ClickOnce Application Security Settings

  • Article

The difference between the following two Security Settings in ClickOnce Application:
a> Selecting “This is a full trust application”
b> Selecting “This is a partial trust application” and choosing the all Permissions

clip_image001

Basically we would like to know the difference between a & b.  In other words, we would like to know the details on the colored area as listed below.

clip_image002

Please note that both are not the same. Full Trust (also known as Unrestricted) is different than just including everything.  https://msdn2.microsoft.com/en-us/library/8x61d3e3(VS.80).aspx

All permission sets are a subset of the FullTrust set (which doesn’t actually contain any permissions; it’s just a special permission set). Practically speaking this means that a demand for any permission at all when compared against the FullTrust set will succeed. If you simply select every permission, you’re not going to be a subset of any set that contains:

· Custom permissions that someone has written
· Identity permissions
· The FullTrust set itself

As an example of the last one, the System.Diagnostics.Process class will do a demand for FullTrust, which will only be successful against FullTrust code. Another different is in the execution environment between explicit FullTrust vs Internet+All permissions. In FullTrust case the EXE is launched directly, whereas in any partial trust or custom permission set case the app is run under AppLaunch.exe host process which causes some functionality to be disabled - e.g. regfree com, app update APIs.

If you select

a) (Full Trust application) then the application will be run directly by calling CreateProcess directly on the entrypoint exe. The application runs with full Code Access Security permissions (no different from any other native application running as the user) and in addition, has

1) access to its current working directory
2) support for registration-free COM
3) The ability to issue binding statements and safe mode declarations in the app’s config statement, allowing it to opt out of GAC servicing.
If you select

b) (Partial trust with all permissions) the app is not run directly via CreateProcess, but is instead hosted in a dedicated hosting process called applaunch.exe. In this case, you don’t get 1, 2 or 3 above.

Between these two, “Full Trust” is stronger execution permission for the above reasons.

 

Contributor: Soumitra Mondal