Do Not Depend on Strong Name Identity Permissions in Full Trust Scenarios

From: http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGGuidelines0003.asp?frame=true#pagguidelines0003_strongnames

If you protect your code with a link demand for a StrongNameIdentityPermission to restrict the code that can call your code, be aware that this only works for partial trust callers. The link demand will always succeed for full trust callers, regardless of the strong name of the calling code.

In .NET Framework 2.0, any fully trusted assembly will satisfy any demand, including a link demand for an identity permission that the assembly does not satisfy. In .NET Framework 1.0, this did not happen automatically. However, a fully trusted assembly could simply call Assembly.Load, supplying as evidence the strong name it wants to satisfy, or, alternatively, it could turn code access security off like this:

CODE SecurityManager.SecurityEnabled = false;

or like this:

COMMAND PROMPT   caspol –security off

The only protection against fully trusted code is to put it in a separate process and run that process with a restricted token so that its limits are enforced by the operating system. This applies whether code marks its interfaces as internal or private, or places link demands for StrongNameIdentityPermission on them.

The following code sample shows a method decorated with a link demand for a specific StrongNameIdentityPermission.

public sealed class Utility
{
// Although SomeOperation() is a public method, the following 
// permission demand means that it can only be called by partial trust 
// assemblies with the specified public key OR by any fully trusted code. 
[StrongNameIdentityPermission(SecurityAction.LinkDemand, 
PublicKey="00240000048...97e85d098615")]
public static void SomeOperation() {}
}