The first phase of implementing Full-Trust is to ensure that your WPF-UserControl-Class-Library is deployed to the GAC (Global Assembly Cache). All assemblies in the GAC run with “Full Trust” and must be signed with a “Strong Name”.
· The GAC is used by Windows to manage and cache “common and shared” assemblies. It can be found within the windows managed system folder [%windir%\assembly]. More information on the GAC can be found here [http://en.wikipedia.org/wiki/Global_Assembly_Cache]
· A “Strong Name” is a key that is used to sign the assembly to ensure that it is not subject to misuse. See the following article for more information: [http://support.microsoft.com/kb/302340]
Assemblies can be assigned a cryptographic signature called a strong name, which provides name uniqueness for the assembly and prevents anyone from taking over the name of your assembly (“name spoofing”).
|
Normally, when you deploy your assemblyto the AOS (from Visual Studio) the DLL file (and any symbols files) are copied to specific Dynamics server and client locations (these are the folders that are immediately presented when adding the assembly reference to the AOT). During client installation or deployment, this assembly should be deployed to the default Dynamics client folder [C:\Program Files (x86)\Microsoft Dynamics AX\60\Client\Bin].
Your WPF UserControl will work just fine in this arrangement because the Dynamics-windows-rich-client is a “locally-installed” application and runs under “Full Trust” (by default) and resolves the assembly location easily (same folder as the executable).
We now need to depart from this model and get this assembly into the GAC. The reasons being are that it’s now going to be invoked from multiple callers (i.e. become a “shared” assembly) and it needs to assume “Full Trust” because it’s going to be invoked from a variety of different sources (local machine and intranet) and it needs to make high privilege calls. Elevating the priveleges in this fashion, will help you overcome some of the security issues related to the Managed interop assemblies (which do not allow “Partial Trust” callers).
· It is good practice to do this for shared application assemblies. Ensure that you assembly is the “Release” version as opposed to the “Debug” version and also ensure that appropriate assembly attributes have been set (name, publisher, version etc).
· You won’t be able to debug your GAC assemblies in the recommended way, so you need to ensure that your assembly has passed all acceptance and quality standards before GAC deployment.
Open up the Visual Studio command prompt and navigate to a temporary folder and issue the following command:
sn -k <name>.snk
|
· Where <name> is the name you wish to give your strong-name. Set it to the name of your WPF UserControl project solution.
Import the strong name into your project by going to the “Properties” page of the project (right-click on the project name) and navigate to the “Signing” tab. Then you will have to select the strong-name-key by browing for it and selecting it in the available drop down as illustrated below:
Whilst on the properties-page select the “Application” tab and click the “Assembly Information” button to set the assembly attributes.
Under “Configuration Manager” set the assembly to “Release” version:
Then clean and rebuild the solution. Open the “Visual-Studio-Command-Prompt” and then navigate to the “Release” folder for your assembly and then install it into the GAC using the "gacutil" command:
Install assembly into the GAC
|
C:\XEInterop\XEInterop\bin\Release>gacutil /i <name>.dll
|
Uninstall assembly from the GAC
|
C:\Windows\assembly>gacutil /u <name>
|
· Where <name> is the name of your assembly.
The GAC will build up versioned history of assemblies, so use the following command to remove specific versions before re-deployment.
Uninstall assembly version from the GAC
|
C:\Windows\assembly>gacutil /u <name>, Version=1.0.0.1
|
In the next article I will be discussing certifcate deployment.
REGARDS