I have an application that is installed and updated via ClickOnce. The application downloads files via FTP, and therefore needs to be added as an exception to the windows firewall. Because of the way that ClickOnce works, the path to the EXE changes with every update, so the exception needs to change also. What would be the best way to have the changes made to the firewall so that it's invisible to the end user?
(The application is written in C#)
The fact that there might actually be a way to do this is why I don't trust software firewalls.
Not sure if this is the best way, but running netsh should work:
netsh firewall add allowedprogram C:\MyApp\MyApp.exe MyApp ENABLE
I think this requires Administrator Permissions though,for obvious reasons :)
Edit: I just don't know enough about ClickOnce to know whether or not you can run external programs through it.
It's possible to access the data from the firewall, look at the following articles.
The real question is does the ClickOnce sandbox allows this kind of access? My guess would be that it doesn't. Maybe you could use a webservice? (For more information about the data access methods in ClickOnce see Accessing Local and Remote Data in ClickOnce Applications)
I found this article, which has a complete wrapper class included for manipulating the windows firewall. Adding an Application to the Exception list on the Windows Firewall
The ClickOnce sandbox did not present any problems.
The dead link to "Adding an Application to the Exception list on the Windows Firewall" can be found on The Wayback Machine:
The answer is you only allow trusted software to run with Admin privileges. From time to time SOME software has to have admin privileges and make sensitive changes to your system. You might as well have a read only hard disk otherwise...