http://blogs.msdn.com/ptorr/archive/2004/06/29/168374.aspxAs you already know, LinkDemands can be dangerous . But if you do use them, you need to know how to use them correctly. One problem that happens is when people add (or fail to maintain) a LinkDemand to a derived class when one did (or did not) exist onen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/ptorr/archive/2004/06/29/168374.aspx#168692Tue, 29 Jun 2004 13:40:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:168692Eric WilsonI don't understand how Full Demands work. In a future blog can you give you a run-down about how they work? In particular, I'm having trouble understanding the &quot;deny&quot; part of Full Demands. Can I demand that my assembly run without full trust, but that the callers code can run however it would like? How do I do that?http://blogs.msdn.com/ptorr/archive/2004/06/29/168374.aspx#168833Tue, 29 Jun 2004 15:38:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:168833Peter TorrThe best way to run without FullTrust is to add RequestRefuse declarative attributes to your assembly. See: <br> <br><a target="_new" href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconrefusingpermissions.asp">http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconrefusingpermissions.asp</a> <br> <br>for more information. <br> <br>A Deny is used to temporarily terminate a stackwalk at the current method.http://blogs.msdn.com/ptorr/archive/2004/06/29/168374.aspx#168982Tue, 29 Jun 2004 17:56:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:168982Frank HilemanThanks for the excellent explanation. Any chance you could tell us how you got that beautiful colorized text in for the code? I have been frustrated with that part of blogging.http://blogs.msdn.com/ptorr/archive/2004/06/29/168374.aspx#169402Wed, 30 Jun 2004 03:34:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:169402Peter TorrI write my blogs in Word and then use a WordML -&gt; HTML transform and a VSTO project to post to the blog web service. <br> <br>I really need to upload the final version some day... ;-)http://blogs.msdn.com/ptorr/archive/2004/06/29/168374.aspx#170840Thu, 01 Jul 2004 13:37:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:170840Nicole CalinoiuPeter: Wouldn't making an optional request for non-unrestricted permissions (i.e.: [assembly: PermissionSet(SecurityAction.RequestOptional, Unrestricted=false)]) as per <a target="_new" href="http://msdn.microsoft.com/library/en-us/cpguide/html/cpconpermissionrequests.asp?frame=true">http://msdn.microsoft.com/library/en-us/cpguide/html/cpconpermissionrequests.asp?frame=true</a> be a much simpler means of running without full trust? <br> <br>As with your earlier comment, most MS recommendations I've seen for refusing full trust go the RequestRefuse route. However, the setup for this is both more tedious and more error-prone, and it doesn't accomodate possible extensions to the available permission sets, so I have to wonder why it seems to be the favoured approach. <br> <br>Is the RequestRefuse route somehow safer or more reliable? Is there any documentation available comparing the two approaches?http://blogs.msdn.com/ptorr/archive/2004/06/29/168374.aspx#171286Thu, 01 Jul 2004 22:08:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:171286Peter TorrThanks for the great comment, Nicole. <br> <br>Please see my follow-up post at <a target="_new" href="http://weblogs.asp.net/ptorr/archive/2004/07/01/170998.aspx">http://weblogs.asp.net/ptorr/archive/2004/07/01/170998.aspx</a>