ClickOnce - Internet zone
I have developed an application which requires full trust but I am also interested to make a stripped-down version of it which will run in Internet zone (without elevating the permissions or adding the site to Trusted sites).
From what I have read, the UIPermission for this zone is SafeSubWindows - this means I am restricted to design the application as a control embbeded in a HTML page? If yes, how is it possible to run the application in offline mode (howcan be launched from the start menu without network connectivity if the application is displayed in the browser)? Or is the Internet zone is restricted to online mode only?
Thank you,
Valentin
Hmm...I am not sure if controls embedded in a browser will even work. If you are using the Web-browser control you application needs FullTrust.
With respect to UI, for Internet permission set, you are restreicted to SafeTopLevelWindows. Here is the doc from MSDN for SafeTopLevlel windows. If you need permission beyond SafeTopLevlelWindows, I am afraid, you need Permission elevation or Trusted Publisher for you ClickOnce applications.
Users can only use SafeTopLevelWindows and SafeSubWindows for drawing, and can only use user input events for the user interface within those top-level windows and subwindows.
When it runs under SafeTopLevelWindows permission, your application:
-
Will show the DNS name or IP address of the Web site from which the application was loaded in its title bar.
-
Will display Balloon tool-tip when it first displays, informing the user that it is running under a restricted trust level.
-
Must display its title bar at all times.
-
Must display window controls on its forms.
-
Cannot minimize its main window on startup.
-
Cannot move its windows off-screen.
-
Cannot use the Opacity property on Form to make its windows less than 50% transparent.
-
Must use only rectangular windows, and must include the window frame. Windows Forms will not honor setting FormBorderStyle to None.
-
Cannot make windows invisible. Any attempt by the application to set the Visible property on its Form objects to False will be ignored.
-
Must have an entry in the Task Bar.
-
Will have its controls prohibited from accessing the Parent property. By implication, controls will also be barred from accessing siblings - i.e., other controls at the same level of nesting.
-
Cannot control focus using the Focus method.
-
Will have restricted keyboard input access, so that a form or control can only access keyboard events for itself and its children.
-
Will have restricted mouse coordinate access, so that a form or control can only read mouse coordinates if the mouse is over its visible area.
-
Cannot set the TopMost property.
-
Cannot control the z-order of controls on the form using the BringToFront and SendToBack methods.
These restrictions help prevent potentially harmful code from spoofing attacks, such as imitating trusted system dialogs.
Thanks,
Sameer
