How to: Make APTCA Assemblies Inaccessible to Partially Trusted Code
The AllowPartiallyTrustedCallersAttribute (APTCA) attribute enables partially trusted code to access fully trusted code in signed assemblies. When the APTCA attribute is applied to an assembly, it marks that assembly as allowing partially trusted callers for the life of the assembly. This can present a security vulnerability if an assembly, after it has been installed, exposes protected resources to partially trusted code. To correct this problem, you can set a registry value to indicate that the APTCA attribute on that assembly should be ignored.
Important |
---|
The ability to remove partial trust from an assembly depends on a registry key, as described in the following procedure. If an application is executing under an account that does not have access control list (ACL) permission to access that registry key, the setting is ineffective and will enable partially trusted callers to access the assembly. This causes an unintended elevation of privilege. You must ensure that ACL rights are configured for this key so that it can be read for all assemblies. |
To remove partial trust from an assembly
Create a key under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA key in the system registry. Use a key name that contains the strong name information for the assembly. This name should include the simple name, the version number, the culture (which can be neutral), the public key token, and the file version of the assembly. For example, the following is a valid key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA\Microsoft.Office.Interop.Visio, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c, FileVersion=11.0.3216.0.
Create a DWORD value with a name of APTCA_FLAG and a value of 1 to remove partial trust visibility from that assembly.