By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,569 Members | 1,386 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,569 IT Pros & Developers. It's quick & easy.

.NET Application Security

P: n/a
Hi -

I have developed a .NET WinForms application and will be looking to write an
installer shortly. I'm a bit concerned regarding security.

If the application is installed to the local harddisk, then I don't see a
problem as that will inherit full trust; but if the user installs the
application to a network drive then I envisage that the default rights will
prevent the application from running.

What should I do in the installer in order to ensure that the user has the
correct rights in order to run the application from where they install it?
The users will not be technical and will expect the application to just run.

The application will require access to:

1. Microsoft Access database.
2. Files on the installed drive (full access) (either local or network).
3. Third party ActiveX components installed by the application.
4. Possibly access to the registry.

TIA

- Andy
Nov 16 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Other than telling people not to install it to the network, there's not a lot
you can do... at the end of the day, you should only support network
installations that are designed as such.
"Andy Bates" wrote:
Hi -

I have developed a .NET WinForms application and will be looking to write an
installer shortly. I'm a bit concerned regarding security.

If the application is installed to the local harddisk, then I don't see a
problem as that will inherit full trust; but if the user installs the
application to a network drive then I envisage that the default rights will
prevent the application from running.

What should I do in the installer in order to ensure that the user has the
correct rights in order to run the application from where they install it?
The users will not be technical and will expect the application to just run.

The application will require access to:

1. Microsoft Access database.
2. Files on the installed drive (full access) (either local or network).
3. Third party ActiveX components installed by the application.
4. Possibly access to the registry.

TIA

- Andy

Nov 16 '05 #2

P: n/a
You could have your installer modify the security policy as needed. For
example: create a new code group, set its membership condition to your
application's strong name, and give this code group appropriate permissions.

http://msdn.microsoft.com/library/de...ms11122002.asp
shows how to do this. The article talks about web-deployed applications but
it is equally applicable to an application deployed on a network share.

Regards,
Sami

"Andy Bates" <An****@freezone.co.uk> wrote in message
news:ea*************@TK2MSFTNGP14.phx.gbl...
Hi -

I have developed a .NET WinForms application and will be looking to write an installer shortly. I'm a bit concerned regarding security.

If the application is installed to the local harddisk, then I don't see a
problem as that will inherit full trust; but if the user installs the
application to a network drive then I envisage that the default rights will prevent the application from running.

What should I do in the installer in order to ensure that the user has the
correct rights in order to run the application from where they install it?
The users will not be technical and will expect the application to just run.
The application will require access to:

1. Microsoft Access database.
2. Files on the installed drive (full access) (either local or network).
3. Third party ActiveX components installed by the application.
4. Possibly access to the registry.

TIA

- Andy

Nov 16 '05 #3

P: n/a
You can always create a custom installer class that will pop up a message if
the user installs the application on a networked drive instead of the local
hard drive.

This article could help: http://www.devx.com/dotnet/Article/20849/0/page/1

This is less of a problem than you think... most of your "less technical"
users accept the default install options. Only the ones who know just
enough to be truly dangerous (less than 5%) will change the install location
but not understand that doing so can mess with the ability of the app to
run.

HTH,
--- Nick

"Andy Bates" <An****@freezone.co.uk> wrote in message
news:ea*************@TK2MSFTNGP14.phx.gbl...
Hi -

I have developed a .NET WinForms application and will be looking to write an installer shortly. I'm a bit concerned regarding security.

If the application is installed to the local harddisk, then I don't see a
problem as that will inherit full trust; but if the user installs the
application to a network drive then I envisage that the default rights will prevent the application from running.

What should I do in the installer in order to ensure that the user has the
correct rights in order to run the application from where they install it?
The users will not be technical and will expect the application to just run.
The application will require access to:

1. Microsoft Access database.
2. Files on the installed drive (full access) (either local or network).
3. Third party ActiveX components installed by the application.
4. Possibly access to the registry.

TIA

- Andy

Nov 16 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.