I'm looking for a way to instruct the .NET runtime, that it shall not check online the revocation status of a code signing certificate with the respective certification authority for certain assemblies. These assemblies run within a SharePoint 2010 web site under IIS in a security-restricted internal network which has no access to the internet and hence cannot query the CA.
We've tried setting a CAS policy to enforce full trust for this code:
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="ShareModel_Strong_Name"
Description="This code group grants full trust for custom assemblies.">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="0024...8cd4"
/>
</CodeGroup>
This setting was deployed as part of a customized wss_minimaltrust.config file. However, this has no impact on the mechanism of CRL checking.
Whats the right way to go around this: other / proper .NET configuration, possibly in machine.config, some Windows Server 2008 R2 configuration, something else?