Microsoft KB Archive/837909

= How to configure .NET Framework security settings and how to deploy a .NET Framework application =

Article ID: 837909

Article Last Modified on 5/18/2007

-

APPLIES TO


 * Microsoft .NET Framework 1.1
 * Microsoft .NET Framework 1.0

-





SUMMARY
To configure security settings and to deploy a Microsoft .NET Framework application on a remote computer, follow these steps:

 

On the local computer, create a .NET Framework application.

 

Configure the security settings for your .NET Framework application by using the Code Access Security Policy tool (Caspol.exe) on the remote computer.

 

Deploy your .NET Framework application on the remote computer.





IN THIS TASK

 * INTRODUCTION
 * Create a Console Application project in Visual Basic .NET
 * Configure the security policy settings on the remote computer
 * Deploy the application on the remote computer
 * REFERENCES



INTRODUCTION
This step-by-step article describes how to configure the runtime security policies of .NET Framework applications so that these applications can be accessed from a remote computer.

back to the top

Create a Console Application project in Visual Basic .NET
 On the local computer, start Microsoft Visual Studio .NET. On the File menu, point to New, and then click Project. The New Project dialog box appears.</li> Under Project Types, click Visual Basic Projects.</li> Under Templates, click Console Application. In the Location box, type C:\, and then click OK. By default, a project that is named ConsoleApplication1 and a module file that is named Module1.vb are created.

Note Notice that a folder that is named ConsoleApplication1 is created on drive C on your computer.</li>  In the Module1.vb file, replace the existing code with the following code: Module Module1 Sub Main Console.WriteLine(&quot;Starting test...&quot;) Console.Read End sub End Module </li> On the Build menu, click Build Solution.</li> Start Windows Explorer. Locate the ConsoleApplication1 folder on drive C on your computer. Double-click the ConsoleApplication1 folder. Notice that the ConsoleApplication1 folder contains a folder that is named Bin.</li> Share the Bin folder.</li></ol>

back to the top

Configure the security policy settings on the remote computer
When you try to access a .NET Framework application from a remote computer, you may receive a System.SecurityException exception error message or a security warning message.

To make your .NET Framework application fully trusted, you can use the Code Access Security Policy tool (Caspol.exe). To do this, follow these steps: <ol> Click Start, and then point to Programs.</li> Do one of the following, depending on the version of Visual Studio .NET that you have:  If you are using Visual Studio .NET 2003, point to Microsoft Visual Studio .NET 2003, point to Visual Studio .NET Tools, and then click Visual Studio .NET 2003 Command Prompt. The Visual Studio .NET 2003 Command Prompt window opens.</li> If you are using Visual Studio .NET 2002, point to Microsoft Visual Studio .NET, point to Visual Studio .NET Tools, and then click Visual Studio .NET Command Prompt. The Visual Studio .NET Command Prompt window opens.</li></ul> </li> Do one of the following, depending on the version of Visual Studio .NET that you have:  If you are using Visual Studio .NET 2003, run the following command at the Visual Studio .NET 2003 Command Prompt:

caspol -m -ag 1 -url file://\\\ \bin\* FullTrust

</li> If you are using Visual Studio .NET 2002, run the following command at the Visual Studio .NET Command Prompt:

caspol -m -ag 1 -url file://\\\ \bin\* FullTrust

</li></ul>

Note In this command,  is a placeholder for the name or for the IP address of the local computer where you created your .NET Framework application in the &quot;Create a console application in Visual Basic .NET&quot; section.</li></ol>

Note The security policy settings for the Microsoft .NET Framework 1.1 and for the Microsoft .NET Framework 1.0 are independent of each other.

back to the top

Deploy the application on the remote computer
On the remote computer, you can deploy the compiled application by using one of the following methods:
 * Map a network drive, and then deploy the application.
 * Deploy the application by using a .NET deployment package.
 * Deploy the application by using no-touch deployment.

Map a network drive, and then deploy the application
For more information about how to deploy the application by mapping a network drive, click the following article number to view the article in the Microsoft Knowledge Base:

832742 How to deploy a .NET Framework application to run from a network location

Deploy the application by using a .NET deployment package
The Microsoft .NET Framework is included with a graphical user interface (GUI) configuration tool that you must use to make security policy changes. This tool also contains a wizard that helps you create a self-contained Microsoft Windows Installer package (.msi) file out of a security policy level. The security policy is administered through settings at the following three policy levels:
 * The enterprise policy level

The enterprise policy level maps to the policy level that has been defined for the whole enterprise network.
 * The machine policy level

The machine policy level defines the permissions that apply to a specific computer.
 * The user policy level

The user policy level defines the permissions that apply to the logged on user.

For more information about how to deploy the application by using a .NET deployment package, click the following article number to view the article in the Microsoft Knowledge Base:

815173 How to build and deploy a .NET security policy deployment package

Deploy the application by using no-touch deployment
The main advantage of using no-touch deployment is that the application can be run and can be deployed without always providing the user name and the password.

To deploy a .NET Framework application by using the no-touch deployment method, follow these steps: <ol> Create a user account that has the same user name and the same password on both the local computer and the remote computer. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Right-click My Computer, and then click Manage.</li> <li>Expand Local Users and Groups, and then right-click Users.</li> <li>Click New User. The New User dialog box appears.</li> <li>In the following boxes, type the information that you want to use for the new user account: <ul> <li>User name</li> <li>Full name</li> <li>Description</li> <li>Password</li> <li>Confirm password</li></ul> </li> <li>Click to clear the User cannot change password check box.</li> <li>Click to select the Password never expires check box.</li> <li>Click Create.</li></ol> </li> <li>On the local computer, grant permissions for the application folder that contains the application that you created in the &quot;Create a Console Application project in Visual Basic .NET&quot; section. To do this, follow these steps on the local computer: <ol style="list-style-type: lower-alpha;"> <li>Start Windows Explorer.</li> <li>Locate the ConsoleApplication1 folder on drive C on your computer.</li> <li>Double-click the ConsoleApplication1 folder, and right-click the bin folder, and then click Properties. The bin Properties dialog box appears.</li> <li>Click the Sharing tab.</li> <li>On the Sharing tab, make sure that the Share this folder option is selected.</li> <li>Click Permissions. The Permissions for bin dialog box appears.</li> <li>Click the Share Permissions tab.</li> <li>On the Share Permissions tab, click Add. The Select Users, Computers, or Groups dialog box appears.</li> <li>Enter the user account that you created in step 1, and then click OK.</li> <li>In the Permissions section, click to select the Full Control check box under Allow, and then click OK.

Note If the file system on your computer is FAT32, go to step 3.</li> <li>On the Security tab of bin Properties dialog box, click Add. The Select Users, Computers, or Groups dialog box appears.</li> <li>Repeat steps j and k.</li></ol> </li> <li>On the remote computer, open the folder that contains your application. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, and then click Run.</li> <li>In the Open box, type the following:

\\

Note In this command,  is a placeholder for the name or the IP address of the local computer where you created your .NET Framework application in the &quot;Create a Console Application project in Visual Basic .NET&quot; section.</li> <li>Click OK. You receive a message to provide credentials.</li> <li>Provide the user name and the password that you created in step 1.</li></ol> </li> <li>Click Start, and then click Run.</li> <li>In the Open box, type inetmgr, and then click OK. The following behavior occurs, depending on the operating system that you have: <ul> <li>On Windows Server 2003, the Internet Information Services (IIS) Manager window appears.</li> <li>On Windows 2000 Server and on Windows XP, the Internet Information Services window appears.</li></ul> </li> <li>In the window that appears in step 5, expand your server.</li> <li>Do one of the following, depending on the operating system that you have: <ul> <li>On Windows 2000 Server, right-click Default Web Site, and then click New Virtual Directory. The Virtual Directory Creation Wizard appears.</li> <li>On Windows Server 2003 and on Windows XP, expand Web Sites, right-click Default Web Site, and then click New Virtual Directory. The Virtual Directory Creation Wizard appears.</li></ul> </li> <li>Click Next.</li> <li>In the Alias box, type TestApp, and then click Next.</li> <li>In the Directory box, type \\ \bin, and then click Next.</li> <li>Provide the user name and the password that you created in step 1, and then click Next.</li> <li>In the Confirm Password dialog box, type your password in the Please re-enter the password to confirm box, and then click OK.</li> <li>Click Next, and then click Finish to close the wizard. Notice that a virtual directory that is named TestApp is created under Default Web Site in Microsoft Internet Information Services (IIS).</li> <li>Click the TestApp virtual directory. In the right pane, notice the ConsoleApplication1.exe file on the Name tab.</li> <li>Right-click ConsoleApplication1.exe, and then click Browse. Notice that the application runs successfully.</li></ol>

back to the top

<div class="references_section">