a different fashion if it is installed.
>
Top

Re: v3.5 SP1 issue with previous versions by Techno_Dex

Techno_Dex
Thu Aug 14 08:54:50 CDT 2008

I would be interested to find out more about this if you have more details.
Since v3.0+ uses the .NET Framework 2.0 Configuration utility for security
levels what kind of interactions to this Full Trust change have in the Code
Acces Security Policy section, mainly the Local Intranet zone? I would have
expected the Local Intranet zone to be raised to Full Trust but its not. Is
the Local Intranet zone completely ignored once SP1 is installed? Do you
happen to know what the Registry key is in the event that we need to support
the "legacy" mode? My fear at this point is that a client with a 2.0 app
already installed will have SP1 pushed out via Windows Update and not know
any different until things start behaving differently.

TIA

"Alvin Bruney [ASP.NET MVP]" <vapor dan using hot male spam filter> wrote in
message news:41AD16C7-66E1-4DE6-9365-BAB2F505EFCB@microsoft.com...
> Correcto. I had my issues with this which I raised all the way to the top
> brass and them some. As it turns out, you can revert the behavior to
> 'legacy' mode by tweaking a registry key. But that is not the default
> behavior and depending on your environment and you would have to plan
> appropriately to implement it across your enterprise. It may require at
> least a QA regression as well.
>
> The change was made to 'unify' the behavior across the windows operating
> platform with regard to managed v. unmanaged execution. The reason for the
> change was customer driven.
>
> --
>
> Regards,
> Alvin Bruney [MVP ASP.NET]
>
> [Shameless Author plug]
> Download OWC Black Book, 2nd Edition
> Exclusively on www.lulu.com/owc $15.00
> Need a free copy of VSTS 2008 w/ MSDN Premium?
> http://msmvps.com/blogs/alvin/Default.aspx
> -------------------------------------------------------
>
>
> "Techno_Dex" <nospamchurst@osi-corp.com> wrote in message
> news:eNXwD5X$IHA.872@TK2MSFTNGP05.phx.gbl...
>> SP1 now plays with new trust rules when using assemblies across a network
>> share. By default these assemblies are now granted full trust where in
>> previous versions the Microsoft .NET Framework 2.0 Configuration utility
>> was used in order to increase security trust from partial to full on
>> signed assemblies. The problem with this new change is since .NET 3.x+
>> versions are basically service packs of the 2.0 framework anyone with a
>> VS2005 application built against the v2.0 framework can kiss this
>> security goodby as once the 3.5 SP1 is installed the v2.0 application now
>> operates in full trust mode across a network share by default even though
>> it wasn't compiled against the v3.5 framework. I agree that this was a
>> good improvement to make, but this is also going to create a QA nightmare
>> as applications which shouldn't require the v3.5 framework will now
>> operate in a different fashion if it is installed.
>>


Top

Re: v3.5 SP1 issue with previous versions by Alvin

Alvin
Thu Aug 14 17:11:22 CDT 2008

Read more here:
http://msdn.microsoft.com/en-us/library/cc713717.aspx

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
Download OWC Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $15.00
Need a free copy of VSTS 2008 w/ MSDN Premium?
http://msmvps.com/blogs/alvin/Default.aspx
-------------------------------------------------------


"Techno_Dex" <nospamchurst@osi-corp.com> wrote in message
news:eEf9SVh$IHA.5004@TK2MSFTNGP05.phx.gbl...
> I would be interested to find out more about this if you have more
> details. Since v3.0+ uses the .NET Framework 2.0 Configuration utility for
> security levels what kind of interactions to this Full Trust change have
> in the Code Acces Security Policy section, mainly the Local Intranet zone?
> I would have expected the Local Intranet zone to be raised to Full Trust
> but its not. Is the Local Intranet zone completely ignored once SP1 is
> installed? Do you happen to know what the Registry key is in the event
> that we need to support the "legacy" mode? My fear at this point is that
> a client with a 2.0 app already installed will have SP1 pushed out via
> Windows Update and not know any different until things start behaving
> differently.
>
> TIA
>
> "Alvin Bruney [ASP.NET MVP]" <vapor dan using hot male spam filter> wrote
> in message news:41AD16C7-66E1-4DE6-9365-BAB2F505EFCB@microsoft.com...
>> Correcto. I had my issues with this which I raised all the way to the top
>> brass and them some. As it turns out, you can revert the behavior to
>> 'legacy' mode by tweaking a registry key. But that is not the default
>> behavior and depending on your environment and you would have to plan
>> appropriately to implement it across your enterprise. It may require at
>> least a QA regression as well.
>>
>> The change was made to 'unify' the behavior across the windows operating
>> platform with regard to managed v. unmanaged execution. The reason for
>> the change was customer driven.
>>
>> --
>>
>> Regards,
>> Alvin Bruney [MVP ASP.NET]
>>
>> [Shameless Author plug]
>> Download OWC Black Book, 2nd Edition
>> Exclusively on www.lulu.com/owc $15.00
>> Need a free copy of VSTS 2008 w/ MSDN Premium?
>> http://msmvps.com/blogs/alvin/Default.aspx
>> -------------------------------------------------------
>>
>>
>> "Techno_Dex" <nospamchurst@osi-corp.com> wrote in message
>> news:eNXwD5X$IHA.872@TK2MSFTNGP05.phx.gbl...
>>> SP1 now plays with new trust rules when using assemblies across a
>>> network share. By default these assemblies are now granted full trust
>>> where in previous versions the Microsoft .NET Framework 2.0
>>> Configuration utility was used in order to increase security trust from
>>> partial to full on signed assemblies. The problem with this new change
>>> is since .NET 3.x+ versions are basically service packs of the 2.0
>>> framework anyone with a VS2005 application built against the v2.0
>>> framework can kiss this security goodby as once the 3.5 SP1 is installed
>>> the v2.0 application now operates in full trust mode across a network
>>> share by default even though it wasn't compiled against the v3.5
>>> framework. I agree that this was a good improvement to make, but this
>>> is also going to create a QA nightmare as applications which shouldn't
>>> require the v3.5 framework will now operate in a different fashion if it
>>> is installed.
>>>
>
>
Top