How could I be so dumb?

I showed a security example at VSLive this week that simply didn't work. It was pretty straightforward: I put a LinkDemand in a component assembly that looked for a key signature in the caller. It's always worked before, so I didn't think to test it ahead of time. Dumb.

So...on stage, I run it and it does not generate the expected security violation. Oops. I re-compile the solution (with three projects), but it blows off at runtime but not with the expected security violation. Hmm. OK, turns out to be VS's propensity for nuking the files in the build directory, easily fixed.

But it still doesn't generate the security exception! Must be a change in the RTM bits for 1.1 (which I'm running). Visions of a huge security bug dancing in my head, I head to bed. And...bolt awake in the middle of the night wondering if I'm somehow turned security off?

Yes! Somewhere along the line I ran something (a test batch file, or from the command line) and turned security off (using "caspol -s off"). I forget when I did this, probably just checking to see if something was truly a security-related issue. But I never re-enabled security. And there is no option to caspol to see if security is enabled. Clearly, turning security off survives a reboot, a re-installation of VS.NET, and even an OS upgrade. Ouch!

1 Comment

Comments have been disabled for this content.