Title: Developing Windows and Web Applications using Visual Studio'NET
1Developing Windows and Web Applications using
Visual Studio.NET
Part 1 Developing Windows Applications using
Visual Studio.NET
- Session 4 Deployment and Security of
Windows Forms (in C 2005)
Presented by Marten Ataalla
2About Marten
- Senior Software Architect at SSW
- Specialize in
- Application Deployment
- SQL Reporting Services
- Software Auditing
- SharePoint 2003 2007
- Speaker at Sydney .Net Usergroups UTS lectures
3Admin Stuff
- Attendance
- You initial sheet
- Hands On Lab
- You get me to initial sheet
- Homework
4Session 4 Deployment Security
- Agenda
- Part 1 Deployment of .NET Winforms apps
- History
- Deployment Updates
- Security
- Issues Warnings
- Part 2 Security
- Role-based security
- Authentication and Authorization
- Impersonation
- Code Access Security
- Assembly Strong Naming
5Part 1
6Windows vs Web forms
- Which side are you on? Why?
7ClickOnceThe Best of both Worlds
Click Once
Windows Forms
Web Forms
Rich UserExperience
NetworkDependency
Tough ToDeploy
Easy To Update
Offline Capable
Tough To Update
Limited UserExperience
Easy To Deploy
High User Productivity
Easy To Manage
Fragile DLL Hell
Responsive Flexible
Complex To Develop
8ClickOnceThe Best of both Worlds
- Which side are you on now?
ClickOnce
Web Apps
9History
- Remember the good old Windows Installer?
- Lets compare it to ClickOnce
10History Feel the pain Windows Installer vs
ClickOnce
11History Feel the pain.Net 1.x HREFing .EXEs
- The.NET Framework must be already installed
- Your application will run on the client as
partially trusted code only. - Bad performance as the executable will try to
load several DLLs with localization resources - No way to guarantee that all your files are
indeed downloaded your client may be stuck with
a "half updated" application. - Only available offline if you are Working
Offline - Your application won't have a shortcut in the
desktop or the Start menu.
12History Feel the painUpdater Application Block
- You must change your application substantially in
order to use it - Needed to write to C\Program Files\
- It runs as a fully trusted local application, so
it pretty much ignores code access security - It's not supported by Microsoft.
- Since it uses BITS to download the application
pieces, it does not run under Windows 98/ME. - However, Jamie Cool has a work around .NET
Application Updater Component http//www.windowsf
orms.net/articles/appupdater.aspx
13Demo
14ClickOnce DeploymentHow it works?
- Users download either
- 1. Setup.exe (500kb) checks pre-requisites
(Recommended) - OR
- 2. Application manifestBoo.application(small
but does not check prerequisites)
15ClickOnce Deployment Deployment Manifests
- Architecture based on two XML manifest
- files
- Application manifest
- Authored by the developer
- Describes the application
- Example which assemblies constitute the
application - Deployment manifest
- Authored by the administrator
- Describes the application deployment
- Example which version clients should use
16ClickOnce DeploymentDeployment Manifests
1.0
? 1.1
17Deployed Files
18ClickOnce DeploymentBootstraper
Web Server
Setup.exe
Setup.exe
Dotnetfx.exe
Dotnetfx.exe
Mdac_typ.exe
a
Custom.msi
Custom.msi
Reboot
MDAC detected!
Bar.application
Bar.application
a
19ClickOnce DeploymentWhich download to provide?
- Q\ Which way?
- A\ Depends on pre-requisites
- Q\ What if the only pre-requisite is .NET 2?
- A\ TIP use Request.Browser.ClrVersion
- dim verHave as Version Request.Browser.ClrVersio
n - dim verNeed as Version new Version("2.0.50727")
-
- if ( verHave lt verNeed ) then
- Response.Write("lta href""./Download/Setup.exe""gt
") - else
- Response.Write("lta href""./Download/SSWDiagnosti
cs.application""gt") - end if
20ClickOnce Deployment Prerequisites
- Missing prerequisites must be installed using
separate redistributable packages. - The deployment tools in Visual Studio let you
install the .NET Framework and other
redistributables as a part of your installation
(bootstrapping). - Note Prerequisites can be downloaded
- beforehand into a network location
- to avoid redundant prerequisite
- downloads on networks
21ClickOnce Deployment Prerequisites
- Before installing an application on a client
computer, ClickOnce will examine the client to
ensure that it has certain requirements specified
in the application manifest. - These include
- The minimum required version of the CLR
- The minimum required version of the Windows OS
- The minimum version of any and all assemblies
that must be preinstalled in the GAC
Note 1 If you specify an alternate prerequisite
location, the packages must exist there these
errors are not handled with ClickOnce Note 2
While selecting your prerequisites, keep in mind
that prerequisites might need administrator
privileges to be installed.
22ClickOnce DeploymentStrategies
- Install from the Web or a Network Share
- (Default Strategy) (a Setup.exe)
Install from a CD (a Setup.exe)
Run the Application from the Web or a Network
Share
23ClickOnce Deployment Strategies Compared
24ClickOnce DeploymentSetup Interface
25ClickOnce DeploymentSetup Options Interface
26ClickOnce UpdateHow it works?
Deployment Framework Service
Application Store
Yes
No
My Application
Installed
Startup SHIM
But, what is a SHIM? Its a small piece of
software that is added to an existing system
program or protocol in order to provide some
enhancement.
27ClickOnce UpdateHow it works?
- ClickOnce uses the file version information
specified in an application's deployment manifest
to decide whether to update the application's
files. - After an update begins, ClickOnce uses a
technique called file patching to avoid redundant
downloading of application files. - But, what is a File Patching? Compares the hash
signatures of the files specified in the
application manifest for the current application
against the signatures in the manifest for the
new version.
Note 1 If you use Visual Studio to compile your
application, it will generate new hash signatures
for all files whenever you rebuild the entire
project. Note 2 File patching does not work for
files that are marked as data and stored in the
data directory C\Documents and
Settings\AdamCogan\Local Settings\Apps\2.0
28ClickOnce UpdateStrategies
- Checking for Updates after Application Startup
- background thread will run to locate and read the
deployment manifest - best for low-bandwidth network connections or for
larger applications - Specifying Update Intervals
29ClickOnce UpdateStrategies
- Checking for Updates before Application Startup
30ClickOnce UpdateStrategies
31ClickOnce UpdateOptional and Required Updates
- For optional updates, the user can either accept
or skip the update.
This dialog will not appear when an update is
required. To make an update required in Visual
Studio 2005, you need to set the Minimum Required
Version field in the Updates dialog box to match
the version of the application youre currently
publishing We recommend just 4 prior versions
32ClickOnce UpdateBlocking
- Want more control over the update?
- You may block update checking altogether and
provide UI for updates using Deployment API in
your application
33What if it is bad
34AdvancedRolling back updates
- The latest 2 versions of the application are
stored, the rest are removed. - Clients may restore 1 application update.
35Demo
- Configure in VS.NET
- Install the application
- Update to a new version
- Rollback to a previous version
- Update again with a good version
36AdvancedScalability
- Server Processing is fineNormal activation of a
ClickOnce application is very inexpensive for
the server network - Bandwidth is an issueConsider network bandwidth
needed for initial application deployment
application updates - However, the standard methods techniques used
to scale web or file servers can be used for
ClickOnce applications (e.g server farms, etc)
37AdvancedCache
- Location for ClickOnce applications
- On XP userprofile\Local Settings\Apps
- On VISTA userprofile\AppData\Local\Apps
- Cache quota is 250MB.
- Data files do not count toward this limit
- Modify by changing Registry key
- HKEY_CURRENT_USER\Software\Classes\Software\Micros
oft\Windows\CurrentVersion\Deployment\OnlineAppQuo
taInKB
Note The value in the OnlineAppQuoteInKB
registry key is a DWORD that expresses the cache
size in kilobytes
38BUGSProxy Servers on Client Machines
- Issue
- Clients accessing the internet through proxy
servers will get the error when launching the
application - The remote server returned an error (407) Proxy
Authentication Required - Default credentials to the proxy are not passed
through, ClickOnce attempts to download the files
without going through the proxy. - Workaround
- A hot fix is available from Microsoft to replace
the System.Deployment.dll or wait until the next
service pack comes out for .Net 2. You must
contact Microsoft for it. - http//support.microsoft.com/kb/917952
39BUGS Publish Version sync issues
- Issue
- The problem is that (rarely) the publish revision
number that Visual Studio has in memory sometime
gets out of sync with the publish revision number
that is stored is the user project file
(.xxproj.user). - Users would get the following
- Error 68 Publish failed with the following error
Could not find a part of the path - Workaround
- The easiest work around, which is to manually up
the publish revision number and choose File -gt
Save All.
40Warnings ClickOnce and non-IE Browsers
- Issue
- ClickOnce doesnt work on non-IE browsers (by
default). - ClickOnce provides IE with a mime handler
interface for the mime type application/x-ms-appli
cation which is associated with .application
files on servers hosting ClickOnce application. - So what happens in firefox?
- .application file is downloaded.
- If manifest contains relative paths, it will
fall over. - If it contains full paths, it will fail due to
security checks (in place by ClickOnce team). - Workaround
- Firefox There is an official Add-on
https//addons.mozilla.org/firefox/1608/ - Non-Firefox ClickOnce helper is an attempted a
solution, however it is not tested
http//www.softwarepunk.com/cohelper/ - Note The ClickOnce team will fix this in the
next release of the framework.
41Warnings File Patching and Rebuilds
- Issue
- The File Patching model for assemblies (even
strong assemblies) is based entirely on file
hash. - Projects when rebuilt in VS often cause the same
assemblies (exactly same source) to have
different hashes. Hence if you are rebuilding
your entire v2.0 solution its possible that
assemblies that have not changed in terms of
functionality will still have a different hash
and hence be downloaded again by ClickOnce
instead of being copied locally. - Workaround
- Dont hit rebuild unless you need to! (when
references mightve changed)
42WarningsManifest Overwriting
- Issue
- The manifest file for the ltAppNamegt.exe.manifest
is overwritten, causes strange compile errors
when included in the solution. - Workaround
- You dont need the manifest file in .Net 2 for XP
Styles. If you need it for any other reason, then
merge your manifest into the one built with
clickonce. - Note If you are running SSW Code Auditor, this
would not have been a problem ?
43Warnings File Compression
- Issue
- There are no file compression mechanisms in
ClickOnce. By default, your file will be
downloaded uncompressed across the
network/internet. - Workaround
- ClickOnce supports HTTP 1.1 compression. Simply
enable this on your web server the files
downloaded will be compressed.
44Suggestions Missing Features
- Rollback Feedback
- We want our clients to give us feedback as to why
they are rolling back a version - Rollback Count
- Clients should be able to rollback back to a
certain number of versions (set by the developer) - Version Download/Update/Rollback Stats
- What versions our clients are downloading,
updating to and rolling back from. Presented in
Reporting Services reports. - Microsoft should release MSN messenger as a
ClickOnce app. - Staged Rollout
- Specify beta testers, and grouped downloads via
authentication - eg. MSN Messenger could let MVPs and RDs get the
latest beta - We want 10 released each day, to manage
bandwidth and transition. - Scalability
- limit to x concurrent - the rest would not be
told of the new version until later.
45Moving your Application to ClickOnce
- You must consider
- What about your previous Windows Installer
installation on the client machines? - Suggestion Create a prerequisite that checks
for and uninstalls the previous versions. (or
uninstall it in the start of your app) - Where is your data stored? ClickOnce uses
different App folders for each new version, for
each user. - Suggestion Use ApplicationData folder if the
settings are per user, otherwise
CommonApplicationData per application for all
users. - You must consider the Limitations
46Limitations Overview
- Installation of shared files, drivers, assemblies
in GAC, for multiple users, office addins, etc - Installation UI cannot be changed
- Add application to Startup group, Favorites menu
- Bootstrappers still need admin privileges if
there are prerequisite redistributables - Register file types
- No Updating via FTP
47Part2
48Security
- Why do we need security in our applications?
- Protect our investment keep malicious users out
- Protect sensitive data
- Medical records, customer details, salary info
49Security in .NET
- 2 parts to .NET Security
- Role-based security
- protects the application from the bad users
- Code Access Security (CAS)
- protects the users system from bad application
50Role-based Security
- How do we know who is using our application?
(Authentication) - e.g. Who are you?
- And how do we control what they can and cannot
do? (Authorisation) - e.g. employee info dont want employees to see
each others salaries
51Authentication Authorisation
- In .NET, Users Identities
52Authentication Authorisation
53Authentication Authorisation
- Where can we store a list of valid users?
- Active Directory
- Database
- Web Service
- XML
- Excel
- etc.
54 55Authentication Authorisation
- We saw
- Windows (Integrated) Authentication
- Check against the user I am logged in as
- Authorisation
- Enable/disable button
- This can obviously be extended
- Locking methods e.g. ViewCreditCardInfo
- Custom messages
56Authentication Authorisation
Generic (Text-based)
Read from Database (Custom)
IIdentity (Authentication) IPrincipal
(Authorisation)
Active Directory (Windows Security)
57Impersonation
- What is Impersonation?
- Tim goes to pick up a parcel for Adam
- Tim goes to the PO but access is denied (only
Adam is allowed to have the parcel) - Tim returns with Adams ID
- Staff says OK Tim gets the parcel
58Impersonation
- Running the code under another persons
permission. i.e. Doing something on someone
elses behalf - Webforms example
- Accessing network share as domain user instead of
the default local ASPNET account - Winforms example
- Manager in Supermarket has to login to offer the
customer the discount.
59Impersonation
- How does it work?
- User logs in to website as DOMAIN\TomJones
- IIS checks the login against Active Directory
- If the login matches the one in Active Directory,
the user is now impersonating a Windows user - Application can now login to database, perform
any functions that the Windows user can
60Impersonation
Login via web as DOMAIN\TomJones
IIS checks login against Active Directory
.NET code is now impersonating Windows
User DOMAIN\TomJones
61What about lots of users?
- e.g. you have a public web site (blog, forums,
ebay etc.) - How would the user connect to the database?
- Embed a login and password in your connection
string - VERY BAD this is stored in plain text
- AD / Impersonation
- BAD big list of users
- BAD cant extend data
- Give the web ASPNET account access to the
database - GOOD for unknown numbers of users (i.e. public
websites) - GOOD no stored credentials (using integrated
security)
62Special case - Mixed
- e.g. you want your company users to log in on a
public site - So that they can get to company-only information
- Mixed mode
- Check against AD
- Check against Database
- Nice and flexible
63Code Access Security
- Imagine a world without SPAM and SpyWare
64Code Access Security
- What is Code Access Security (CAS)?
- Protect your system against evil code
- Rules enforced by the .NET Framework
65Code Access Security
- Who should control CAS policies?
- System administrators
- Not developers!
66Assembly Strong Naming
- How do you know your software came from its
publisher? - e.g. SSW Registration
- Someone could simply replace the DLLs in the
folder and your application would use that
67Assembly Strong Naming
- Enter Strongly Named Assemblies
- Use a special private key to uniquely sign an
assembly (e.g. SSW Registration) - The caller (e.g. SSW Code Auditor) uses a public
key to unlock the code - This guarantees the authenticity of any external
components your application is using - Really easy to use
68ClickOnce Security
69ClickOnce SecurityPartial Trust Permission
Settings
- Custom Permission settings can be set for the
following
70ClickOnce SecuritySecurity Features
- Zero-impact installation
- Files cached under user profile
- Cannot touch shared resources on machine
- Code Access Security sandbox execution
- Based on origin of files (deployment server)
- Can elevate permissions through user prompting
- Can elevate permissions automatically through
trust license - XML Signature
- Signed manifests to ensure authentication and
integrity - Note VS.NET 2005 enforces permissions during
debugging ?
71Useful links
- Security in .NET
- www.4guysfromrolla.com/webtech/121901-1.shtml
72References
- http//blogs.msdn.com/saurabh/archive/2006/03/02/5
41988.aspx - http//blogs.msdn.com/clickonce/
- http//blogs.msdn.com/saurabh/archive/2006/01/25/5
17613.aspx - http//blogs.msdn.com/winformsue/archive/category/
11821.aspx - http//www.softwarepunk.com/cohelper/
- http//msdn2.microsoft.com/en-us/library/142dbbz4.
aspx - http//www.windowsforms.net/FAQs/default.aspx?Page
ID3CategoryID24SubcategoryID27tabindex2 - http//forums.microsoft.com/MSDN/ShowPost.aspx?Pos
tID615033SiteID1 - http//www.code-magazine.com/article.aspx?quickid
0601041page3 - http//msdn.microsoft.com/library/default.asp?url
/library/en-us/dnreal/html/realworld12012004.asp - http//www.windowsforms.net/articles/appupdater.as
px - http//forums.microsoft.com/MSDN/ShowPost.aspx?Pos
tID173747SiteID1 - http//support.microsoft.com/kb/917952
73Finally a whinge
- http//www.ssw.com.au/SSW/Standards/BetterSoftware
Suggestions/