Browse by Tags

All Tags » Security (RSS)

• ClickOnce (16)

• Why does "ClickOnce" contain a hash for strong-named dependencies in the manifest when the assemblies themselves already have a hash in the assembly metadata?

  Because (1) weak references don't have a hash and (2) to keep the hashing scheme simple for manifests -- all files are hashed.

• I see Applaunch.exe in my Task manager instead of my app name, why?

  Applaunch.exe is used to host applications running in the CLR Code Access Security sandbox. Applications running with full trust do not need to be hosted in a secure host & will not run in the AppLaunch.exe. Applaunch.exe is similar to IEExec.exe...

• What special considerations are there for developing a component to be used in a "ClickOnce" app?

  The main considerations are security and how self-contained your component is. Lightweight, self-contained components can generally be deployed seamlessly along with the "ClickOnce" application. However, it is important to understand that the...

• Why do my simple WindowsFormsApplication1 apps I create in VS cause the security prompt to appear?

  By default, VS assumes that an application requires full trust to run & as such enters it into the application manifest. You can change this default using the Security tab in project properties. We chose this default simply because we have found that...

• Does the user consent prompt list the permissions the app is asking for?

  No. We looked into this, however, the user consent prompt is targeted at end-users. Translating code assess security permissions to something meaningful & helpful to the user is not easily accomplished. In addition, the trust decision the average...

• Can I wait & only have the security prompt come up when the application actually tries to do something it doesn’t have permission to do?

  No. The “ClickOnce” model does not support this type of on-demand prompting. The major reason is that’s hard enough to get the user to make an accurate trust decision without trying to have them do while the app is running.

• Do I need to obtain a key from some third party in order to sign?

  No, you can use your own generated private test certificate. You can also use an Authenticode certificate issued by a third party.

• Why do manifests have to be signed?

  There are numerous reasons we require “ClickOnce” applications to be signed. The biggest is to ensure that “ClickOnce” can not be used as an attack vector to propagate viruses to client PCs. By requiring “ClickOnce” deployments to be signed, only the...

• Does my "ClickOnce" app get the same trust when I launch it from the web versus the start menu?

  Yes, it runs with exactly the same set of permissions as defined in the application manifest.

• Do I have to sign my application assemblies?

  No, only the “ClickOnce” manifests need to be signed. The manifests have a hash of all the files they reference, so application integrity can be ensured, even if the application files are not signed. Also be careful when using signed assemblies in your...

• Can I get my applications to run with high trust without requiring a prompt?

  Yes, if your in a managed enterprise environment, you can use an Authenticode certificate to allow applications the IT department has indicated are trustworthy to run without prompting.

• Can I disable the security prompt?

  Absolutely. You can configure the prompt on a per-zone basis. Ex. you could disable the prompt for internet apps & leave it enabled for Intranet apps.

• A trust prompt, isn’t that just ActiveX all over again?

  The majority of the security vulnerabilities introduced by ActiveX actually had nothing to do with a prompt. Most attacks were javascript in an html page scripting a well-intentioned ActiveX control that unintentionally exposed a security hole. “ClickOnce...

• A trust prompt, can users really make security decisions?

  Ideally a user would never have to make a trust decision. However, if there is no admin available to make a trust decision for the user, & the user wants to be able to use an application that needs high trust, the only one that can make the decision...

• What if my application needs more permissions than it gets by default?

  There are two options available to applications that need higher trust. The first is a trust prompt. An application can specify the permissions it needs (Visual Studio helps with this). If an application needs more trust than what it requests, the user...

• What does my application have permission to do by default?

  By default "ClickOnce" deployed applications run in a security sandbox provided by CLR Code Access Security. An application has the ability to do safe operations, such as displaying UI & same site network IO, but can not do unsafe things...