Is it possible give full trust, programmatically to an ActiveX control embedded in a web page?
We are trying to build an activeX dll which creates and open a word document and refreshes its data based on some data from another site. It works fine, if I give the assembly full trust from Administrator Tools -> .net 2.0 configuration tool.
Can this be done through code ?
I don't think so. Code permissions can only be set through the configuration of an application, and even if it can be done through code, then the code that sets them would need to have permission to do this as well. Even then the settings from the web.config or machine.config would take precedence.
The point of these code permissions is that admins are able to control what an application can do. If the AppDommain for your application doesn't have rights to do certain things, why would and ActiveX you create have them?
Related
i have worked on ASP.net Web application in my local host and it worked perfectly, when i move the application folder to the Test server with IIS 8 it worked the first time but every time i modified a page in my local and move it to server i can not see the changes,
when i created ASP.net Web site i dont face any issue with that, can you please provide with the correct way of copy web application to another server?
also i enabled the custom error in webl.config but i am getting another error
any suggestion
thank you
This answer is based on the conversation in comment section.when you are publishing your website you will get three options
Allow this precompiled site to be updatable:Leaving it checked allows you to make certain changes to the .Aspx files after it has been deployed without recompiling (ex = move the position of a control or add some additional HTML markup).
use fixed naming and single page assemblies:Fixed named assemblies provide flexiblity in page level updates. Since each page will have its own named assembly (instead of a random name) it is easy to update the application by just updating the required assembly.that said if you have made changes to single code behind file then you can easily replace particular .dll file on server with your changed .dll file and the site will work.
Disadvantage is the large number of assemblies (difficult to maintain) and also slight performance hit would be there.
enable strong naming on precompiled assemblies:This is primarily for higher security
For more information check this link
I've written a small library that fetches password protected data over a https link. This library works under the desktop on Windows 8.1, windows phone 8, and windows store 8.1. I now need to complete my test harness for it. This project will shortly appear on github.
In order to properly test this, I need a username/password. Since this is open source, I don't want to store my username/password up there (obviously). When running against desktop applications I tend to use the Windows supplied password store (Credential Manager control panel, stored under a generic credential. This works fine. The code scans the credential cache for whatever is needed, loads it, and runs the test.
But what about the tests for Windows Phone or Windows Store. How can I safely cache a username/password like this so that my code can still be public? I have starting thinking about having a special empty file that gets put into source control. The actual version of this file is looked for during the build process, and if it is found, it is copied over (and it is some sort of resource file) and then it has the username and password in it. Etc.
I am using VS2013 and MSTest for this project.
How have others solved this? Many thanks in advance!
For a couple of rest client libraries that I've got on GitHub and which require an API key, I've taken to just storing the credentials in a known location, outside of the source tree, but loaded by unit tests at runtime. This keeps it our of source control, allows others to supply their own key to run unit tests and is simple. This approach could be generalized for the unique storage requirements of the various platforms you mention but I've only needed it on straight windows.
example from a unit test project
EDIT
Yes on store and phone apps you have limited access to the file system. You will need to use IsolatedStorage or treat the credentials as an embedded resource in your test assembly. I find the latter easier.
In order to keep your credentials out of GitHub you could add the credentials as an embedded resource file but then tell git to ignore it. Someone who downloaded your code wouldn't be able to build it until the provide said file but that is probably what you want anyways. A similar thing can be achieved with pre/post build events; copy the resource from a known location pre-build and then delete post build (make sure post build is set to always run).
You can use PasswordVault to store username & password for Windows Store apps (Windows 8.1). It can be seen control panel's credential manager.
Best practice for saving sensitive data in Windows 8
For WP8, there is no such thing, so it's better to store in isolated storage with some encryption.
I've written a simple console application in VS what users should retrieve from a website. In IE I'm able to download by right-click -> 'Save target as...', but a simple click on the link drops me the below error.
I've "googled" around and it seems there is no reliable way to force the download and skip the choice of direct running.
Is it possible that my app has some signature or security issues? How can I avoid this error?
*edit: It's just a standalone program, not an installer.
*edit2: Not a duplicate, it has to work on a static html page.
After removing ClickOnce manifest signature I don't get the error, and I can download it without any issues.
I need to allow my asp.net application to read and write from and to a folder.
Could you please help me to do so.
Regards,
Assuming your application pool is using the default identity (it probably is), then right click on the folder, select Properties, go to the Security tab, click Edit..., click Add..., in the object names field enter NETWORK SERVICE (also assuming IIS 6 or 7 here), click OK, in the permissions pane check Write, and click Apply.
That should do it.
It's two pronged, neither of which involves your code, and both assume you have access to server settings. You need to have appropriate permissions set on the folder in the file system as well as within the IIS web application.
I am trying to migrate an .hta application to a C# executable. Of course, since it's an .hta the code is all HTML and Jscript, with calls to local ActiveX objects.
I created a C# executable project and am just using the WebBrowser control to display the HTML content. Simply renamed the .hta to an .html and took out the HTA declarations.
Everything works great, except that when I make calls to the ActiveX objects, I get a security popup warning of running an ActiveX control on the page.
I understand why this is happening since the WebBrowser control is essentially IE and uses the Internet Options security settings, but is there any way to get the WebBrowser control to bypass security popups, or a way to register the executable or DLLs as being trusted without having to change settings in Internet Options? Even a way to do on a deployment package would work as well.
WebBrowser is an instance of Internet Explorer, and inherits security settings from IE.
One way could be to change the security settings defined in IE.
The other way could be to add a Custom Security Manager by implementing IInternetSecurityManager interface.
The WebBrowser Control or MSHTML hosts could create a security manager (by implementing the IInternetSecurityManager interface) that handles the URL actions and policies that are important to the host. Other URL actions and policies would be passed to the default security manager so it could handle them appropriately. The IInternetSecurityMgrSite interface would be used to handle Windows-related information from the component so that the customized security manager could handle any user interface it required. -