The first item on this week’s security tips is about a new feature in .NET 4 called conditional APTCA. If you read my previous tip on the AllowPartiallyTrustedCallersAttribute (APTCA), you’ll know that you can decorate assemblies with this attribute in order to allow calls into that assembly’s public API from partial trust.

.NET 4 advances the capabilities of APTCA to reflect the decision to give control of permissions to hosts instead of machine-wide policy. Assemblies can now specify whether they allow partially trusted callers based on whether the host allows it. ASP.NET is a good example of why this feature is useful. In .NET 4, System.Web.dll is marked conditionally APTCA, because it accepts calls from partially trusted code only if the host is ASP.NET itself. If the host is a ClickOnce application or Internet Explorer in the case of a control hosted by the browser, then partially trusted code cannot call into the System.Web assembly.

This doesn’t mean that an assembly can choose which hosts can allow partially trusted code to call it, only that the host must explicitly give access for partially trusted code to call that assembly. This means that as an application developer, I can create my own host that allows code from partial trust to call System.Web.dll. We’ll cover this in tomorrow’s tip.

In order to mark your assembly conditionally APTCA, set the attribute’s PartialTrustVisibilityLevel property to PartialTrustVisibilityLevel.NotVisibleByDefault.

Next time we’ll talk about how to setup `a host to enable partially trusted code to call conditional APTCA assemblies.