Microsoft Australia Security Summit Deploying Applications with ClickOnce Andrew Coates [email protected] Developer Evangelist Microsoft Australia Andrew

Microsoft Australia Security Summit

Deploying Applications with ClickOnceDeploying Applications with ClickOnce

Andrew [email protected] EvangelistMicrosoft Australia

Andrew [email protected] EvangelistMicrosoft Australia


Community ThingsCommunity Things

Brisbane .NET User Group3rd Tuesday of MonthGold Coast .NET User GroupIrregular

Community Dinner tonight7:30 Royal Thai OrchidLittle Cribb St, MILTON All WelcomeDrinks earlier if you get there beforehand

MSDN Connection Surf Board

Brisbane .NET User Group3rd Tuesday of MonthGold Coast .NET User GroupIrregular

Community Dinner tonight7:30 Royal Thai OrchidLittle Cribb St, MILTON All WelcomeDrinks earlier if you get there beforehand

MSDN Connection Surf Board


AgendaAgenda

Introduction

ClickOnce Basics

Security

Programming ClickOnce

Introduction

ClickOnce Basics

Security

Programming ClickOnce


IntroductionDeployment ProblemsIntroductionDeployment Problems

Client applications can be fragileWill the installation of one application break another application?

Traditional DLL-conflict problem

Installing client applications is hard and expensive

Must affect every client

For both the initial installation and updates

Web-based applicationsSolved many deployment issues, but there’s a “but"

At the expense of a rich client experience

Client applications can be fragileWill the installation of one application break another application?

Traditional DLL-conflict problem

Installing client applications is hard and expensive

Must affect every client

For both the initial installation and updates

Web-based applicationsSolved many deployment issues, but there’s a “but"

At the expense of a rich client experience


IntroductionVersion 1.0 of the .NET FrameworkIntroductionVersion 1.0 of the .NET Framework

Addressed the issue of DLL conflictIntroduced application isolation

Controlled the versioning of shared components

Began to address the ease-of-deployment issue

Run executable files from URL or UNC

HREF executable files

Set the stage for ClickOnce

Addressed the issue of DLL conflictIntroduced application isolation

Controlled the versioning of shared components

Began to address the ease-of-deployment issue

Run executable files from URL or UNC

HREF executable files

Set the stage for ClickOnce


IntroductionThe Best of the Client and the WebIntroductionThe Best of the Client and the Web

Web ClickOnce MSI Client

Reach

“No Touch” Deployment

Low System Impact

Install and Run per User

Rich and Interactive

Offline Access

Windows Shell Integration

Per-Computer and Shared Components

Unrestricted Installation


ClickOnce BasicsDevelopment ExperienceClickOnce BasicsDevelopment Experience

IDE support in Visual Studio 2005Integrated with core project types

Setup is not a post-development task

Project DesignerPublish pane

Security pane

Publish WizardCopies the application to a Web server

Server extensions through Microsoft FrontPage®

FTP or network file share

IDE support in Visual Studio 2005Integrated with core project types

Setup is not a post-development task

Project DesignerPublish pane

Security pane

Publish WizardCopies the application to a Web server

Server extensions through Microsoft FrontPage®

FTP or network file share


ClickOnce BasicsDeclarative InstallationClickOnce BasicsDeclarative Installation

Application manifestAuthored by the developer

Describes the application

Example: which assemblies constitute the application

Deployment manifestAuthored by the administrator

Describes the application deployment

Example: which version clients should use

Application manifestAuthored by the developer

Describes the application

Example: which assemblies constitute the application

Deployment manifestAuthored by the administrator

Describes the application deployment

Example: which version clients should use


ClickOnce BasicsDeployment OptionsClickOnce BasicsDeployment Options

Launched applicationsApplication launches but doesn’t install

No Start menu and no Add or Remove Programs

Always updates on launch

Installed applicationsInstall from the Web, a UNC location, or a CD-ROM

Start menu and Add or Remove Programs

Variety of update options

Launched applicationsApplication launches but doesn’t install

No Start menu and no Add or Remove Programs

Always updates on launch

Installed applicationsInstall from the Web, a UNC location, or a CD-ROM

Start menu and Add or Remove Programs

Variety of update options


ClickOnce BasicsUpdate OptionsClickOnce BasicsUpdate Options

On application startupIf an update is found, ask the user to update the application

After application startupIf an update is found, ask the user to update on the next run

Required updatesSpecified by using the minimum required version

Programmatic updatingIntegrate the update experience into the application

On application startupIf an update is found, ask the user to update the application

After application startupIf an update is found, ask the user to update on the next run

Required updatesSpecified by using the minimum required version

Programmatic updatingIntegrate the update experience into the application


ClickOnce BasicsApplication BootstrapperClickOnce BasicsApplication Bootstrapper

Installs the application prerequisites.NET FX, Microsoft DirectX®, MDAC, and so on

Requires administrator rights

Extensible architecture

Manages reboots

Install the ClickOnce application after the prerequisites

Use ClickOnce for automatic updates

No automatic updating of prerequisite components

Installs the application prerequisites.NET FX, Microsoft DirectX®, MDAC, and so on

Requires administrator rights

Extensible architecture

Manages reboots

Install the ClickOnce application after the prerequisites

Use ClickOnce for automatic updates

No automatic updating of prerequisite components


ClickOnce BasicsThe Bootstrapper in ActionClickOnce BasicsThe Bootstrapper in Action

Setup.exeSetup.exe

Dotnetfx.exeDotnetfx.exe

Web ServerWeb Server

Mdac_typ.exeMdac_typ.exe

Custom.msiCustom.msi

Bar.applicationBar.application RebootReboot

Client PCClient PCDotnetfx.exeDotnetfx.exe

Custom.msiCustom.msi

Bar.applicationBar.application MDAC detected!MDAC detected!

Setup.exeSetup.exe


Building, Deploying and Updating a Client ApplicationBuilding, Deploying and Updating a Client Application


SecuritySecure Execution Environment (Sandbox)SecuritySecure Execution Environment (Sandbox)

ClickOnce applications run in a sandbox by default

Permissions are based on origin Internet, Intranet, or Full Trust

Ensures that applications are safe to run

Similar to Microsoft Internet Explorer and JavaScript

Applications often need higher trustCall unmanaged code

Access the file system or the registry

Connect to a database

Consume Web services

ClickOnce applications run in a sandbox by default

Permissions are based on origin Internet, Intranet, or Full Trust

Ensures that applications are safe to run

Similar to Microsoft Internet Explorer and JavaScript

Applications often need higher trustCall unmanaged code

Access the file system or the registry

Connect to a database

Consume Web services


SecurityDetermining Permission RequirementsSecurityDetermining Permission Requirements

Security pane of Project DesignerUse to manually configure permissions

Permissions CalculatorCalculates the least-required permissions

Debug in the sandboxDebug applications with partial trust

Exception Assistant

Microsoft Intellisense® in the sandboxFiltered based on the security context

Security pane of Project DesignerUse to manually configure permissions

Permissions CalculatorCalculates the least-required permissions

Debug in the sandboxDebug applications with partial trust

Exception Assistant

Microsoft Intellisense® in the sandboxFiltered based on the security context


SecurityTrusted Application DeploymentSecurityTrusted Application Deployment

Establishes deployment authorityOne-time distribution

Configures the trusted license issuer

Trust licensesIssued by an authority

Deployed with applications

Application-developer tasksObtain a trust license (.tlic file)

Set the deployment ticket property

Establishes deployment authorityOne-time distribution

Configures the trusted license issuer

Trust licensesIssued by an authority

Deployed with applications

Application-developer tasksObtain a trust license (.tlic file)

Set the deployment ticket property


SecurityUser Consent ModelSecurityUser Consent Model

Users make trust decisions all the timeInstalling software from CD-ROMs

Useful for targeting random computersInternet or unmanaged Intranet

User is the administrator

Request the required permissionsWhen the application needs permissions that are higher than the sandbox

Administrators can disable prompting through policy

Users make trust decisions all the timeInstalling software from CD-ROMs

Useful for targeting random computersInternet or unmanaged Intranet

User is the administrator

Request the required permissionsWhen the application needs permissions that are higher than the sandbox

Administrators can disable prompting through policy


SecuritySecure UpdatesSecuritySecure Updates

ClickOnce manifests are signedXMLDSIG

Publisher key is needed to deploy updates

Ensures that updates come from the original author

Guarantees a unique application identity

Only the original publisher can updatePrevents the automatic deployment of viruses

ClickOnce manifests are signedXMLDSIG

Publisher key is needed to deploy updates

Ensures that updates come from the original author

Guarantees a unique application identity

Only the original publisher can updatePrevents the automatic deployment of viruses


Programming ClickOnceProgramming ScenariosProgramming ClickOnceProgramming Scenarios

Application updatingImplement the Update Now menu item

Match the client with back-end programs

Customize when-to-update logicLimit updates to only early adopters

Limit updates based on the server load

On-demand downloadProgressive installation

Shell with application plug-ins

System.Deployment namespaceApplicationDeployment

Application updatingImplement the Update Now menu item

Match the client with back-end programs

Customize when-to-update logicLimit updates to only early adopters

Limit updates based on the server load

On-demand downloadProgressive installation

Shell with application plug-ins

System.Deployment namespaceApplicationDeployment


Programming ClickOnce Application UpdatingProgramming ClickOnce Application Updating

Control when and how the application updates

CheckForUpdate

GetUpdateCheckInfo

Update

Synchronous and asynchronous versions of methods

Available only for applications that are deployed through ClickOnce

Use IsNetworkDeployed

Control when and how the application updates

CheckForUpdate

GetUpdateCheckInfo

Update

Synchronous and asynchronous versions of methods

Available only for applications that are deployed through ClickOnce

Use IsNetworkDeployed


Programming ClickOnceOn-Demand DownloadProgramming ClickOnceOn-Demand Download

Group files in the manifestPut related files in the same group

Download files as a group

Marks files as optional in the manifest

Optional files are not downloaded during the installation

AreFilesLocal

DownloadFilesTakes a group or file name

Simultaneously delivery (synchronous or asynchronous) of multiple downloaded files

Group files in the manifestPut related files in the same group

Download files as a group

Marks files as optional in the manifest

Optional files are not downloaded during the installation

AreFilesLocal

DownloadFilesTakes a group or file name

Simultaneously delivery (synchronous or asynchronous) of multiple downloaded files


Implementing User-Initiated UpdatesImplementing User-Initiated Updates


SummarySummary

ClickOnce makes client-application deployment easy and safe

Visual Studio bootstrapper facilitates the easy redistribution of prerequisites

Visual Studio 2005 provides integrated developer support for ClickOnce

ClickOnce APIs support a variety of application-update scenarios

ClickOnce makes client-application deployment easy and safe

Visual Studio bootstrapper facilitates the easy redistribution of prerequisites

Visual Studio 2005 provides integrated developer support for ClickOnce

ClickOnce APIs support a variety of application-update scenarios


Thank you!Thank you!

Please fill in your evaluation formsPlease fill in your evaluation forms


© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only.

MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.Content created by 3 Leaf Solutions.


Documents

Microsoft Australia Security Summit Deploying Applications with ClickOnce Andrew Coates [email protected] Developer Evangelist Microsoft Australia Andrew