Sidebar 5: Real and virtual Security Restrictions
Background: Using the permit only option on permissions may not have the desired effect when using it to simulate reduced rights running for example a local WinForms application.
Description:
A WinForms application could permit only the rights from the Internet zone before the real form starts up. The form and all controls therein will start as if the whole stuff has been loaded from the Internet - the form will even report that it's started with reduced rights in a ballon tip. But since all code is still fully trusted any .NET code can assert any right it needs and access the related resource. So this easy method do reduce rights for testing can only be used if the code under test will never assert any permission - since this holds true for any .NET assembly referenced including the run-time assemblies permit only is not the way to make sure if some code will run in the Internet zone correctly.