stackoom
  简体   繁体   中英

Is there a possibility to have embeded config only for specific configuration in .NET desktop application?

 原文  2023-01-26 14:00:02       c#/ .net/ configuration/ settings/ embedded-resource

Question

a desktop application (WPF, .NET 4.6.2) has lots of settings in app.config. The settings have different values for specific configurations: App.Debug.config and App.Release.config. QA engineers are happy to change values in App.Debug.config and test different application modes in the testing environment. However, for security reasons, I would like to prevent a production user to change any parameter. At the moment, a user can just edit the config file, restart app and use the app in unexpected mode.

I could move settings to embedded resources (or just hard code in some configuration class), but in this case, QA cannot change parameters dynamically and lost testing flexibility.

It would be nice to configure the app and build process to have App.Debug.config as is for Debug configuration. And to have an embedded App.Release.config for Release configuration. I'm not sure how to achieve that, maybe you have an idea how it could be implemented?

1 answers

solution1
 0  2023-01-26 16:16:17

It should be fairly easy to prevent users from making any changes.

  1. Make sure your settings uses the "Application" scope
  2. Install your application in the program-files folder
  3. Make sure your users are not running with administrator permissions

That should prevent any users from making any changes to the configuration files.

Keep in mind that most users will not make random changes to application settings, or registry settings, or anything else they do not understand. And if they do, you can tell them to blame themselves and to reinstall.

If your users are in fact running as administrators, there is nothing you can do to really prevent them from making changes, you can only make it more difficult. So you should really not store anything security sensitive that the user should not have access to if the user is an administrator.

If making things more difficult is sufficient for you, you might want to consider some alternative to the built in settings. For example something like:

  1. Create a settings-class with default-values for all the configuration you might want. Ensure this is serializable. Create an object of this class.
  2. Check if some file exist at startup. Use #if DEBUG to only run this in debug
    1. If the file exist, deserialize and set it as the current setting object
    2. If it does not, serialize the current settings object to the file
  3. Distribute the this settings object to all components in your application. An dependency injection container might help with this.

Using something like json serialization also has the advantage that you can serialize more complex objects.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Have log4net use application config file for configuration data dotnet test - possibility to override .net core configuration writing User configuration back to app.config in .net application How to use custom configuration file or app.config in .NET application .net MSMQ desktop application Is there possibility to create *.config file from scratch programatically in .NET (C#)? ASP.NET application only partially reading external configuration Using app.config both for WCF service/client configuration and for application-specific settings Is there a possibility tor use PhysX.net on an net 6 application? How to encrypt config file ? desktop .NET
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM