.NET 4.0: Executing network assemblies

Question

Today, we upgraded our application to .NET framework 4.0. As it calls an assembly residing on a network share, for the previous version we needed the following command:

 caspol.exe -m -chggroup 1.3 -zone "Intranet" FullTrust

For .NET 4, we read about the "NetFx40_LegacySecurityPolicy" and included it with out App.config file.

<runtime>
    <NetFx40_LegacySecurityPolicy enabled="true"/>
    <loadFromRemoteSources enabled="true"/>
</runtime>

Unfortunately, this does not work: As soon as our application starts up, we get an exception stating that we cannot access environment variables (System.Security.Permissions.EnvironmentPermission missing).

We played with CasPol.exe, but were unable to figure out what we have to do in order to allow our application to access the environment variables. Removing the Environment.GetEnvironmentVariable calls still does not solve the problem - it seems a lot of other operations won't work, too.

Removing the NetFx40_LegacySecurityPolicy switch (or setting it to false) allows us to read the environment again, but (of course) prevents the execution of the assembly on the network share.

Here is our complete App.config file:

<?xml version="1.0"?>
<configuration>
    <configSections>
        <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
            <section name="Launcher.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false"/>
        </sectionGroup>
    </configSections>
    <applicationSettings>
        <Launcher.Properties.Settings>
            <setting name="Executable" serializeAs="String">
                <value>\\office\client\client-8919\Client.exe</value>
            </setting>
        </Launcher.Properties.Settings>
    </applicationSettings>
    <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
    </startup>
    <runtime>
        <NetFx40_LegacySecurityPolicy enabled="true"/>
        <loadFromRemoteSources enabled="true"/>
    </runtime>
</configuration>

EDIT:

This is the code we use for launching the assembly residing on the network share:

    public void ExecuteFile(string version, string[] args)
    {
        try
        {
            String appPath = GetExecutablePath();
            if (!Directory.Exists(appPath))
                throw new Exception("cache does not contain expected executable directory: " + appPath);

            String executable = appPath + "\\Client.exe";
            if (!File.Exists(executable))
                throw new Exception("cache does not contain expected executable: " + executable);

            if (Program.DEBUG_MODE)
                MessageBox.Show("App Path: " + appPath + "\r\nExecutable: " + executable);

            AppDomainSetup domainInfo = new AppDomainSetup();
            domainInfo.ApplicationBase = appPath;
            AppDomain subDomain = AppDomain.CreateDomain("Name", AppDomain.CurrentDomain.Evidence, domainInfo);

            subDomain.ExecuteAssembly(executable, subDomain.Evidence, args);
        }
        catch (Exception e)
        {
            MessageBox.Show("Fehler beim Ausführen der Version im lokalen Cache!\r\n" + e.Message);
        }
    }

Answer 1

Not exactly a "good" answer, sorry. But we had success with passing null as evidence to the CreateDomain call and using the ExecuteAssembly overload that doesn't require an evidence parameter. Given the values for evidence you pass, the result should be the same.