Microsoft .NET Creating Installation Components Page - 2

The zero deployment model provided by the .NET framework for deploying Windows applications. In this model users are not required to deploy the application before executing it. They can just run the application and the application installs itself. All necessary code and configuration files are kept on a web server and users can execute the application by pointing to the URL of the.exe from Internet Explorer.

The server need not have the .NET framework installed on it. All code and configuration files are automatically downloaded form the web server and executed on the local machine. This model is exciting because it gives ease of maintenance that is available from a web application in addition to the rich user interface of Windows forms.

Launching a Remote Application

1. In the solution explorer, add Visual C# Windows application project. Give th project a name.

2. Rename form 1.cs file to the in the project. Switch to the code view and modify all references to the Form 1 so that they refer to your form.

3. Place a TextBox control, a button control and a label control on the form. Set the TextAlign property of the label control to MiddleCenter and set the font to a larger size.

4. Add the following code to the Click event handler

Private void btnDisplay_Click(Object sender,System.EvenArgs e)
{
lblMessage.Text=txtMessage.Text;
}

5. Set the project as the startup project and run the project. Enter some text in the text box and click the button.

6. Note that the text is displayed in the Label control.

7. Copy the .exe file to a Web server directory

8. Launch Internet Explorer. Navigate to http://localhost/somename.exe.

9. If the Web server is local or within an intranet zone, the application is launched. If it is through the Internet a security exception is thrown up.

The Download Cache

Downloaded code from an URL is cached in a central location called the download cache. The source information is available to the download cache and whenever a request is made for the particular URL, the cache checks the timestamp of the requested assemblies and downloads the latest version. This feature makes it extremely useful. It also isolates the assemblies from other assemblies that are downloaded by other users or applications. This cache is physically stored in a directory that is private to the user. The folders in this cache have cryptic names. To browse the contents of the cache the user has to open Windows Explorer and navigate to the assembly cache folder. The folder can be accessed by use of the command line gacutil.exe.

Code Access Security Policy

To help protect computer systems from malicious mobile code, to allow code from unknown origins to run with protection, and to help prevent trusted code from intentionally or accidentally compromising security, the .NET Framework provides a security mechanism called code access security. Code access security allows code to be trusted to varying degrees depending on where the code originates and on other aspects of the code's identity. Code access security also enforces the varying levels of trust on code, which minimizes the amount of code that must be fully trusted in order to run. Using code access security can reduce the likelihood that the code can be misused by malicious or error-filled code. It can reduce liability because the set of operations the code can be specified. Code access security can also help minimize the damage that can result from security vulnerabilities in the code. All managed code that targets the common language runtime receives the benefits of code access security, even if that code does not make a single code access security call.

To enforce the security we establish code access security policy. The caspol tool is used to view the security policy and also to manage and configure the same.

To view the security policy with code caspol.exe:

In the command prompt window enter the command
caspol [-enterprise] [-maching] [-user | -all] –list

Caspol.exe lists the membership condition name and a membership condition value if available, followed by the name of the permission set associated with that code group. If the code group merges the permissions of its child code groups using first-match logic, Caspol.exe indicates this by displaying (FirstMatchCodeGroup) next to the code group. The default merge logic performs a union on permissions that child code groups grant.

To add an assembly that implements a custom security object to the fully trusted assembly list

Before an assembly is added to security policy, a strong name must be given to it and put in the global assembly cache.

• Type the following command at the command prompt:
  caspol [-enterprise|-machine|-user] –addfulltrust AssemblyFile
  
• Specify the policy-level option before the –addfulltrust option. If you omit the policy-level option, Caspol.exe lists the permission sets at the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.
  
• The following command adds MyCustomPermissionSet.exe to the user policy level's fully trusted assembly list.
  caspol –user –addfulltrust MyCustomPermissionSet.exe
  

To view the permission sets used at a policy level

Type the following command at the command prompt:
caspol [-enterprise|-machine|-user|-all] -listpset

Specify the policy-level option before the –listpset option. If the policy-level option is omitted, Caspol.exe lists the permission sets for the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

The following command lists the permission sets for all three policy levels.
caspol –all –listpset

To add a named permission set to a policy level

• Type the following command at the command prompt:
  caspol [-enterprise|-machine|-user] -addpset xmlFile [permissionSetName]
  
• Specify the policy-level option before the –addpset option. If the policy-level option is omitted, Caspol.exe adds the permission set at the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.
  
• Supply a permission set name if the XML file does not contain one in the form of a name attribute value.
  
• The following command imports the MyPermissions.xml permission set file as the MyPermissions permission set at the machine policy level.
  caspol -machine –addpset MyPermissions.xml MyPermissions
  

To remove a permission set from a policy level

Type the following command at the command prompt:
caspol [-enterprise|-machine|-user] –rempset PsetName.

Specify the policy level before the –rempset option. If you omit the policy-level option, Caspol.exe removes the permission set from the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

The following command deletes the MyFilePset permission set from the machine policy level.
caspol –machine –rempset MyFilePset

To change permission set

Type the following command at the command prompt:
caspol –chgpset pset_file pset_name.

The following command changes the FilePset permission set in the user policy to the state specified in the NewPset.xml file.
caspol –user –chgpset NewPset.xml FilePset

To list the code groups an assembly belongs to

Type the following command at the command prompt:
caspol [-enterprise|-machine|-user|-all] –resolvegroup assembly-file

Specify the policy-level option before the –resolvegroup option. If the policy-level option is omitted, Caspol.exe shows all policy levels.

The following command lists the code groups that MyAssembly.dll belongs to at the user policy level.
caspol –user –resolvegroup MyAssembly.dll