Guy kolbis

Recently I visited Toronto for Beta release of software I designed. As always with Beta versions, we encountered several problems. The One I want to share with you is related to the CAS and Sandboxed applications.
We had an executable located in a shared location on the intranet. An application tried executing it from the local computer....and BOWWWW. We got permission exception flying everywhere.
So, after reviewing it for a while and googling it, here is what I came up with.
I had to use the caspol to grant the executable permissions on the client computer.
The problem was that I did not want any user to have to deal with setting up CAS policy properly to get the executable to run.
Here is what i found about it (http://blogs.msdn.com/shawnfa/archive/2006/07/13/664789.aspx):

"Every once in a while someone will ask how they can do something similar to these caspol commands from within their application. Generally, they want their application to be deployed from the Internet or a file share and don’t want users to have to deal with setting up CAS policy properly to get the application to run.
The answer of course is that you can’t do this … if an application were allowed to add code groups to policy without user interaction in order to elevate their privileges then every malicious application out there would go ahead and grant themselves full access to everybody’s machine; effectively rendering CAS useless as a protection mechanism.
Instead, you’ll need to have the end user make a trust decision for you. In v1.x this was difficult, you generally had to deploy a policy MSI for the user to run or give them a set of caspol commands. With v2.0 of the CLR, we’ve made things a lot easier via ClickOnce applications. You can use ClickOnce to request any permission that your application needs to run effectively – if these permissions would elevate the application above what it would normally get, and then the user is prompted to make a trust decision.
This way your app can elevate to whatever permission level it needs, and you don’t have to worry about pushing out confusing CAS policy changes to everyone who wants to run it."