I’ve started experimenting with Code Access Security at home. This derives from my desire to better understand .NET security and my recent fascination with ClickOnce applications.
This weekend I learned a hard lesson in security. I have a couple of ClickOnce apps. ClickOnce Visual Studio integration has a great feature that will root around in your code and attempt to determine the minimal permission set needed to run your application.
I started playing with this on one of my relatively simple applications. It contains several forms and opens up a couple of WebRequest objects but nothing terribly special. However the analysis said that my app needed to run with Full Trust (highest level). Unfortunately the app did not provide any more information besides that.
It took an hour of rooting around but in the end I discovered the culprit was the PropertyGrid instance on my form. It turns out that the PropertyGrid requires “Full Trust” to be used even though it’s not noted in the documentation.