views:

6108

answers:

7

I have an application that is installed and updated via ClickOnce. The application downloads files via FTP, and therefore needs to be added as an exception to the windows firewall. Because of the way that ClickOnce works, the path to the EXE changes with every update, so the exception needs to change also. What would be the best way to have the changes made to the firewall so that it's invisible to the end user?

(The application is written in C#)

A: 

The fact that there might actually be a way to do this is why I don't trust software firewalls.

Josh Hinman
Right behind you on this.
epochwolf
+3  A: 

Not sure if this is the best way, but running netsh should work:

netsh firewall add allowedprogram C:\MyApp\MyApp.exe MyApp ENABLE

I think this requires Administrator Permissions though,for obvious reasons :)

Edit: I just don't know enough about ClickOnce to know whether or not you can run external programs through it.

Michael Stum
I personally like this solution. It's much easier to invoke an external process like this than to fumble around with the Windows API, especially when using things like Qt/C++.
jocull
+6  A: 

It's possible to access the data from the firewall, look at the following articles.

The real question is does the ClickOnce sandbox allows this kind of access? My guess would be that it doesn't. Maybe you could use a webservice? (For more information about the data access methods in ClickOnce see Accessing Local and Remote Data in ClickOnce Applications)

Davy Landman
A: 

The easiest way I know would be to use netsh, you can simply delete the rule and re-create it, or set up a port rule, if yours is fixed.
Here is a page describing the options for its firewall context.

Hasturkun
+2  A: 

I found this article, which has a complete wrapper class included for manipulating the windows firewall. Adding an Application to the Exception list on the Windows Firewall

The ClickOnce sandbox did not present any problems.

RichieACC
The link seems to be broken.
JAG
Paja
+1  A: 

The dead link to "Adding an Application to the Exception list on the Windows Firewall" can be found on The Wayback Machine:

http://web.archive.org/web/20070707110141/http://www.dot.net.nz/Default.aspx?tabid=42&mid=404&ctl=Details&ItemID=8

Rick
A: 

The answer is you only allow trusted software to run with Admin privileges. From time to time SOME software has to have admin privileges and make sensitive changes to your system. You might as well have a read only hard disk otherwise...

Tim
Adding a firewall exception does not require elevated privileges.
Bob Riemersma