URL Remoting

The .NET Framework includes a zero-touch deployment model that allows the user to install an application simply by navigating to the proper URL for the application's executable file within Internet Explorer. The Web server does not have to have the .NET Framework for this to functionin fact, it does not even need to be a Microsoft Web server. The local system's copy of the .NET Framework handles the installation and execution of the application using a zone-based security model. Downloaded assemblies are maintained in a download cache, which is unique for each user and for each download location from which the user has downloaded an application.

The security model used is based on the zone from which the application is executed, which may be one of the following:

• My_Computer_Zone This zone includes local file and URL paths on the same system. By default, this zone has the FullTrust permission.

• LocalIntranet_Zone This zone includes URLs accessing systems located on the same network. By default, this zone has the LocalIntranet permission.

• Internet_Zone This zone includes all addresses outside the local network. By default, this zone has its permissions set to None if the .NET Framework service pack (SP1) has been installed. Otherwise, it will have the Internet permission.

You can modify the security zone settings using the .NET Framework Configuration tool. You can reach this node within the tool by navigating the tree through Runtime Security Policy, Machine, Code Groups, All_Code, My_Computer_Zone. You may also adjust the runtime security policy for a particular assembly within the Runtime Security Policy folder. When you configure the Runtime Security settings for an assembly, you may configure access for the logged-in user only or for all users on the machine.

If you relax the security for a zone, such as providing FullTrust to the Internet_Zone, you may allow undesired components to run on your system.