.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Return of the Rich Client: Code Access Security and Distribution Features in .NET Enhance Client-Sid

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

Rich clients employ many of the features and conveniences of the operating system they run on, and the list of these features has been growing since the dawn of the PC. But as apps have migrated to the Web, the trend towards increasing client-side functionality has ground to a virtual halt. There are several reasons for this; chief among them are security and deployment problems. But that's all about to change. With the .NET Framework, you can participate in building the distributable rich client of the future. In this article, the author enumerates the pertinent features of .NET that will allow you to build safe, easily deployable controls. The features discussed include managed code, code access security, versioning control, Windows Forms classes, and isolation.

Jason Clark

MSDN Magazine June 2002

View Complete Post

More Related Resource Links

TCP Error Code 10060 when attempting to access WCF Service hosted by WIndows Service from client run


Hello all,

We have a Framework 3.5 WCF Service which is in turn hosted in a Windows Service using Net.Tcp Binding. SvcUtil is used to generate the proxy which is used instead of a service reference in the client code. We are also using Tcp Port Sharing. The endpoint address is net.tcp://HostMachineName/MyServicePath. The service logs to the Event log and everything works perfectly on the same machine.

When attempting to run the client from a different machine we are getting TCP Error Code 10060 errors. Below is the error message:

System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://HostMachineName/MyServicePath. The connection attempt lasted for a time span of 00:00:20.8592415. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 111.22.333.444:808.  ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 111.22.333.444:808... The IP Address displayed was the correct IP Address for the HostComputerName.

Has anyone encountered this problem? Also, client specs say no config files, so anything that wo

Cutting Edge: Explore Rich Client Scripting With jQuery, Part 2


Achieving cross-browser compatibility for events is no easy task. The jQuery event handling API addresses the differences in event handling across browsers, allowing you to write more predictable JavaScript.

Dino Esposito

MSDN Magazine April 2009

Cutting Edge: Explore Rich Client Scripting With jQuery, Part 1


Thanks to selectors and function chaining, jQuery allows you to write compact, cross-browser code.

Dino Esposito

MSDN Magazine March 2009

Foundations: Adding Code Access Security to WCF, Part 2


This month's column continues the discussion around code access security in WCF and partially trusted services.

Juval Lowy

MSDN Magazine July 2008

Foundations: Code Access Security in WCF, Part 1


Here we discuss code-access security in Windows Communication Foundation (WCF) and present a solution for enabling partially trusted clients for WCF services.

Juval Lowy

MSDN Magazine April 2008

Are You in the Know?: Find Out What's New with Code Access Security in the .NET Framework 2.0


Unlike role-based security measures, code access security is not based on user identity. Instead, it is based on the identity of the code that is running, including information such as where the code came from. Here Mike Downen discusses the role of code access security (CAS) in .NET and outlines some key new features and changes in CAS for the .NET Framework 2.0.

Mike Downen

MSDN Magazine November 2005

SQL and Outlook: Enable Database Access and Updates Through Exchange and Any E-mail Client


Using Microsoft technologies, you can insert, edit, query, and delete database entries using any e-mail client such as Hotmail, Outlook, Yahoo, or even WAP phone. While e-mail is certainly a powerful and widely used tool, it is usually not integrated with an application for performing any tasks other than sending reminders. The application scenario described here, an e-mail-based SQL update program, uses a simple data model; however, this solution will apply to any data model that you are working with. It will also eliminate the need for complex n-tier Internet applications and serves as a low maintenance solution for providing data access.

Alok Mehta and Daniel Williams

MSDN Magazine January 2002

C# and the Web: Writing a Web Client Application with Managed Code in the Microsoft .NET Framework


When the author wanted to build a middleware Web client to connect to other applications over the Internet, he realized that the XMLHttpRequest COM object was not sufficient for his purposes. In order to build a Web client using managed code, the author had to use the HTTPWebRequest and HTTPWebResponse classes provided by the Microsoft .NET framework. These classes are used in the sample project as a substitute for the less powerful XMLHttpRequest COM object, allowing the author to build a full-featured Web client. They also take advantage of all the benefits that the CLR and managed code have to offer.

Avi Ben-Menahem

MSDN Magazine September 2001

Security in .NET: Enforce Code Access Rights with the Common Language Runtime


Component-based software is vulnerable to attack. Large numbers of DLLs that are not tightly controlled are at the heart of the problem. Code access security in the Common Language Runtime of the Microsoft .NET Framework addresses this common security hole. In this model, the CLR acts as the traffic cop to assemblies, keeping track of where they came from and what security restraints should be placed on them. Another way the .NET Framework addresses security is by providing preexisting classes which have built-in security. These are the classes that are invoked in .NET when performing risky operations such as reading and writing files, displaying dialog boxes, and so on. Of course, if a component calls unmanaged code, it can bypass code access security measures. This article covers these and other security issues.

Keith Brown

MSDN Magazine February 2001

Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr


This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000

Usage of Client Access Policy and crossdomain xml for sharepoint 2010>?


Hi Folks,

1.What is Clientaccesspolicy.xml in sharepoint ?

2.What is Crossdomain.xml ?

What is usage of wcf service deploy in sharepoint 2010?

Kindly give me some valuable comments ?


Thank you


Immanuel c


Sharepoint site client access denied


I have an sharepoint application which was working fine.

I encountered a license expired message in sql server enterprise evaluation 2008 version after which i changed the date to 2 months earlier date, I have also changed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\100\ConfigurationState to 3 after which sql server started working but the issue is that the clients are unable to access the sharepoint site completely. On providing the url the web site requests for logon information and then access is denied. The same url with the same authentication credentials is accessible from the server and the entire application works fine from the server. 

From the  client the below error page appears.

You are not authorized to view this page

You do not have permission to view this directory or page using the credentials that you supplied.

Please try the following:

  • Contact the Web site administrator if you believe you should be able to view this directory or page.
  • Click the Refresh button to try again with different credentials.

HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS)


Video: The Access Show: Client Performance Improvements against SharePoint Lists

Today's guest is DJ Cole, architect and primary developer of SharePoint connectivity performance improvements on the Access development team. DJ dropped by to talk about how Access 2010 connects to SharePoint, and to discuss the work necessary for improving client-side performance. (Length: 13:05)

Administrator and Developer Guide to Code Access Security in SharePoint Server 2007

Explore configuration options, get best practices for managing CAS in SharePoint environments, and walk through a complex CAS scenario.

Sign outgoing body from client with custom endpoing behavior defined in code

I'm trying to sign (and sign only) the body of every outgoing message that uses this custom endpoint behavior.  When I first created this it was for signing a custom SOAP header.  We are moving away from that and going to just sign the body.  We have some applications that have 10+ web service references.  We don't want to touch the reference.cs for anything.  Below is the code I had before for signing the custom soap header.  I'm trying to modify it to just sign the body.  My modified code is below, and the error I get. Private Class CustomHeaderBehavior Implements ServiceModel.Description.IEndpointBehavior Public Sub New() End Sub Private Sub AddBindingParameters( _ ByVal endpoint As ServiceModel.Description.ServiceEndpoint, _ ByVal bindingParameters As ServiceModel.Channels.BindingParameterCollection) _ Implements ServiceModel.Description.IEndpointBehavior.AddBindingParameters Dim body As New Xml.XmlQualifiedName("Body", "http://schemas.xmlsoap.org/soap/envelope/") Dim BodyMsgPartSpec As New ServiceModel.Security.MessagePartSpecification() BodyMsgPartSpec.IsBodyIncluded = True Dim requirements As ServiceModel.Security.ChannelProtectionRequirements = bindingParameters.Remove(Of ServiceModel.Security.ChannelProtectionRequirements)() requirements

Getting client information from X.509 certificate in C# code

I have a WCF service which accepts X.509 certificate signed incoming messages. As per my understanding the client will send the message with signature encrypted using his private key and web services will decrypt the signature with client's public key. This ensures that the sender of the message is holder of the private key and that he is certified by the server trusted CA as "He is what he claims to be". It's being a highly secure application I need to give access to only certain clients regardless of whether they are trusted or not. (This is to take care of good turned bad scenario :-)) How do I achieve this? Is there any way to get the client information as subject name etc from his certificate in C# code? Is there any example of this usage? Thanks in advance,Jeet.    
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend