什么可以阻止用户下载嵌入在网页中的.NET程序集? [英] What could prevent a user from downloading a .NET assembly embedded in a web page?
问题描述
我有一个.NET程序集(ScanControl.dll),它访问客户端本地计算机上的扫描程序并允许它们扫描页面(Scan())。
我有一个ASP.NET Web应用程序,其页面将(理论上)使用此控件允许用户将页面扫描到我的数据库(Scan.aspx)。
我将控件作为对象提供给页面,如下所示:
I have a .NET assembly (ScanControl.dll), which accesses a scanner on my client''s local machine and allows them to scan a page (Scan()).
I have an ASP.NET web application with a page which will (theoretically) use this control to allow a user to scan a page into my database (Scan.aspx).
I serve the control as an object on the page, like so:
推荐答案
我可以想到一些我认为的原因:
- .NET framewo rk拥有自己的一组安全设置,可以在管理员工具下找到。可能有一个限制你的设置。
- 据我所知,FF不会*执行* activeX对象,所以你可能会被阻止。
- IE我认为它自己的安全区域默认不下载activeX内容或执行任何其他脚本。我认为IE的新版本也只有.NET对象的设置。有什么可能阻止你吗?
I can think of a few reasons I think:
- The .NET framework has it''s own set of security settings which can be found under administrator tools. There could be a setting in there restricting you.
- As I understand it FF doesn''t *do* activeX objects, so you could be getting blocked there.
- IE I think has defaults in it''s own security zone to not download activeX content or do any other scripting. I think newer versions of IE also have settings just for .NET objects. Something there could be blocking you?
我能想到我认为的几个原因:
- .NET框架拥有自己的一组安全设置,可以在管理员工具下找到。可能有一个限制你的设置。
- 据我所知,FF不会*执行* activeX对象,所以你可能会被阻止。
- IE我认为它自己的安全区域默认不下载activeX内容或执行任何其他脚本。我认为IE的新版本也只有.NET对象的设置。有什么东西可以阻挡你吗?
Plater,谢谢你的回复。我知道.NET Framework安全设置,所以我有一个MSI,它推广到每个客户端机器。 MSI在运行时会在该计算机上设置.NET安全设置,以允许我的特定签名程序集在完全信任下运行,因此这不应该是一个问题。
客户端机器只有IE,从不使用Firefox或任何其他浏览器,所以这不是问题。
在IE安全方面,我们尝试过放置网站进入可信站点区域,我们已经在安全下手动设置了适用的设置。到启用,但这没有帮助。当然,这是我期望看到问题的地方,因为IE可以对下载的内容进行特定控制。 .NET Framework安全设置更多地与本地计算机上的RUN有关,而不是可以下载的内容。
IE中我特别感兴趣的设置是:.NET Framework和.NET Framework-reliant components。该对象不是ActiveX控件,因此ActiveX设置不应对此问题产生任何影响(它是.NET程序集)。
再次感谢您的帮助。如果我说的话我错了,请纠正我。组策略或某种网络安全策略怎么样?域上是否有可能阻止客户端通过Web下载对象?
Plater, thanks for your reply. I am aware of the .NET Framework security settings, so I have an MSI which is rolled out to each client machine. The MSI, when run, sets up the .NET security settings on that machine to allow my particular signed assembly to run under "Full Trust", so that shouldn''t be a problem.
The client machines only have IE, never Firefox or any other browser, so that''s not an issue.
In terms of IE security, we have tried putting the website into the "Trusted Sites" zone, and we''ve manually set the applicable settings under "Security" to "Enable", but this doesn''t help. Granted, this is where I would expect to see the issue, as IE would have specific control over what is downloaded. The .NET Framework security settings are more to do with what can be RUN on the local machine, rather than what can be downloaded.
The settings in IE that I note with particular interest are: ".NET Framework" and ".NET Framework-reliant components". The object is not an ActiveX control, so the ActiveX settings should not have any affect on this problem (it''s a .NET assembly).
Thanks again for your help. Please correct me if I am wrong in anything I''ve said. What about Group Policy or some kind of network security policy? Is it possible there is something on the domain that could stop clients downloading the object via the web?
我认为*必须下载的.NET对象仍属于activex限制"设置,即使他们没有使用传统的COM方法创建。
我不确定,当我尝试使用它们时,.NET程序集总是有点时髦。我不得不在程序集发生变化时随时刷新全局缓存。
Well I *think* .NET objects that have to be downloaded still fall under "activex restriction" settings, even though they don''t use traditional COM methods of being created.
I am not sure though, the .NET assemblies were always a little funky when I tried to use them. I kept having to flush my global cache anytime there was change to the assembly.
这篇关于什么可以阻止用户下载嵌入在网页中的.NET程序集?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
