Clever Geek Handbook

Does my app make clickonce partial trust?

I am about to start working on a ClickOnce application for internal clients for use on an organizational intranet. I want to make the installation process easier, so I thought it would be a good idea to develop a partial validation app, but now I'm not sure.

One thing that users have specifically requested (comes down to) TextBox

with the text Cue. The easiest way to provide this at the moment is with a simple subclass TextBox

that includes the CueText property as a property. The cuetext function can be executed by calling PInvoke before SendMessage()

.

protected override void OnHandleCreated(EventArgs e)
{
    this.UpdateCueText();  // Bang, you're dead here
    base.OnHandleCreated(e);
}

private void UpdateCueText()
{
    if (this.IsHandleCreated)
    {
        NativeMethods.SendMessage(new HandleRef(this, this.Handle), setCueBannerMessage, this.showCueTextWithFocus ? new IntPtr(1) : IntPtr.Zero, this.cueText);
    }
}

"Ah ha! I need it SecurityPermission.UnmanagedCode

." As far as I know, intranet zone security includes permission by default SecurityPermission

, so I try to start it and it explodes when called UpdateCueText()

. I can even check properties for SecurityException

b / c, each attempt to evaluate a property SecurityException

causes another non-integrable SecurityException

.

I am trying the standard modification:

protected override void OnHandleCreated(EventArgs e)
{
    var permission = new SecurityPermission(SecurityPermissionFlag.UnmanagedCode);
    permission.Assert();
    try
    {
        this.UpdateCue();
    }
    finally
    {
        CodeAccessPermission.RevertAssert();
    }
    base.OnHandleCreated(e);
}

Still no luck. But when I go to the security settings page in the project properties and set the SecurityPermission to "Enabled" instead of "Default Zone", I don't even need manual approval, it just happens. But, of course, I am assuming that the client will still receive a promotion.

Can I do what I am trying to do from a partial trust environment? I'm starting to suspect it's not b / c, it doesn't even make sense. Arbitrary partially trusted code can't just call SendMessage, can it? I am beginning to realize that I am trying to bypass security measures instead of working inside them.

If so, is it even worth the effort to develop this application with partial trust as a priority? Or should I just put up with the promotion request to build a fully trusted app for the sake of scheduling and ui compliance?

+2


source to share


2 answers


Statement

permission.Assert();


can only grant your permissions to streams that are already available to build. This is why it doesn't work.

So: Yes, you will need to enable these assembly level permissions. And as JaredPar says, you can use full trust as well.

+1


source


If you're deploying an intranet application, I definitely don't think it's worth messing around with partial trust scripts. Partial trust is generally difficult to understand and can impose subtle restrictions on your code. I only use it when I need to deploy a component to an existing partial trust environment.



Setting up a new partial trust environment in a scenario that doesn't require it just adds additional overhead for you. Unless you have a specific client requirement, less likely for an intranet application, I would avoid it.

+5


source






More articles:


All Articles