WCF and .NET Code Access Security
From my recent investigations and some talk with folks from the Indigo/WCF team it seems that WCF currently only supports full trust CAS scenarios.
This means that you
- a) cannot use WCF in standard Smart Client/No-Touch Deployment/ClickOnce applications and
- b) cannot use WCF services (like .svc implementations) in a partially trusted ASP.NET web site as found in every serious hosting space.
Not sure whether this all will change for v1 RTM.