<trustInfo> Element

Article
12/13/2007

Describes the minimum security permissions required for the application to run on the client computer.

<trustInfo>
   <security>
      <applicationRequestMinimum>
         <PermissionSet
            ID
            Unrestricted>
            <IPermission
               class
               version
               Unrestricted
            />
         </PermissionSet>
         <defaultAssemblyRequest
            permissionSetReference
         />
         <assemblyRequest
            name
            permissionSetReference
         />
      </applicationRequestMinimum>
   </security>
</trustInfo>

Elements and Attributes

The trustInfo element is required and is in the asm.v2 namespace. It has no attributes and contains the following elements.

security

Required. This element is a child of the trustInfo element. It contains the applicationRequestMinimum element and has no attributes.

applicationRequestMinimum

Required. This element is a child of the security element and contains the PermissionSet, assemblyRequest, and defaultAssemblyRequest elements. This element has no attributes.

PermissionSet

Required. This element is a child of the applicationRequestMinimum element and contains the IPermission element. This element has the following attributes.

Attribute	Description
`ID`	Required. Identifies the permission set. This attribute can be any value. The ID is referenced in the `defaultAssemblyRequest` and `assemblyRequest` attributes.
`version`	Required. Identifies the version of the permission. Normally this value is 1.

IPermission

Optional. This element is a child of the PermissionSet element. The IPermission element fully identifies a permission class in the .NET Framework. The IPermission element has the following attributes, but can have additional attributes that correspond to properties on the permission class. To find out the syntax for a specific permission, see the examples listed in the Security.config file.

Attribute Description

Attribute	Description
`class`	Required. Identifies the permission class by strong name. For example, the following code identifies the `FileDialogPermission` type. `System.Security.Permissions.FileDialogPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089`
`version`	Required. Identifies the version of the permission. Usually this value is 1.
`Unrestricted`	Required. Identifies whether the application needs an unrestricted grant of this permission. If true, the permission grant is unconditional. If false, or if this attribute is undefined, it is restricted according to the permission-specific attributes defined on the `IPermission` tag. Take the following permissions: `<IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="USERNAME" /> <IPermission class="System.Security.Permissions.FileDialogPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />` In this example, the declaration for EnvironmentPermission restricts the application to reading only the environment variable USERNAME, whereas the declaration for FileDialogPermission gives the application unrestricted use of all FileDialog classes.

class

Required. Identifies the permission class by strong name. For example, the following code identifies the FileDialogPermission type.

System.Security.Permissions.FileDialogPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

version

Required. Identifies the version of the permission. Usually this value is 1.

Unrestricted

Required. Identifies whether the application needs an unrestricted grant of this permission. If true, the permission grant is unconditional. If false, or if this attribute is undefined, it is restricted according to the permission-specific attributes defined on the IPermission tag. Take the following permissions:

<IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="USERNAME" />
<IPermission class="System.Security.Permissions.FileDialogPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />

In this example, the declaration for EnvironmentPermission restricts the application to reading only the environment variable USERNAME, whereas the declaration for FileDialogPermission gives the application unrestricted use of all FileDialog classes.

defaultAssemblyRequest

Optional. Identifies the set of permissions granted to all assemblies. This element is a child of the applicationRequestMinimum element and has the following attributes.

Attribute	Description
`permissionSetReference`	Required. Identifies the ID of the permission set that is the default permission. The permission set is declared in the `PermissionSet` element.

assemblyRequest

Optional. Identifies permissions for a specific assembly. This element is a child of the applicationRequestMinimum **** element and has the following attributes.

Attribute	Description
`name`	Required. Identifies the assembly name.
`permissionSetReference`	Required. Identifies the ID of the permission set that this assembly requires. The permission set is declared in the `PermissionSet` element.

Remarks

If a ClickOnce application asks for more permissions than the client computer will grant by default, the common language runtime's Trust Manager will ask the user if she wants to grant the application this elevated level of trust. If she says no, the application will not run; otherwise, it will run with the requested permissions.

All permissions requested using defaultAssemblyRequest and assemblyRequest will be granted without user prompting if the deployment manifest has a valid Trust License.

For more information about Permission Elevation, see ClickOnce Deployment and Security. For more information about policy deployment, see Trusted Application Deployment Overview.

Examples

The following three code examples illustrate trustInfo elements for the default named security zones—Internet, LocalIntranet, and FullTrust—for use in a ClickOnce deployment's application manifest.

The first example illustrates the trustInfo element for the default permissions available in the Internet security zone.

<trustInfo>
    <security>
      <applicationRequestMinimum>
        <PermissionSet ID="Internet">
          <IPermission class="System.Security.Permissions.FileDialogPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Access="Open" />
          <IPermission class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Allowed="DomainIsolationByUser" UserQuota="10240" />
          <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execution" />
          <IPermission class="System.Security.Permissions.UIPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Window="SafeTopLevelWindows" Clipboard="OwnClipboard" />
          <IPermission class="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Level="SafePrinting" />
        </PermissionSet>
        <defaultAssemblyRequest permissionSetReference="Internet" />
      </applicationRequestMinimum>
    </security>
  </trustInfo>

The second example illustrates the trustInfo element for the default permissions available in the LocalIntranet security zone.

<trustInfo>
    <security>
      <applicationRequestMinimum>
        <PermissionSet ID="LocalIntranet">
          <IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="USERNAME" />
          <IPermission class="System.Security.Permissions.FileDialogPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
          <IPermission class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807" Expiry="9223372036854775807" Permanent="True" />
          <IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="ReflectionEmit" />
          <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Assertion, Execution" />
          <IPermission class="System.Security.Permissions.UIPermission, mscorlib, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
          <IPermission class="System.Net.DnsPermission, System, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
          <IPermission class="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Level="DefaultPrinting" />
          <IPermission class="System.Diagnostics.EventLogPermission, System, Version=1.2.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" />
        </PermissionSet>
        <defaultAssemblyRequest permissionSetReference="LocalIntranet" />
      </applicationRequestMinimum>
    </security>
</trustInfo>

The third example illustrates the trustInfo element for the default permissions available in the FullTrust security zone.

<trustInfo>
  <security>
    <applicationRequestMinimum>
      <PermissionSet ID="FullTrust" Unrestricted="true" />
      <defaultAssemblyRequest permissionSetReference="FullTrust" />
    </applicationRequestMinimum>
  </security>
</trustInfo>

Partager via