Setting Security for .NET Application Deployment by edlukens

Last Update: 11.02.2005

You’ve worked for months and months on your C# application and it has passed testing now is ready for deployment. You get everything through the appropriate administrators and the application is finally installed on the main applications server. You go to your client machine and click on the icon and your thrills plummet as you see it does not work. What happened? It worked fine in testing?

The problem may be in the security settings for the application. There are many different security configurations in .NET and how you set your configuration depends on the application and the specific requirements of the project. We will not discuss all possible scenarios in this document — only how to get a basic .exe program running after deployment.

Here is the scenario: 

As mentioned before, you have completed all coding and testing on your .NET application and are finally ready to deploy. The target deployment area is a Windows Server or it could even be your own PC. Everything is installed okay, you go to run the application and are presented with the following exception tombstone:

Figure 1

This message is an indicator that the .NET zone security is not set up to “trust” your application. It will not run no matter what you do. This article will describe two methods that you can use to set the .NET framework security properly in order to run your application programs.

The Manual Method

You can adjust .NET Framework security by opening the Windows administrative applications window to do just that. The first way and probably the simplest is to go to the run command window by pressing Start and Run from the Windows desktop control bar. Type in the following command (substitute C:WINNT for the Windows directory on your machine).

C:WINNTMicrosoft.NETFrameworkv1.1.4322ConfigWizards.exe

As soon as running this command, you are presented with a menu as shown in figure 2. At this point, you want to select the “Adjust .NET Security” icon.


Figure 2

Another window will display after selecting the Adjust .NET Security icon with choices to either make changes to your computer or make changes for the current user only. In our example, we will make changes to our current computer. Note that the “Trust an Assembly” icon will adjust security at the application level only. 

Here is what you want to do if you need your .exe application to run on your computer. Just click the “My Computer” icon and pull the slider to the top at “Full Trust” (Figure 3). Try out your program and see if it will run now. If you are trying to run an application where the .exe is located on an internal server on your local intranet then select that icon and do the same: set to “Full Trust.” You are telling the .NET Framework that all .NET applications on your PC and your local intranet can be trusted and to let them run.

Figure 3

The Automated Method

Setting .NET framework security manually is fine for simple operations but this would be a nightmare trying to do it enterprise-wide. Fortunately, there is a way to create a Windows installer file (.msi) that can be run on the various clients that will need to access your application. Take these steps to create this .msi file:

Click on your start menu and select Settings, Control Panel, Administrative Tools, Microsoft .NET Framework 1.1 Configuration.

Or, you can run it from the Run window or Dos command window by typing in the command (once again, substitute  C:WINNT with your Windows directory):

C:WINNTMicrosoft.NETFrameworkv1.1.4322mscorcfg.msc

Figure 4

Next, we want to click on the “Runtime Security” node on the explorer tree at the left of the main window. Another screen will appear and we then will select the “Adjust Zone Security” Link. This link opens the same window as in figure 3. Follow the same basic procedure for setting security in the zones as you did in the manual procedure section of this document. 

Where the automatic method is different is that you can actually create a .msi installer package that can be deployed to all of your network’s computers. After setting the zone security, you want to return to the page in Figure 4 and click on the “Create Deployment Package” link.

The first screen from the Deployment Package Wizard (Figure 5) asks if we want to deploy our security package at the Enterprise, Machine, or User level. For our example here, we will deploy at the Machine level just as we did in the manual process. Of course we have to select a target location for the .msi installer file and we will name it Mach.msi.


Figure 5

The next window will present you with a “Finish” button to go and complete the deployment package. To implement, go to the folder where you stored Mach.msi and double-click on its icon. I found that you will not see any messages whatsoever — it just runs. The only way I have found to verify that the changes were implemented is by looking at the zone settings via the manual method described in the first section.

Caveat

Sometimes, even after setting security, we have found that it gets reset to defaults after installing the application. It is not obvious as to why.

Summary

You should be ready to run your .NET application located on your local PC or on one of your network servers. There are many more options to explore in the .NET framework security and we only covered the basics here. However, by following these instructions you should be able to get most your applications off the ground.

Go set it up and try it for yourself.