no touch deployment

Discussion in 'ASP .Net' started by Mark, Aug 20, 2003.

  1. Mark

    Mark Guest

    I'm trying to distribute an application using the .NET No Touch Deployment
    method. Which is basically
    browsing to a .NET .exe in Internet Explorer. I do this and the application
    comes up fine. The only problem I have
    is that a lot of the functionality of the app won't work because of security
    issues.
    Can someone tell me the easiest way to give the needed permissions to allow
    the app to run on users machines
    when it is accessed? Without going to each persons machine individually and
    giving them permissions??

    Thanks in advance. Mark
     
    Mark, Aug 20, 2003
    #1
    1. Advertising

  2. The simple answer is no you can't get full rights for an assembly gotten
    over the web, but there is a way to get a good deal of them.

    First of all to get good rights it must be a intranet. And you must
    beable to refernce the site with out the domain attached. ex you would
    refrence test.domain.com as test.
    That sets IE to work in local intranet mode which sets the security
    level of dot net to one notch below full trust.

    The text for that level reads .
    Programs might no beable to access most protected resources such as the
    registry or security policy settings, or access your local file system
    with out user interaction.
    Programs will beable to connect back to thier sight of origin, resolve
    domain names, and use all windowing resources.

    I ran a quick test and I couln't write to the file system.

    Hope this helps.


    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Fredrick Grass, Aug 21, 2003
    #2
    1. Advertising

  3. Mark

    Mark Guest

    Yeah, that's what I seem to be finding out with this whole thing.
    Unfortunately it looks like it would be a major pain in the butt to deploy
    an app using this method. Seemed like an awesome idea though.
    I know there are caveats with writing or accessing files, but the error I'm
    getting only happens when I'm trying to shut down my application.

    Here's the line I'm erroring on (this is just in a button click event):

    Application.Exit();

    Here's the error:

    Request for the permission of type
    System.Security.Permissions.SecurityPermission, mscorlib
    version=1.0.5000.0, Culture=neutral
    PublicKeyToken=b77a5c561934e089 failed.



    Any help on this one would be great. I'm accessing the program using
    http://localhost, so that should be intranet.
    It makes sense to me about the filesystem being restricted , but it makes
    absolutely no sense that the application would not be able to close itself.


    "Fredrick Grass" <> wrote in message
    news:eKCTJ0$...
    > The simple answer is no you can't get full rights for an assembly gotten
    > over the web, but there is a way to get a good deal of them.
    >
    > First of all to get good rights it must be a intranet. And you must
    > beable to refernce the site with out the domain attached. ex you would
    > refrence test.domain.com as test.
    > That sets IE to work in local intranet mode which sets the security
    > level of dot net to one notch below full trust.
    >
    > The text for that level reads .
    > Programs might no beable to access most protected resources such as the
    > registry or security policy settings, or access your local file system
    > with out user interaction.
    > Programs will beable to connect back to thier sight of origin, resolve
    > domain names, and use all windowing resources.
    >
    > I ran a quick test and I couln't write to the file system.
    >
    > Hope this helps.
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!
     
    Mark, Aug 21, 2003
    #3
  4. Mark

    Mark Guest

    Oh, I just tried one more thing. If you just close the form (me.close())
    you don't get an error. It has something to do with doing an
    Application.Exit().
    That boggles me of why the application wouldn't have permission to "exit" or
    close (in intranet/internet mode).



    "Fredrick Grass" <> wrote in message
    news:eKCTJ0$...
    > The simple answer is no you can't get full rights for an assembly gotten
    > over the web, but there is a way to get a good deal of them.
    >
    > First of all to get good rights it must be a intranet. And you must
    > beable to refernce the site with out the domain attached. ex you would
    > refrence test.domain.com as test.
    > That sets IE to work in local intranet mode which sets the security
    > level of dot net to one notch below full trust.
    >
    > The text for that level reads .
    > Programs might no beable to access most protected resources such as the
    > registry or security policy settings, or access your local file system
    > with out user interaction.
    > Programs will beable to connect back to thier sight of origin, resolve
    > domain names, and use all windowing resources.
    >
    > I ran a quick test and I couln't write to the file system.
    >
    > Hope this helps.
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!
     
    Mark, Aug 22, 2003
    #4
  5. Mark

    SEWilson Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    because Application.Exit terminates the process at the OS
    level. A hosted environment should NEVER have the right to
    terminateprocess, thus Application.Exit is rightly
    inaccessible from what is otherwise a hosted assembly (even
    if it is an exe, implementors of browsers may opt to
    completely sandbox the app).

    Aside from that. Application.Exit and TerminateProcess are
    known by component developers to be the worst way to exit a
    modern/windows compnent-based application. Tsk tsk. You
    should be properly disposing all of your objects and then
    closing the main form (which puts execution back into
    Main() where it exits the process normally).

    "Mark" <> wrote in message
    news:...
    > Oh, I just tried one more thing. If you just close the
    > form (me.close()) you don't get an error. It has
    > something to do with doing an Application.Exit().
    > That boggles me of why the application wouldn't have
    > permission to "exit" or close (in intranet/internet
    > mode).
    >
    >
    >
    > "Fredrick Grass" <> wrote in message
    > news:eKCTJ0$...
    > > The simple answer is no you can't get full rights for
    > > an assembly gotten over the web, but there is a way to
    > > get a good deal of them.
    > >
    > > First of all to get good rights it must be a intranet.
    > > And you must beable to refernce the site with out the
    > > domain attached. ex you would refrence test.domain.com
    > > as test.
    > > That sets IE to work in local intranet mode which sets
    > > the security level of dot net to one notch below full
    > > trust.
    > >
    > > The text for that level reads .
    > > Programs might no beable to access most protected
    > > resources such as the registry or security policy
    > > settings, or access your local file system with out
    > > user interaction.
    > > Programs will beable to connect back to thier sight of
    > > origin, resolve domain names, and use all windowing
    > > resources.
    > >
    > > I ran a quick test and I couln't write to the file
    > > system.
    > >
    > > Hope this helps.
    > >
    > >
    > > *** Sent via Developersdex http://www.developersdex.com
    > > *** Don't just participate in USENET...get rewarded for
    > > it!

    >


    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBP0bmGqZcqAh+utlREQI4RQCgx9omBV6FK2RrOhK1tToOEP3dKYQAoJSe
    oY/Bya8kfcfN9bPyvMAbFIME
    =hMz6
    -----END PGP SIGNATURE-----
     
    SEWilson, Aug 23, 2003
    #5
  6. Mark

    Eric Cadwell Guest

    Someone tell me how crazy this idea is:

    You can configure all this through policy files - security.config has the
    power to enable full trust for the Intranet Zone (or any other zone). You
    can create new permission sets, code groups, and the whole nine yards.

    I've been thinking of setting up an internal site as a Trusted site (through
    IE) and granting Trusted Sites full access. Or more specifically I could
    create a new permission set that allows just the added permissions that I
    need (Sockets, File IO).

    Can you add a Trusted Site via a remote admin tool or script? Can you do
    this with AD group policy? Even if you had to instruct the users to add a
    trusted site or touch all the machines once, this would lay the groundwork
    for any other app you push.

    You'd need to create a deployment package for the policy and another to set
    up a desktop shortcut for the users to launch the app.

    Eric Cadwell

    You can use the .NET Framework Configuration tool in Control Panel >
    Administrative Tools to edit the security.config file
    "Mark" <> wrote in message
    news:...
    > I'm trying to distribute an application using the .NET No Touch Deployment
    > method. Which is basically
    > browsing to a .NET .exe in Internet Explorer. I do this and the

    application
    > comes up fine. The only problem I have
    > is that a lot of the functionality of the app won't work because of

    security
    > issues.
    > Can someone tell me the easiest way to give the needed permissions to

    allow
    > the app to run on users machines
    > when it is accessed? Without going to each persons machine individually

    and
    > giving them permissions??
    >
    > Thanks in advance. Mark
    >
    >
     
    Eric Cadwell, Aug 27, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alan Seunarayan

    RegexAssembly?_0.dll and Zero-touch deployment

    Alan Seunarayan, Jun 5, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    1,201
    Alan Seunarayan
    Jun 6, 2004
  2. Leon Jollans

    no touch deployment of crystal viewer

    Leon Jollans, Aug 28, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    350
    Leon Jollans
    Aug 28, 2003
  3. Bruce W...1

    "No touch deployment" on a web page?

    Bruce W...1, Nov 18, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    341
    Elizabeth Newman [MS]
    Nov 21, 2003
  4. Bruce W.1
    Replies:
    0
    Views:
    309
    Bruce W.1
    Jan 4, 2004
  5. Han Holl
    Replies:
    4
    Views:
    341
    Nobuyoshi Nakada
    Oct 12, 2006
Loading...

Share This Page