No-Touch Deployment of Windows Applications.
Carl Franklin
NET297
These session notes serve primarily to share the content of the session and as a reference for me. They may also provide some value to those interested in the session topics. Some of the information found in these notes may be inaccurate due to my typing errors or a lack of understanding of the subject matter. DevTeach policy is that session material is available online to registered attendees only, so I cannot respond to any requests for session PPTs or source.
The Browser Sucks. Right-on, Carl!
Windows.Forms apps
Small disk footprint (functionality in the framework)
One dependency - .NET Runtime
Installing an app doesn't impact other apps (no DLL Hell issues)
Use the browser for distribution (but not for hosting!)
.NET Windows Forms Apps
Runtime should be installed as a system upgrade (therefore, best suited to intranet/extranet apps)
All or nothing. It’s installed or it isn't.
Runtime contains all 6500+ classes in Base Class Library
Question: Users with administrative privileges on desktop. How does this affect .NET app security and policy setup.
How deployment works
Copy .EXE and any DLLs not in the framework to Web Folder.
Distribute the URL to the world (to the EXE itself)
Client enters the URL. EXE is downloaded into temporary internet file cache
On reference, DLLs are downloaded.
Exe runs
Next time, if no new version on web, EXE and DLLs load fro local cache
Coding for auto-deployment
Compile Forms as DLLs
- All in one or separate
- Go to project properties dialog
- change project type to class library
- DLLs will "trickle down" to the client
- Assemblies downloaded at runtime as they are called.
To update the EXE or any DLL
- Simply copy the new version over the old in the web folder
- The next person to access the app will download the newer version
Issues
Browser is required to enter URL. If you provide an internet shortcut, the browser sill loads for an instant, and a flash can be seen.
Default Security limits what downloaded EXE can do. Same security model of zones is extended to the .NET framework. (The JIT looks at the security policy to determine what can be executed in the IL.)
Secure Solutions
Trusted Site Solution. Add web server to trusted Sites List. Use .NET Wizard on client to increase security on Trusted Sites Zone to Full Trust.
Go into admin tools, Security Adjustment Wizard.
SPS2003 "Cannot Continue" Note: Try bumping up privileges on trusted sites to full trust.
Signature Solution:
Generate a strong name key file with "sn.exe -k" (creates GUID-like signature.)
Compile your app with the strong name, use assemblykeyfile attribute.
Adjust security on client (via policy or manually) to give full trust to any assembly (EXE or DLL) that is compiled with your string name.
In command window sn -k franklins.net.snk
In VS.NET, add <Assembly: AssemblyKeyFile{"c:\strongnames\franklins.net.snk") in AssemblyInfo file.
In .NET Security Wizard, trust an assembly. ALL assemblies with that strongkey, uncheck the version number.
Can create a policy programmatically and distribute it as a setup.
Rocky Lhotka's netrun. Small console app for downloading auto-deployed windows applications. Can learn more at Lhotka.net.
Carl uses Ultra-VNC to connect to his computer…
Carl recommends Brent "Rector's?" Demeaner for obsfucation.
You would see the hash of the public key of the strong name in the IL DSM Manifest.
Carl demonstrated compiling the demo app for strong naming. AssemblyKeyFile is to the c:\strongnames .snk file. Each DLL and EXE assembly must be compiled with the strong name.
Brian Noyes .NET Rocks show for deployment, with Click-Once in particular.
URL for code and powerpoint: http://www.franklins.net/devteach2004autodeploy.zip
Rob Windsor mentioned caspol (million switches) for scripting purposes to set permissions on the strong name. Can create a dummy .EXE with the strong name for security setting purposes only.
Summary: Cool Carl is always so great. He’s so knowledgeable yet the presentation material was so easy to grasp. He always presents his topics in a way that people can understand them. I gained a TON from this session, which I think finally put me over the top and gave me what I needed to move on Smart Client apps from a deployment perspective. 11 out of 10.