Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

(837909) - Describes how to deploy a .NET Framework application and how to adjust security settings to make the application accessible from a remote computer.

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 837909 - Last Review: May 18, 2007 - Revision: 4.6

How to configure .NET Framework security settings and how to deploy a .NET Framework application

View products that this article applies to.

On This Page

SUMMARY

To configure security settings and to deploy a Microsoft .NET Framework application on a remote computer, follow these steps:
  • On the local computer, create a .NET Framework application.
  • Configure the security settings for your .NET Framework application by using the Code Access Security Policy tool (Caspol.exe) on the remote computer.
  • Deploy your .NET Framework application on the remote computer.
Back to the top

INTRODUCTION

This step-by-step article describes how to configure the runtime security policies of .NET Framework applications so that these applications can be accessed from a remote computer.

Back to the top

Create a Console Application project in Visual Basic .NET

  1. On the local computer, start Microsoft Visual Studio .NET.
  2. On the File menu, point to New, and then click Project. The New Project dialog box appears.
  3. Under Project Types, click Visual Basic Projects.
  4. Under Templates, click Console Application. In the Location box, type C:\, and then click OK. By default, a project that is named ConsoleApplication1 and a module file that is named Module1.vb are created.

    Note Notice that a folder that is named ConsoleApplication1 is created on drive C on your computer.
  5. In the Module1.vb file, replace the existing code with the following code:
    Module Module1
Sub Main()
   Console.WriteLine("Starting test...")
   Console.Read()
End sub
End Module
  6. On the Build menu, click Build Solution.
  7. Start Windows Explorer. Locate the ConsoleApplication1 folder on drive C on your computer. Double-click the ConsoleApplication1 folder. Notice that the ConsoleApplication1 folder contains a folder that is named Bin.
  8. Share the Bin folder.
Back to the top

Configure the security policy settings on the remote computer

When you try to access a .NET Framework application from a remote computer, you may receive a System.SecurityException exception error message or a security warning message.

To make your .NET Framework application fully trusted, you can use the Code Access Security Policy tool (Caspol.exe). To do this, follow these steps:
  1. Click Start, and then point to Programs.
  2. Do one of the following, depending on the version of Visual Studio .NET that you have:
    • If you are using Visual Studio .NET 2003, point to Microsoft Visual Studio .NET 2003, point to Visual Studio .NET Tools, and then click Visual Studio .NET 2003 Command Prompt. The Visual Studio .NET 2003 Command Prompt window opens.
    • If you are using Visual Studio .NET 2002, point to Microsoft Visual Studio .NET, point to Visual Studio .NET Tools, and then click Visual Studio .NET Command Prompt. The Visual Studio .NET Command Prompt window opens.
  3. Do one of the following, depending on the version of Visual Studio .NET that you have:
    • If you are using Visual Studio .NET 2003, run the following command at the Visual Studio .NET 2003 Command Prompt:
      caspol -m -ag 1 -url file://\\\servername\bin\* FullTrust
    • If you are using Visual Studio .NET 2002, run the following command at the Visual Studio .NET Command Prompt:
      caspol -m -ag 1 -url file://\\\servername\bin\* FullTrust
    Note In this command, servername is a placeholder for the name or for the IP address of the local computer where you created your .NET Framework application in the "Create a console application in Visual Basic .NET" section.
Note The security policy settings for the Microsoft .NET Framework 1.1 and for the Microsoft .NET Framework 1.0 are independent of each other.

Back to the top

Deploy the application on the remote computer

On the remote computer, you can deploy the compiled application by using one of the following methods:
  • Map a network drive, and then deploy the application.
  • Deploy the application by using a .NET deployment package.
  • Deploy the application by using no-touch deployment.

Map a network drive, and then deploy the application

For more information about how to deploy the application by mapping a network drive, click the following article number to view the article in the Microsoft Knowledge Base:
832742  (http://kbalertz.com/Feedback.aspx?kbNumber=832742/ ) How to deploy a .NET Framework application to run from a network location

Deploy the application by using a .NET deployment package

The Microsoft .NET Framework is included with a graphical user interface (GUI) configuration tool that you must use to make security policy changes. This tool also contains a wizard that helps you create a self-contained Microsoft Windows Installer package (.msi) file out of a security policy level. The security policy is administered through settings at the following three policy levels:
  • The enterprise policy level
    The enterprise policy level maps to the policy level that has been defined for the whole enterprise network.
  • The machine policy level
    The machine policy level defines the permissions that apply to a specific computer.
  • The user policy level
    The user policy level defines the permissions that apply to the logged on user.
For more information about how to deploy the application by using a .NET deployment package, click the following article number to view the article in the Microsoft Knowledge Base:
815173  (http://kbalertz.com/Feedback.aspx?kbNumber=815173/ ) How to build and deploy a .NET security policy deployment package

Deploy the application by using no-touch deployment

The main advantage of using no-touch deployment is that the application can be run and can be deployed without always providing the user name and the password.

To deploy a .NET Framework application by using the no-touch deployment method, follow these steps:
  1. Create a user account that has the same user name and the same password on both the local computer and the remote computer. To do this, follow these steps:
    1. Right-click My Computer, and then click Manage.
    2. Expand Local Users and Groups, and then right-click Users.
    3. Click New User. The New User dialog box appears.
    4. In the following boxes, type the information that you want to use for the new user account:
      • User name
      • Full name
      • Description
      • Password
      • Confirm password
    5. Click to clear the User cannot change password check box.
    6. Click to select the Password never expires check box.
    7. Click Create.
  2. On the local computer, grant permissions for the application folder that contains the application that you created in the "Create a Console Application project in Visual Basic .NET" section. To do this, follow these steps on the local computer:
    1. Start Windows Explorer.
    2. Locate the ConsoleApplication1 folder on drive C on your computer.
    3. Double-click the ConsoleApplication1 folder, and right-click the bin folder, and then click Properties. The bin Properties dialog box appears.
    4. Click the Sharing tab.
    5. On the Sharing tab, make sure that the Share this folder option is selected.
    6. Click Permissions. The Permissions for bin dialog box appears.
    7. Click the Share Permissions tab.
    8. On the Share Permissions tab, click Add. The Select Users, Computers, or Groups dialog box appears.
    9. Enter the user account that you created in step 1, and then click OK.
    10. In the Permissions section, click to select the Full Control check box under Allow, and then click OK.

      Note If the file system on your computer is FAT32, go to step 3.
    11. On the Security tab of bin Properties dialog box, click Add. The Select Users, Computers, or Groups dialog box appears.
    12. Repeat steps j and k.
  3. On the remote computer, open the folder that contains your application. To do this, follow these steps:
    1. Click Start, and then click Run.
    2. In the Open box, type the following:
      \\servername
      Note In this command, servername is a placeholder for the name or the IP address of the local computer where you created your .NET Framework application in the "Create a Console Application project in Visual Basic .NET" section.
    3. Click OK. You receive a message to provide credentials.
    4. Provide the user name and the password that you created in step 1.
  4. Click Start, and then click Run.
  5. In the Open box, type inetmgr, and then click OK. The following behavior occurs, depending on the operating system that you have:
    • On Windows Server 2003, the Internet Information Services (IIS) Manager window appears.
    • On Windows 2000 Server and on Windows XP, the Internet Information Services window appears.
  6. In the window that appears in step 5, expand your server.
  7. Do one of the following, depending on the operating system that you have:
    • On Windows 2000 Server, right-click Default Web Site, and then click New Virtual Directory. The Virtual Directory Creation Wizard appears.
    • On Windows Server 2003 and on Windows XP, expand Web Sites, right-click Default Web Site, and then click New Virtual Directory. The Virtual Directory Creation Wizard appears.
  8. Click Next.
  9. In the Alias box, type TestApp, and then click Next.
  10. In the Directory box, type \\servername\bin, and then click Next.
  11. Provide the user name and the password that you created in step 1, and then click Next.
  12. In the Confirm Password dialog box, type your password in the Please re-enter the password to confirm box, and then click OK.
  13. Click Next, and then click Finish to close the wizard. Notice that a virtual directory that is named TestApp is created under Default Web Site in Microsoft Internet Information Services (IIS).
  14. Click the TestApp virtual directory. In the right pane, notice the ConsoleApplication1.exe file on the Name tab.
  15. Right-click ConsoleApplication1.exe, and then click Browse. Notice that the application runs successfully.
Back to the top

REFERENCES

For more information, visit the following Microsoft Developer Network (MSDN) Web sites:
No-touch deployment in the .NET Framework
http://msdn2.microsoft.com/en-us/library/aa289511(VS.71).aspx (http://msdn2.microsoft.com/en-us/library/aa289511(VS.71).aspx)

Code Access Security Policy tool (Caspol.exe)
http://msdn2.microsoft.com/en-us/library/cb6t8dtz(vs.71).aspx (http://msdn2.microsoft.com/en-us/library/cb6t8dtz(vs.71).aspx)

An overview of security in the .NET Framework
http://msdn2.microsoft.com/en-us/library/aa302369.aspx (http://msdn2.microsoft.com/en-us/library/aa302369.aspx)

.NET Framework Configuration tool 1.1 and Code Access Security Policy tool
http://msdn2.microsoft.com/en-us/library/aa195463(office.11).aspx (http://msdn2.microsoft.com/en-us/library/aa195463(office.11).aspx)

Security policy levels
http://msdn2.microsoft.com/en-us/library/628s5x1x(vs.71).aspx (http://msdn2.microsoft.com/en-us/library/628s5x1x(vs.71).aspx)

.NET Framework enterprise security policy administration and deployment
http://msdn2.microsoft.com/en-us/library/aa302354.aspx (http://msdn2.microsoft.com/en-us/library/aa302354.aspx)

Deploying .NET security policies
http://msdn2.microsoft.com/en-us/library/aa168860(office.11).aspx (http://msdn2.microsoft.com/en-us/library/aa168860(office.11).aspx)

Project Folder Not Secure dialog box
http://msdn2.microsoft.com/en-us/library/bs2bkwxc(vs.71).aspx (http://msdn2.microsoft.com/en-us/library/bs2bkwxc(vs.71).aspx)
Back to the top
APPLIES TO
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.0
Back to the top
Keywords: 
kbhowtomaster kbuser kbtrusts kbnetwork kbpolicy kbdeployment kbsecurityservices KB837909
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting