Manifest Files & VS2005

Hi All,

I originally sent this to the dotnet.security ng, but no repsonse in 5 days.
Hopefully, someone here can explain to me what's going on.
I'm fairly new to .NET app security and manifests. I'm working with a test
app: "MyApp.exe".

Couple Q's:

1) When I turn on the security project setting in VS2005 for "Enable
ClickOnce Security Settings" and then choose; " This is a full trust
application" (I realize normally we should not do that), when I compile the
app, it produces "MyApp.exe.manifest" & "MyApp.application" files. When I
look in the "Properties" folder in the Solution Explorer I can also see it
has an app.manifest file whose BuildAction is set to Embedded Resource. I'm
confused - if the manifest file is embedded into the assembly, why are the
two files mentioned above produced?

2) Also, if this were a releasing application for distribution, do I need to
include thiese 2 files with the distro if the manifest is really embedded?

3) If I choose "This is a partial trust application" and then include some
special permissions, ILDASM seems to show the exactly the same mainfest
information as when it's a full trust app. That said, the app.manifest file
shown in the VS2005 Solution Explorer appears to record the permission
changes, but I can't find them in ILDASM. What's going on here? Please
educate me.

TIA,


--
John C. Bowman
Software Engineer II
Thermo Fisher Scientific
<Remove this before reply> john.bowman@xxxxxxxxxxxxxxxx


WORLDWIDE CONFIDENTIALITY NOTE: Dissemination, distribution or copying of
this e-mail or the information herein by anyone other than the intended
recipient, or an employee or agent of a system responsible for delivering
the message to the intended recipient, is prohibited. If you are not the
intended recipient, please inform the sender and delete all copies.


.

Relevant Pages

  • Re: Manifest Files & VS2005
    ... I'm fairly new to .NET app security and manifests. ... confused - if the manifest file is embedded into the assembly, ... If I choose "This is a partial trust application" and then include some ... Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee or agent of a system responsible for delivering the message to the intended recipient, is prohibited. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Least User Priviledges for Network Administrators
    ... Trust how? ... Do we trust them to maintain network equipment? ... Do we trust them to observe proper security practices on the desktop, ... Training users that need administrator access to logon as a regular ...
    (microsoft.public.windowsxp.security_admin)
  • Re: That Old Anthrax Case
    ... trust anything that comes from the federal government anymore. ... to do with the anthrax mailings and sued the FBI, ... Apparantly security is rather lax and there are ... contractors who don't use such documentation. ...
    (soc.retirement)
  • (Asp.Net Full Trust Vulnerabilities) RE: Apache VS IIS Security model question
    ... If the code is running with full trust it can call RevertToSelfand change ... last year at OWASP (Open Web Application Security Project), ... > Ethical Hacking at the InfoSec Institute. ... > learn to write exploits and attack security infrastructure. ...
    (Pen-Test)
  • Re: (Asp.Net Full Trust Vulnerabilities) RE: Apache VS IIS Security model question
    ... However I am still unsure how an ASP.NET application, running in Full Trust, ... Each client of the server (say, each department of a company, or each ... Each website is placed into its own custom application pool ... Subject: RE: Apache VS IIS Security ...
    (Pen-Test)