Deploying Applications with ClickOnce Suthep Sangvirotjanaphat Microsoft MVP, GreatFriends.Biz Instructor suthep@greatfriends.biz http://greatfriends.biz Thailand.NET Training and Community
Agenda Introduction ClickOnce Basics Security Programming ClickOnce
Introduction Deployment Problems Client applications can be fragile Will the installation of one application break another application? Traditional DLL-conflict problem Installing client applications is hard and expensive Must affect every client For both the initial installation and updates Web-based applications Solved many deployment issues, but there s a but" At the expense of a rich client experience
Introduction Version 1.0 of the.net Framework Addressed the issue of DLL conflict Introduced application isolation Controlled the versioning of shared components Began to address the ease-of-deployment issue Run executable files from URL or UNC HREF executable files Set the stage for ClickOnce
Introduction The Best of the Client and the Web Reach No Touch Deployment Low System Impact Install and Run per User Rich and Interactive Offline Access Windows Shell Integration Per-Computer and Shared Components Unrestricted Installation Web ClickOnce MSI Client
ClickOnce Basics Development Experience IDE support in Visual Studio 2005 Integrated with core project types Setup is not a post-development task Project Designer Publish pane Security pane Publish Wizard Copies the application to a Web server Server extensions through Microsoft FrontPage FTP or network file share
ClickOnce Basics Declarative Installation Application manifest Authored by the developer Describes the application Example: which assemblies constitute the application Deployment manifest Authored by the administrator Describes the application deployment Example: which version clients should use
ClickOnce Basics Update from the Web 1.0 1.1 Application Manifest Deployment Manifest 1.0 Web Page Link to Manifest Application Manifest 1.1
ClickOnce Basics Deployment Options Launched applications Application launches but doesn t install No Start menu and no Add or Remove Programs Always updates on launch Installed applications Install from the Web, a UNC location, or a CD-ROM Start menu and Add or Remove Programs Variety of update options
ClickOnce Basics Update Architecture Launched MIME.application Deployment Framework Service Application Store Yes Installed Startup SHIM Update Check? No My Application
ClickOnce Basics Update Options On application startup If an update is found, ask the user to update the application After application startup If an update is found, ask the user to update on the next run Required updates Specified by using the minimum required version Programmatic updating Integrate the update experience into the application
ClickOnce Basics Application Bootstrapper Installs the application prerequisites.net FX, Microsoft DirectX, MDAC, and so on Requires administrator rights Install the ClickOnce application after the prerequisites Use ClickOnce for automatic updates No automatic updating of prerequisite components
ClickOnce Basics The Bootstrapper in Action Web Server Setup.exe Dotnetfx.exe Mdac_typ.exe Custom.msi Bar.application Client PC Reboot MDAC detected!
Building, Deploying and Updating a Client Application
Security Secure Execution Environment (Sandbox) ClickOnce applications run in a sandbox by default Permissions are based on origin Internet, Intranet, or Full Trust Ensures that applications are safe to run Similar to Microsoft Internet Explorer and JavaScript Applications often need higher trust Call unmanaged code Access the file system or the registry Connect to a database Consume Web services
Security Determining Permission Requirements Security pane of Project Designer Use to manually configure permissions Permissions Calculator Calculates the least-required permissions Debug in the sandbox Debug applications with partial trust Exception Assistant Microsoft Intellisense in the sandbox Filtered based on the security context
Security Trusted Application Deployment Establishes deployment authority One-time distribution Configures the trusted license issuer Trust licenses Issued by an authority Deployed with applications Application-developer tasks Obtain a trust license (.tlic file) Set the deployment ticket property
Security User Consent Model Users make trust decisions all the time Installing software from CD-ROMs Useful for targeting random computers Internet or unmanaged Intranet User is the administrator Request the required permissions When the application needs permissions that are higher than the sandbox Administrators can disable prompting through policy
Security Secure Updates ClickOnce manifests are signed XMLDSIG Publisher key is needed to deploy updates Ensures that updates come from the original author Guarantees a unique application identity Only the original publisher can update Prevents the automatic deployment of viruses
Configuring ClickOnce Security Permissions
Programming ClickOnce Programming Scenarios Application updating Implement the Update Now menu item Match the client with back-end programs Customize when-to-update logic Limit updates to only early adopters Limit updates based on the server load On-demand download Progressive installation Shell with application plug-ins System.Deployment namespace ApplicationDeployment
Programming ClickOnce Application Updating Control when and how the application updates CheckForUpdate GetUpdateCheckInfo Update Synchronous and asynchronous versions of methods Available only for applications that are deployed through ClickOnce Use IsNetworkDeployed
Programming ClickOnce On-Demand Download Group files in the manifest Put related files in the same group Download files as a group Marks files as optional in the manifest Optional files are not downloaded during the installation AreFilesLocal DownloadFiles Takes a group or file name Simultaneously delivery (synchronous or asynchronous) of multiple downloaded files
Implementing User-Initiated Updates
Summary ClickOnce makes client-application deployment easy and safe Visual Studio bootstrapper facilitates the easy redistribution of prerequisites Visual Studio 2005 provides integrated developer support for ClickOnce ClickOnce APIs support a variety of application-update scenarios