© 2004 Microsoft Corporation. All rights reserved.

Figure 3 Files Requested When Surfing to Wahoo.exe Request # GET Request 1 /wahoo/wahoo.exe 2 /wahoo/wahoo.exe.config 3 /wahoo/WahooControl.DLL 4 /wahoo/en-US/Wahoo.resources.DLL 5 /wahoo/en-US/Wahoo.resources/Wahoo.resources.DLL 6 /wahoo/bin/en-US/Wahoo.resources.DLL 7 /wahoo/bin/en-US/Wahoo.resources/Wahoo.resources.DLL 8 /wahoo/en-US/Wahoo.resources.EXE 9 /wahoo/en-US/Wahoo.resources/Wahoo.resources.EXE 10 /wahoo/bin/en-US/Wahoo.resources.EXE 11 /wahoo/bin/en-US/Wahoo.resources/Wahoo.resources.EXE 12 /wahoo/en/Wahoo.resources.DLL 13 /wahoo/en/Wahoo.resources/Wahoo.resources.DLL 14 /wahoo/bin/en/Wahoo.resources.DLL 15 /wahoo/bin/en/Wahoo.resources/Wahoo.resources.DLL 16 /wahoo/en/Wahoo.resources.EXE 17 /wahoo/en/Wahoo.resources/Wahoo.resources.EXE 18 /wahoo/bin/en/Wahoo.resources.EXE 19 /wahoo/bin/en/Wahoo.resources/Wahoo.resources.EXE 20 /wahoo/en-US/Wahoo.resources.DLL 21 /wahoo/en-US/Wahoo.resources/Wahoo.resources.DLL 22 /wahoo/bin/en-US/Wahoo.resources.DLL 23 /wahoo/bin/en-US/Wahoo.resources/Wahoo.resources.DLL 24 /wahoo/en-US/Wahoo.resources.EXE 25 /wahoo/en-US/Wahoo.resources/Wahoo.resources.EXE 26 /wahoo/bin/en-US/Wahoo.resources.EXE 27 /wahoo/bin/en-US/Wahoo.resources/Wahoo.resources.EXE 28 /wahoo/en/Wahoo.resources.DLL 29 /wahoo/en/Wahoo.resources/Wahoo.resources.DLL 30 /wahoo/bin/en/Wahoo.resources.DLL 31 /wahoo/bin/en/Wahoo.resources/Wahoo.resources.DLL 32 /wahoo/en/Wahoo.resources.EXE 33 /wahoo/en/Wahoo.resources/Wahoo.resources.EXE 34 /wahoo/bin/en/Wahoo.resources.EXE 35 /wahoo/bin/en/Wahoo.resources/Wahoo.resources.EXE Figure 4 Intranet and Internet CAS Permissions Permission Level LocalIntranet Internet FileDialog Unrestricted Yes No FileDialog Access=Open Yes Yes IsolatedStorageFile Allow=AssemblyIsolationByUser Yes No IsolatedStorageFile Allow=DomainIsolationByUser Yes Yes Printing Level=DefaultPrinting Yes No Printing Level=SafePrinting Yes Yes Reflection Flags=ReflectionEmit Yes No Security Flags=Assertion Yes No Security Flags=Execution Yes Yes UI Unrestricted Yes No UI Clipboard=OwnClipboard Yes Yes UI Window=SafeSubWindows Yes Yes UI Window=SafeTopLevelWindows Yes Yes Web Connect=http to originating site Yes Yes Web Connect=https to originating site Yes Yes Figure 5 Determining an Assemby's Zone Path Example Zone Local file c:\ foo\foo.exe MyComputer UNC name or non-dotted site URL \\server\foo\foo.exe or https://server/foo/foo.exe or https://localhost/foo/foo.exe or z:\foo\foo.exe if z is mapped to a network share LocalIntranet All numeric IP address or dotted site URL https://1115768663/foo/foo.exe or https://www.sellsbrothers.com/foo/foo.exe or https://127.0.0.1/foo/foo.exe Internet Figure 6 Isolated Storage private IsolatedStorageFileStream CreateSettingsStream() { IsolatedStorageFile store = IsolatedStorageFile.GetUserStoreForDomain(); return new IsolatedStorageFileStream("settings.txt", FileMode.Create, store); } private IsolatedStorageFileStream OpenSettingsStream() { IsolatedStorageFile store = IsolatedStorageFile.GetUserStoreForDomain(); return new IsolatedStorageFileStream("settings.txt", FileMode.Open, store); } Figure 7 Saving Settings private void LoadSettings() { try { using( Stream stream = OpenSettingsStream() ) using( StreamReader reader = new StreamReader(stream) ) { Location = (Point)ReadSetting(reader, typeof(Point)); ClientSize = (Size)ReadSetting(reader, typeof(Size)); } } catch { // If there's nothing to read, // put the form in the center of the screen StartPosition = FormStartPosition.CenterScreen; } } private void SaveSettings() { // Restore so we don't store a zero size or location WindowState = FormWindowState.Normal; // Save the window location using( Stream stream = CreateSettingsStream() ) using( StreamWriter writer = new StreamWriter(stream) ) { WriteSetting(writer, Location); WriteSetting(writer, ClientSize); } } Figure 8 Type Conversions private object ReadSetting(StreamReader reader, Type type) { TypeConverter converter = TypeDescriptor.GetConverter(type); return converter.ConvertFromString(reader.ReadLine()); } private void WriteSetting(StreamWriter writer, object obj) { Type type = obj.GetType(); TypeConverter converter = TypeDescriptor.GetConverter(type); writer.WriteLine(converter.ConvertToString(obj)); } Figure 9 Talking to a Web Service WahooScoresService GetService() { WahooScoresService service = new WahooScoresService(); try { string appbase = AppDomain.CurrentDomain.BaseDirectory; // Set URL to server where this came from string site = System.Security.Policy.Site.CreateFromUrl(appbase).Name; service.Url = service.Url.Replace("//localhost/", "//" + site + "/"); } catch( ArgumentException ) { } return service; } void GetHighScores() { // Get scores WahooScoresService service = GetService(); WahooScore[] scores = service.GetScores(); // Show high scores... } Figure 10 Dialog Restrictions SaveFileDialog dlg = new SaveFileDialog(); dlg.DefaultExt = ".txt"; dlg.Filter = "Text Files (*.txt)|*.txt|All files (*.*)|*.*"; // NOTE: Not allowed unless we have FileIOPermission //dlg.AddExtension = true; //dlg.FileName = "somefile.txt"; if( dlg.ShowDialog() == DialogResult.OK ) { // NOTE: Not allowed to call dlg.FileName using( Stream stream = dlg.OpenFile() ) using( StreamWriter writer = new StreamWriter(stream) ) { writer.Write("..."); } } Figure 11 Check Permission // Check permission helper bool HavePermission(IPermission perm) { try { perm.Demand(); } catch( SecurityException ) { return false; } return true; } void SaveHighScore(string name, int score) { IPermission perm = new FileDialogPermission(FileDialogPermissionAccess.Save); if( !HavePermission(perm) ) { MessageBox.Show("Doh!"); return; } ••• } Figure 12 IEExec Usage: ieexec.exe url flags [securityZone] [domainId] url Assembly to launch, e.g. https://localhost/foo.exe flags Flags to control execution. Values that can be added together are: 0: no flags 1: create evidence for the zone 2: create evidence for the site securityZone If evidenceFlags != 0, sets the security zone. Values can be {0, 1, 2, 3} for {MyComputer, Intranet, Trusted, Internet} domainId If evidenceFlags != 0, unused hex-encoded bytes. Use 00.