CAS follow up question

[bri189a]

So at the assembly level to notify callers immediately if you need to have access to certain permission sets you have three flags you can use: RequestMinimum, RequestOptional, and RequestRefuse.

 

So say your assembly is a signed assembly in the GAC (or maybe it's just strongly named) with AllowedPartiallTrustedCallers. Part of what your assembly does internally requires reflection. If you put [[assembly: ReflectionPermission(SecurityAction.RequestMinimum, Unrestricted=true)] in your assembly, this means calling assemblies will have to have that permission right?

 

So what if from the sys-admin view, you give this GAC'd assembly full-trust, but you give this unassigned assembly Execute permission set; well when loading the assembly (the private untrusted assembly) you're going to get an error because of the assembly level reflection permission attribute on it's referenced assembly to the GAC'd item (heck even if it wasn't GAC'd and just signed you'd have this) - which isn't valid because the calling assembly (the private untrusted assembly) doesn't need reflection permission, just the GAC'd assembly does. So how would you do the equivelant of SecurityAction.Assert for the ReflectionPermission attribute at the assembly level to accomplish this? Or is this just not possible and callers will just have to find out at run-time 20 minutes into a workflow where they call a method that is using reflection to find this out?

 

Hope what I'm asking is making sense.