An application that uses ClickOnce runs under Full Trust by default. Under Full Trust, the application has unrestricted access to resources such as files and the registry, as well as the network. This potentially can be dangerous, as it opens the possibility of your code being exploited by malicious code. To prevent this, use Code Access Security to limit the permissions for your application to only what is necessary.

You can change the trust level of your applications by going to the Security tab of the project's Properties window (see Figure 1-13).

Figure 1-13. Configuring security settings for your application

There are three zones in which your application can be installed: Local computer, Local Intranet, and Internet, with the Internet zone having the most restrictive permissions and the "Local computer" zone imposing virtually no limits.

For example, if you set your application to install from the Internet zone, it would not be able to perform file I/O operations on a local computer or access registry settings. In this case, you need to explicitly grant the permissions required by the application in the Security tab of the project (as shown in Figure 1-13).

To see what will happen when you set your application to the Internet zone, check the Enable ClickOnce Security Settings checkbox and select the option "This is a partial trust application." ...