Managing Permissions
| ClickOnce doesn't force users to elevate permissions or to download an application, but you can avoid the issue altogether by programming specifically for partial trust. This involves detecting when your assemblies require more permissions than they advertise, refactoring your code to satisfy the advertised permissions, and, in some cases, enabling and disabling functionality to target a variety of deployment zones. Determining Required PermissionsWhen you configure your assembly to execute in partial trust and you select the partial trust zone you are targeting, the list of permissions that you select is the default set of permissions for the targeted zone, as shown in Figure 19.50. Figure 19.50. Green Ticks for the Default Internet Zone Partial Trust Permission Set Each available permission is listed, along with a green tick indicating whether it's been included in the list of permissions required by the current application. Additionally, a Setting column allows you either to choose the zone default for each permission or to forcibly include or exclude a permission. If you want the set of requested permissions to revert to the zone default, you simply click the Reset button. If you're targeting a particular deployment zone, you should leave the setting as the zone default. If your application requires more permissions than those provided by the deployment zone, you can include them, although it will require users to elevate your application's permissions. The best practice, however, is to request only the permissions you need and no more; the more permissions you request, the more damage your application can be made to do if it is hijacked. As you saw earlier in Table 19.1, each permission comes with one or more configurations. You can target these subpermissions by clicking the Properties button shown in Figure 19.50, which yields the dialog shown in Figure 19.51. Figure 19.51. Configuring Permission Settings Figure 19.51 shows the zone default for File IO permissions. If these were increased, to require access to the Save dialog or both Open and Save dialogs, it would result in an increased permission, which in turn causes the Security dialog to display a warning icon, as shown in Figure 19.52. Figure 19.52. Permission Warning Ascertaining Required PermissionsThere is no relationship between the permissions your application requests and those that it actually requires. When you choose a permission set, you are simply saying that your application requires those permissions and no more. If your application code turns out to require more, CAS raises security exceptions like the one shown in Figure 19.53 whenever your application attempts to cross the security sandbox line. Figure 19.53. Security Exception How do you determine exactly what permissions your application will require? The reference documentation provides one approach by detailing which permissions are required by each member or property of each type in the .NET Framework. Of course, flicking between the documentation and VS05 is not the most productive approach. Instead, the Security tab provides the Calculate Permissions button. When you click this button, VS05 analyzes your code, provides an estimate of the needed permissions, and updates the required permissions list automatically. [29]
When permission analysis reveals the need for extra permissions, again you have to consider whether to force permission elevation on the user. Alternatively, you can ratchet down the required permissions for the targeted zone and go about the business of updating your application code, with the help of the reference documentation, IntelliSense in Zone, partial trust zone debugging, and permission analysis, to ensure that it safely runs within the allowed permission set for that zone. [30] We now look at several things you have to consider and ways to handle them.
|
EAN: 2147483647
Pages: 216