while (levels.MoveNext())
{
PolicyLevel level = (PolicyLevel)levels.Current;
// We position ourselves on the Top Level CodeGroup for each Policy Level we enumerate through
CodeGroup group = level.RootCodeGroup;
// Look for the Machine Level Policy
if (level.Label.ToString( ) == "Machine")
{
// Now Look for the All_Code/All code CodeGroup - this is the default Toplevel code Group in .NET at each Policy level
if (group.MembershipCondition.ToString( ) == "All code")
{
for(int i=0;i<group.Children.Count;i++)
{
CodeGroup subgroup = group.Children[i] as CodeGroup;
if(subgroup.Name=="***")
return;
}
// Now we add a Child CodeGroup which gives our code the "Full Trust" Permission Set
System.Security.PermissionSet permSetFulltrust =
level.GetNamedPermissionSet("FullTrust");
// Define a membership condition which deals with code that is downloaded from the Internet - the URL Condition
// Note we are not actually going to add our codeGroup to the "Internet Zone" level but as a new Child CodeGroup
// to which we can add a FullTrust permission set --> this should hopefully prevent any problems if an administrator
// blocks all permissions for assemblies from the Internet Zone.
System.Security.Policy.UrlMembershipCondition objUrlMembershipCondition
= new UrlMembershipCondition("http://www.***.com");
// Now add the Child CodeGroup - this is exactly what the caspol tool does for us
// e.g //caspol -ag 1. -url http://localhost/* FullTrust -name TestCodeGroup
UnionCodeGroup ucg = new
System.Security.Policy.UnionCodeGroup(objUrlMembershipCondition,new
System.Security.Policy.PolicyStatement (permSetFulltrust));
ucg.Name ="****";
group.AddChild(ucg);
// and finally get .Net to save the policy for us
System.Security.SecurityManager.SavePolicy( );