让我的 clickonce 应用程序部分信任值得吗?
我即将开始开发一个针对内部客户的 ClickOnce 应用程序,以便在组织的 Intranet 上使用。我想简化设置过程,因此我认为开发部分受信任的应用程序是一个好主意,但现在我不太确定。
用户特别要求的一件事是(归结为)带有提示文本的 TextBox。目前提供此功能的最简单方法是使用 TextBox 的简单子类,其中包含 CueText 功能作为属性。提示文本功能是通过 PInvoke 调用 SendMessage() 来完成的。
protected override void OnHandleCreated(EventArgs e)
{
this.UpdateCueText(); // Bang, you're dead here
base.OnHandleCreated(e);
}
private void UpdateCueText()
{
if (this.IsHandleCreated)
{
NativeMethods.SendMessage(new HandleRef(this, this.Handle), setCueBannerMessage, this.showCueTextWithFocus ? new IntPtr(1) : IntPtr.Zero, this.cueText);
}
}
“啊哈!我需要 SecurityPermission.UnmanagedCode。”据我所知,默认的 Intranet 区域安全性包括 SecurityPermission 权限,因此我尝试运行它,但它在调用 UpdateCueText() 时发生爆炸。我什至可以检查 SecurityException 上的属性,b/c 每次尝试评估 SecurityException 属性都会抛出另一个无法检查的 SecurityException。
我尝试标准修改:
protected override void OnHandleCreated(EventArgs e)
{
var permission = new SecurityPermission(SecurityPermissionFlag.UnmanagedCode);
permission.Assert();
try
{
this.UpdateCue();
}
finally
{
CodeAccessPermission.RevertAssert();
}
base.OnHandleCreated(e);
}
仍然没有运气。但是,当我进入项目属性中的安全设置页面并将 SecurityPermission 设置为“包含”而不是“区域默认”时,我什至不需要手动断言,一切都会发生。但当然,我假设客户仍然会收到海拔提示。
是否可以在部分信任的环境中做我想做的事情?我开始怀疑这不是因为它甚至没有意义。任意部分受信任的代码不应该只能调用 SendMessage,对吧?我开始意识到我一直在试图规避安全措施而不是在其中工作。
如果是这样的话,是否值得以部分信任为优先来开发这个应用程序?努力?或者我应该为了日程安排和满足 ui 要求而屈服于设置时的提升提示来创建完全可信的应用程序?
I'm about to start working on a ClickOnce app targeted at internal customers for use on the organization's intranet. I want to ease the setup process, so I thought that developing the app to be partially trusted would be a good idea, but now I'm not so sure.
One thing that the users have specifically asked for is (boiled down to) a TextBox with Cue Text. The easiest way to provide this at the moment is with a simple subclass of TextBox that includes the CueText functionality as a property. The cuetext functionality is done via a PInvoke'd call to SendMessage().
protected override void OnHandleCreated(EventArgs e)
{
this.UpdateCueText(); // Bang, you're dead here
base.OnHandleCreated(e);
}
private void UpdateCueText()
{
if (this.IsHandleCreated)
{
NativeMethods.SendMessage(new HandleRef(this, this.Handle), setCueBannerMessage, this.showCueTextWithFocus ? new IntPtr(1) : IntPtr.Zero, this.cueText);
}
}
"Ah-ha! I need SecurityPermission.UnmanagedCode." The default intranet zone security includes the SecurityPermission permission as far as I can tell, so I try running it and it explodes on the call to UpdateCueText(). I can even inspect the properties on the SecurityException b/c every attempt to evaluate a SecurityException property throws another uninspectable SecurityException.
I try the standard modification:
protected override void OnHandleCreated(EventArgs e)
{
var permission = new SecurityPermission(SecurityPermissionFlag.UnmanagedCode);
permission.Assert();
try
{
this.UpdateCue();
}
finally
{
CodeAccessPermission.RevertAssert();
}
base.OnHandleCreated(e);
}
Still no luck. But when I go to the security settings page in the project properties and set the SecurityPermission to be "Included" instead of "Zone Default", I don't even need the manual assertion, everything just happens. But of course, then I assume the customer is still going to get an elevation prompt.
Is it possible to do what I'm trying to do from a partial trust environment? I'm beginning to suspect that it's not b/c it wouldn't even make sense. Arbitrary partially-trusted code shouldn't be able to just call SendMessage, right? I'm beginning to realize that I've been trying to circumvent the security measures instead of work within them.
If that's the case, is it even worth the effort to develop this app with partial trust as a priority? Or should I just resign myself to an elevation prompt on setup to create a fully trusted app for the sake of schedule and meeting ui requirements?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您正在部署一个 Intranet 应用程序,我绝对认为不值得去扰乱部分信任场景。部分信任往往难以理解,并且可能会给您的代码带来不明显的限制。我仅在必须将组件部署到现有的部分信任环境中时才使用它。
在不需要的场景中设置新的部分信任环境只会给您自己增加额外的开销。除非有特定的客户要求(对于内联网应用程序不太可能),否则我会避免使用它。
If you are deploying an intranet application I definitely don't think it's worth it to mess with partial trust scenarios. Partial trust tends to be hard to understand and can impose non-obvious limitations to your code. I only use it when I have to deploy a component into an existing partial trust environment.
Setting up a new partial trust environment in a scenario that does not require it is just adding extra overhead for yourself. Unless there is a specific customer requirement, less likely for intranet app, I would avoid it.
该语句
只能授予程序集已经可用的线程权限。这就是为什么那不起作用。
所以:是的,您需要在程序集级别包含这些权限。正如 JaredPar 所说,您不妨使用完全信任。
The statement
can only grant your thread permissions that are already available to the assembly. That's why that doesn't work.
So: Yes, you'll need to include those permissions at the assembly level. And like JaredPar says, you might as well use full-trust.