Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Auto-Deploying Windows Forms .NET Applications: The Revenge of the Fat Client : Page 3

.NET Automatic Deployment is a feature built into the .NET Framework, allowing applications to download assemblies (via HTTP) from remote locations on an as-needed basis.


advertisement
It's All About Security
With .NET Security Policies, you can protect users from accidentally running code from unknown sources.
Security Policies in .NET are a necessary pain. Without them, letting users point their browsers to any URL, download a .NET executable, and automatically run it on their computers is every virus writer's dream come true. With Security Policies in .NET, you can protect users from accidentally running code from unknown sources.

You have probably heard before that .NET is highly integrated with the operating system. Security is one area where this integration is particularly evident.

Figure 5: Adding a trusted site
.NET Security Policies are very powerful and highly configurable. Let's take a look at how these policies are structured and how you can configure them to allow users to download executables from trusted URLs.

.NET Security and Internet Explorer Security Settings
The first place where you can configure security settings to allow users to run executables via HTTP is, not surprisingly, in Internet Explorer. To do so, launch Internet Explorer, go to the Tools menu option, select Internet Options, click on the Security tab, select Trusted sites, and click on the Sites button.

Let's add http://127.0.0.1 as a trusted site (Figure 5). Notice that the Require server verification... checkbox is unchecked in order to be able to add this site to the list.

Now that http://127.0.0.1 is a trusted site, let's try to run the executable again with the URL http://127.0.0.1/CodeDownloadDemo/Loader.exe Now the application will actually run, although .NET lets us know that some security issues are still unresolved (Figure 6).


Figure 6: The information icon indicates that the application runs in a partially trusted context.
 
Figure 7: .NET generates an error if you try to access resources outside the partially trusted site.

You can see that the loader application actually ran this time. Notice the small information icon on the upper left corner that indicates that this application is running in a partially trusted context and therefore some features of the application might not work. For example, trying to load data from the Employees Form generates a security error (Figure 7). The form is attempting to read data from SQL Server's Northwind database in localhost and the application does not have security permissions to do it.

Notice also how the URL (127.0.0.1) and the word "trusted" have been added to the application's title bar.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date