Grant FullTrust to network share and the assemblies in the subdirectories

Hello dear community,

we developed a Windows-Forms application (lets call it "winClient") in .net 3.5.

The application and configuration

The winClient.exe-file is located in a network share (y:/temp/winClient) for the distribution in the intranet.

The winClient.exe.config-file also includes assemblies in the subdirectory bin:

<runtime><assemblyBindingxmlns="urn:schemas-microsoft-com:asm.v1"><probingprivatePath="bin;"/></assemblyBinding></runtime>

In the bin-directory there is a dll called "Utils.Webservice.DLL". It provides a little rest-ws-api. So the webservices will be called from the code in this dll.

With caspol we grant FullTrust to the application:

@%windir%\Microsoft.NET\Framework\v2.0.50727\caspol -m -ag LocalIntranet_Zone-url  %CD%\* FullTrust-n "WinClient"-d  "WinClient"

The problem

But this (using caspol like described) doesn't include the assemblies in the subdirectory. So we aren't allowed to create a webrequest in the Utils.Webservice.DLL

WebRequest.Create(uri);

This leads to a security-exception:

System.Exception:UnerwarteterFehler beim Verwenden der URL 'http://{server}:8080/'. WS-Typ:'JbossConfigRestWs'--->System.Security.SecurityException:Fehler bei der Anforderung des Berechtigungstyps"System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089".
   bei System.Security.CodeAccessSecurityEngine.Check(Object demand,StackCrawlMark& stackMark,Boolean isPermSet)
   bei System.Security.CodeAccessPermission.Demand()
   bei System.Net.HttpWebRequest..ctor(Uri uri,ServicePoint servicePoint)
   bei System.Net.HttpRequestCreator.Create(UriUri)
   bei System.Net.WebRequest.Create(Uri requestUri,Boolean useUriBase)
   bei System.Net.WebRequest.Create(String requestUriString)
   bei Utils.Webservice.Rest.AbstractRestWsClient.CreateWebRequest(...DieAktion, bei der ein Fehler aufgetreten ist:DemandDerTyp der ersten Berechtigung, bei der ein Fehler aufgetreten ist:System.Net.WebPermissionDie erste Berechtigung, bei der ein Fehler aufgetreten ist:<IPermissionclass="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"><ConnectAccess><URI uri="http://{server}:8080/portal-rest/config/jboss/"/></ConnectAccess></IPermission>Folgendes wurde angefordert:<IPermissionclass="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"><ConnectAccess><URI uri="http://{server}:8080/portal-rest/config/jboss/"/></ConnectAccess></IPermission>Gewährter Berechtigungssatz der fehlgeschlagenen Assembly war:<PermissionSetclass="System.Security.PermissionSet"
version="1"><IPermissionclass="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"Read="USERNAME"/><IPermissionclass="System....
...
...<IPermissionclass="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
version="1"Level="DefaultPrinting"/></PermissionSet>

This hole thing works for XP-clients but not with win8-clients.

The current workaround

When we move the Utils.Webservice.DLL from bin to the root-directory "y:\temp\winClient" next to the exe-file then no exception is thrown and all works fine. (https://msdn.microsoft.com/en-us/library/cc713717(v=vs.90).aspx)

But this isn't a solution for us because we have dozen of assemblies in multiple subdirectories.

The question

Is there a way to grant FullTrust to all of this subdirectories? Maybe a configuration change or some other options in caspol?

I didn't find anything useful that worked.

So can you please help us?

Thanks