Altered some permission demands in 0.1 and trunk branches.

git-svn-id: https://dotnetopenid.googlecode.com/svn/branches/0.1@258 01efa1a6-402a-0410-b0ae-47b76eba00f0
DotNetOpenAuth · Mar 1, 2008 · 5564c63 · 5564c63
1 parent 2647cc4
commit 5564c63
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/source/Janrain.OpenId/Properties/AssemblyInfo.cs b/source/Janrain.OpenId/Properties/AssemblyInfo.cs
@@ -44,15 +44,18 @@
 
 // We need to be allowed to execute code.  Besides, it gives a good baseline RequestMinimum permission.
 [assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution = true)]
-// Allows the consumer to call out to the web server
-[assembly: WebPermission(SecurityAction.RequestMinimum, ConnectPattern=".*")]
+// Allows the consumer to call out to the web server.  This is unnecessary in provider-only scenarios.
+// Note: we don't use a single demand for https?://.* because the regex pattern must exactly
+// match the one used by hosting providers.  Listing them individually seems to be more common.
+[assembly: WebPermission(SecurityAction.RequestMinimum, ConnectPattern = @"http://.*")]
+[assembly: WebPermission(SecurityAction.RequestMinimum, ConnectPattern = @"https://.*")]
 // Allows hosting this assembly in an ASP.NET setting.  Not all applications
 // will host this using ASP.NET, so this is optional.  Besides, we need at least
 // one optional permission to activate CAS permission shrinking.
 [assembly: AspNetHostingPermission(SecurityAction.RequestOptional, Level = AspNetHostingPermissionLevel.Medium)]
 
 // The following are only required for diagnostic logging (Trace.Write, Debug.Assert, etc.).
-#if DEBUG
+#if TRACE
 [assembly: KeyContainerPermission(SecurityAction.RequestMinimum, Unrestricted = true)]
 [assembly: ReflectionPermission(SecurityAction.RequestMinimum, MemberAccess = true)]
 [assembly: RegistryPermission(SecurityAction.RequestMinimum, Unrestricted = true)]