Properties for .NET Windows Forms Application: Security tab
Description
If you want to deploy an application to the Windows Vista
operating system that meets the certification requirements of the
Windows Vista Logo program, you must follow User Account Control
(UAC) guidelines. The executable file must have an embedded manifest
that defines the execution level and specifies whether access to
the user interface of another window is required. The Vista Application
Information Service (AIS) checks the manifest file to determine the
privileges with which to launch the process. Use this page to specify
those properties.
Options
Generate options
Select Embedded manifest if your application needs to be certified
for Vista. You can also select External manifest to generate a standalone
manifest file in XML format that you ship with your application’s executable
file, or No manifest if you do not need to distribute a manifest
file.
If you select Embedded manifest, you must have the .NET
2.0 SDK installed on your system, because the process that embeds
the manifest in the executable file uses the mt.exe tool that is
distributed with the SDK.
Execution level
Select As Invoker if the application does not need elevated or
administrative privileges. Selecting a different execution level
will probably require that you modify your application to isolate
administrative features in a separate process to receive Vista certification.
Select Require Administrator if the application process must
be created by a member of the Administrators group. If the user
did not start the process as an administrator, a message box displays
so that the user can enter the appropriate credentials.
Select Highest Available to have the AIS retrieve the highest
available access privileges for the user who started the process.
Allow access to protected system UI
Select if the application needs to drive input to higher privilege
windows on the desktop, such as an on-screen keyboard. Microsoft
provides this setting for user interface Assistive Technology (Section
508) applications.
If you check this box, the application must be Authenticode
signed and must reside in a protected location, such as Program
Files or windowssystem32.
Specify the security setting for testing, debugging,
and publishing
Select the Full trust radio button if you do not want to use
a sandbox for your Windows Forms applications. Select the Local
Intranet Trust, Internet Trust, or Custom radio buttons if you want
to configure sandbox permissions.
For smart client applications, the permission information
is stored in the manifest file that you deploy with your application.
For standard Windows Forms applications, the permissions you set
apply only when you run or debug the applications from the PowerBuilder
IDE. When a user starts a deployed Windows Forms application from
a file explorer or by entering a UNC address, the security policies
set by the user’s system are applied and the permission settings
you define at design time are ignored.
Permission setting list box
When you select the Local Intranet Trust, Internet Trust,
or Custom radio buttons, you can change the permission types you
want to set for your Windows Forms applications. You select a permission by
checking its box in the Setting column. The list of permissions
that display in the Security tab list box is the same as the list
in the .NET Framework Configuration tool that you open from the
Administrative Tools folder in the Control Panel for your computer.
Detail button
This button is enabled when you select the Local Intranet Trust,
Internet Trust, or Custom options and choose a selected permission
from the permission setting list box. Click the Detail button to
see a Custom Permission dialog box with the custom permission setting
displayed as it will be generated in the Web.config file (in XML
style).
Reset button
Resets to the default permissions for the currently specified Local
Intranet Trust, Internet Trust, or Custom permissions settings option.
See also
-
Security Settings in Deploying
Applications to .NET