I had originally deployed an app with msi but the advantages of smart clients soon began to convince me to change my deployment model.
As a smart client, the app is executed as http://myserver/exec/myApp.exeThis works very nicely, until those security exceptions start appearing. I had to spend a long time going through my app to find out what was causing the exceptions. The obvious reason for the exceptions is that programs coming in from the Intranet are less trusted than those on My Computer, and hence are subject to more restrictions by the local security policy. After much exploration and reading up online, i found out some interesting facts:
You could deduce these by looking in the .Net Framework Security Policy (control panel > admin tools > .Net Framework configuration > Runtime security policy > Machine > Permission Sets > Local Intranet), and then double click one of the items in the main pane to the right, to see what restrictions if any are applied for the selected zone.
I found out the above information hard way through trial and error, but it was a very valuable exercise to learn about the security policy.
I got a large part of my app working, but i was using a class library of customised windows forms components, and this was causing a security exception. It took a few hours to pin down, but the docs finally revealed that the class library must have the following attribute (outside a class declaration):
The app worked fine after I added that line.
If you are not sure what zone your app will run in, you can request a minimum level which your app requires. Add the following line of code outside a class declaration in one of the files in your project:
[assembly:PermissionSetAttribute(SecurityAction.RequestMinimum, Name = "LocalIntranet")]
This will alert the user that they don't have permissions to run the app if it is running in a zone less than Local Intranet.
I personally have found these bits of information very difficult to pull together. There is a ton of stuff about smart clients but its mostly non-technical. I even got a CD from msdn about smart clients and i found it useless for helping out with any of the problems i have encountered along the way.
I hear there is a tool called PermCalc.exe coming with Whidbey that will probe an app to see what would cause security problems in a smart client scenario but until then, we are stuck doing it manually :)
© Copyright 2017 Tim Mackey