Developing Windows and Web Applications using Visual Studio

Document Sample
Developing Windows and Web Applications using Visual Studio Powered By Docstoc
					 Developing Windows and Web Applications using Visual Studio.NET
 Part 1: Developing Windows Applications using Visual Studio.NET




Session 4: Deployment and Security of
            Windows Forms (in C# 2005)



    Presented by

    Marten Ataalla (MartenAtaalla@ssw.com.au)
    Eric Phan (EricPhan@ssw.com.au)
About Marten


 • Senior Software Architect at SSW

 • Specialize in
      • Application Deployment
      • SQL Reporting Services
      • Software Auditing
      • SharePoint 2003 & 2007


 • Speaker at Sydney .Net Usergroups & UTS
   lectures
Admin Stuff


 • Attendance
   – You initial sheet
 • Hands On Lab
   – You get me to initial sheet
 • Homework
Session 4: Deployment & Security



 Agenda
 Part 1: Deployment of .NET Winforms apps
    –   History
    –   Deployment & Updates
    –   Security
    –   Issues & Warnings

 Part 2: Security
    – Role-based security
         • Authentication and Authorization
         • Impersonation
    – Code Access Security
    – Assembly Strong Naming
Part 1




 ClickOnce
Windows vs Web forms

     Which side are you on? Why?
ClickOnce
The Best of both Worlds

                            Click Once
   Windows Forms                                   Web Forms


                  Rich User                         Network
    Tough To
                 Experience              Easy To   Dependency
     Deploy
                                         Update
                 Offline Capable
  Tough To                           Easy To         Limited User
   Update          High User         Deploy           Experience
                  Productivity
                                         Easy To
      Fragile    Responsive &            Manage    Complex To
    “DLL Hell”     Flexible                         Develop
ClickOnce
The Best of both Worlds

        Which side are you on now?
History



 Remember the good old Windows Installer?




 Let’s compare it to ClickOnce…
History: Feel the pain…
Windows Installer vs ClickOnce

Features                                        Windows Installer             ClickOnce
Click a link
Post-installation rollback
Does not affect shared components
Security permissions required                        Administrator         Internet/Intranet Zone

Installation-time user interface                    Multipart Wizard            Single prompt

Automatic Updates
Application and deployment manifest signing
Security permissions granted                       Full Trust by default   only permissions necessary

Installation of assemblies on demand
Add application to Start menu
Application installation location                  Program Files folder       ClickOnce app cache

Install time Registry access (so move to app)                                       Limited

Installation of Drivers
Installation to Global Assembly Cache
Installation for multiple users
Installation of shared files
Add application to Startup group
Add application to Favorites menu
Register File types
Binary File patching
History: Feel the pain…
.Net 1.x HREFing .EXEs


   The.NET Framework must be already installed

   Only available offline if you are “Working Offline”

   Your application will run on the client as partially trusted code
   only.

   Bad performance as the executable will try to load several DLLs
   with localization resources;

   No way to guarantee that all your files are indeed downloaded;
   your client may be stuck with a "half updated" application.

   Your application won't have a shortcut in the desktop or the Start
   menu.
History: Feel the pain…
Updater Application Block


   You must change your application substantially in order to
   use it

   Needed to write to C:\Program Files\

   It runs as a fully trusted local application, so it pretty much
   ignores code access security

   It's not supported by Microsoft.

   Since it uses BITS to download the application pieces, it
   does not run under Windows 98/ME.
   However, Jamie Cool has a work around:
       .NET Application Updater Component
       http://www.windowsforms.net/articles/appupdater.aspx
Demo:


 SSW Diagnostics install
Demo


 Let’s create our first ClickOnce application
ClickOnce Deployment
How it works?


Users download either:

1.   Setup.exe (~500kb)
     Bootsraper which
     checks pre-
     requisites
     (Recommended)


OR

2. Application manifest
    Boo.application

     (small but does not
     check prerequisites)
ClickOnce Deployment
Deployment Manifests


 Architecture based on two XML manifest
 files:
   1. Application manifest
       • Authored by the developer
       • Describes the application
       • Example: which assemblies constitute the application


   2. Deployment manifest
       • Authored by the administrator
       • Describes the application deployment
       • Example: which version clients should use
ClickOnce Deployment
Deployment Manifests


                                    Application
       1.0  1.1                     Manifest
       Deployment Manifest

                                    1.0

                             Application
       Web Page
                              Manifest
       Link to Manifest

                              1.1
Deployed Files
ClickOnce Deployment
Bootstraper
 • What does the bootstrapper do?

    Web Server
      Setup.exe
     Dotnetfx.exe              Client PC
    Mdac_typ.exe

     Custom.msi
                                          a
    Bar.application           Reboot
                              MDAC detected!

                                          a
ClickOnce Deployment
Which download to provide?


 Q:\ Which way?
 A:\ Depends on pre-requisites

 Q:\ What if the only pre-requisite is .NET 2?
 A:\ TIP: use Request.Browser.ClrVersion;

    dim verHave as Version = Request.Browser.ClrVersion
    dim verNeed as Version = new Version("2.0.50727")

    if ( verHave < verNeed ) then
         Response.Write("<a href=""./Download/Setup.exe"">")
    else
         Response.Write("<a href=""./Download/SSWDiagnostics.application"">")
    end if
ClickOnce Deployment
Strategies


    Install from the Web or a Network Share
    (Default Strategy) (a Setup.exe)




    Install from a CD         (a Setup.exe)




   Run the Application from the Web or a
    Network Share
ClickOnce Deployment
Strategies Compared


                    Web Install   CD Install   Web Run
 Adds Shortcuts

 Adds Add/Remove

 Requires Updates

 Allow Passing of
 Query Parameters
 Doesn’t require
 internet
ClickOnce Deployment
Setup Interface
ClickOnce Deployment
Setup Options Interface
ClickOnce Update
How it works?


 • ClickOnce uses the file version information specified in an
   application's deployment manifest to decide whether to update
   the application's files.

 • After an update begins, ClickOnce uses a technique called file
   patching to avoid redundant downloading of application files.

 But, what is a File Patching?
   Compares the hash signatures of the files specified in the application
   manifest for the current application against the signatures in the manifest
   for the new version.




             Note #1: If you use Visual Studio to compile your application, it will generate new
             hash signatures for all files whenever you rebuild the entire project.
             Note #2: File patching does not work for files that are marked as data and stored in
             the data directory C:\Documents and Settings\AdamCogan\Local Settings\Apps\2.0
ClickOnce Update
How it works?
                                     Deployment
                                     Framework                  Application
                                       Service                    Store




                                         Yes
                               Update
                               Check?



Installed                                       No
                     Startup
                                                                       My
                      SHIM                                         Application

  But, what is a SHIM?
    It’s a small piece of software that is added to an existing system program
    or protocol in order to provide some enhancement.
ClickOnce Update
Strategies


 • Checking for Updates after Application
   Startup
   – background thread will
     run to locate and read
     the deployment
     manifest
   – best for low-
     bandwidth network
     connections or for
     larger applications
   – Specifying Update
     Intervals
ClickOnce Update
Strategies


 • Checking for Updates before Application
   Startup
ClickOnce Update
Strategies


 • Making Updates Required
ClickOnce Update
Optional and Required Updates


 For optional updates, the user can either accept or skip the update.




 This dialog will not appear when an update is required.

 To make an update required in Visual Studio 2005, you need to set
    the Minimum Required Version field in the Updates dialog box to
    match the version of the application you’re currently publishing

 We recommend just 4 prior versions
ClickOnce Update
Blocking


Want more control
 over the update?

You may block
  update checking
  altogether and
  provide UI for
  updates using
  Deployment API
  in your application
What if you release a bad
version???
Advanced
Rolling back updates


 • The latest 2 versions of the application are
   stored, the rest are removed.
 • Clients may restore back 1 application
   update.
Demo:



  – Create a bad version and deploy it

  – Rollback to a previous version

  – Update again with a good version
Advanced
Scalability



 • Server Processing is fine
   Normal activation of a “ClickOnce” application is
   very inexpensive for the server & network

 • Bandwidth is an issue
   Consider network bandwidth needed for initial
   application deployment & application updates

 • However, the standard methods & techniques
   used to scale web or file servers can be used for
   “ClickOnce” applications (e.g server farms, etc)
Advanced
Cache


 • Location for ClickOnce applications

    – On XP:   %userprofile%\Local Settings\Apps

    – On VISTA:    %userprofile%\AppData\Local\Apps

 • Cache quota is 250MB.

 • Data files do not count toward this limit

 • Modify by changing Registry key:
    HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows\Cu
      rrentVersion\Deployment\OnlineAppQuotaInKB


           Note: The value in the OnlineAppQuoteInKB registry key is a DWORD that
           expresses the cache size in kilobytes
  Warnings
  File Patching and Rebuilds


Issue:
The File Patching model for assemblies (even strong assemblies) is
   based entirely on file hash.
   Projects when rebuilt in VS often cause the same assemblies
   (exactly same source) to have different hashes. Hence if you are
   rebuilding your entire v2.0 solution its possible that assemblies
   that have not changed in terms of functionality will still have a
   different hash and hence be downloaded again by ClickOnce
   instead of being copied locally.

Workaround:
Don’t hit rebuild unless you need to! (when references might’ve
  changed)
Suggestions & Missing
Features


 • Rollback Feedback
    – We want our clients to give us feedback as to why they are rolling
      back a version
 • Rollback Count
    – Clients should be able to rollback back to a certain number of versions
      (set by the developer)
 • Version Download/Update/Rollback Stats
    – What versions our clients are downloading, updating to and rolling
      back from. Presented in Reporting Services reports.
 • Microsoft should release MSN messenger as a ClickOnce app.
 • Staged Rollout
    – Specify beta testers, and grouped downloads via authentication
    – eg. MSN Messenger could let MVPs and RDs get the latest beta
    – We want 10% released each day, to manage bandwidth and transition.
 • Scalability
    – limit to x concurrent - the rest would not be told of the new version
      until later.
Limitations Overview


 1.   Can’t install shared files, drivers, assemblies in GAC, for
      multiple users, office addins, etc

 2.   Installation UI cannot be changed

 3.   Can’t add application to Startup group, Favorites menu

 4.   Bootstrappers still need admin privileges if there are
      prerequisite redistributables

 5.   Can’t register file types

 6.   No updating via FTP
Part2



Security
Security


 Why do we need security in our applications?
 • Protect our investment – keep malicious
   users out
 • Protect sensitive data
    – Medical records, customer details, salary info…
Security in .NET


 2 parts to .NET Security

 1. Role-based security
    – protects the application from the bad users


 • Code Access Security (CAS)
    – protects the user’s system from bad
      application
Role-based Security


 1. How do we know who is using our
    application? (Authentication)
   • e.g. Who are you?
 2. And how do we control what they can
    and cannot do? (Authorisation)
   • e.g. employee info – don’t want employees to
     see each other’s salaries
Authentication & Authorisation

 In .NET, Users = Identities
Authentication & Authorisation

 In .NET, Groups = Roles
Authentication & Authorisation



 Where can we store a list of valid users?
 • Active Directory
 • Database
 • Web Service
 • XML
 • Excel
 • etc.
• Demo
Authentication & Authorisation



 We saw
 • Windows (Integrated) Authentication
    – Check against the user I am logged in as
 • Authorisation
    – Enable/disable button
    – This can obviously be extended
       • Locking methods e.g. “ViewCreditCardInfo”
       • Custom messages
Authentication & Authorisation



              Generic
            (Text-based)           Read from Database
                                        (Custom)




      IIdentity (Authentication)           …
      IPrincipal (Authorisation)




                                           …
           Active Directory
         (Windows Security)
Impersonation


 What is Impersonation?
 1. Tim goes to pick up a parcel for Adam
 2. Tim goes to the PO but access is denied
    (only Adam is allowed to have the parcel)
 3. Tim returns with Adam’s ID
 4. Staff says OK – Tim gets the parcel
Impersonation


 • Running the code under another person’s
   permission. i.e. Doing something on
   someone else’s behalf
 • Webforms example
   – Accessing network share as domain user
     instead of the default local ASPNET account
 • Winforms example
   – Manager in Supermarket has to login to offer
     the customer the discount.
Special case - Mixed


 • e.g. you want your company users to log
   in on a public site
    – So that they can get to company-only
      information
 • Mixed mode

 1. Check against AD
 2. Check against Database

 Nice and flexible
Code Access Security


 Imagine a world without SPAM and SpyWare…
Code Access Security


 What is Code Access Security (CAS)?
 • Protect your system against evil code
 • Rules enforced by the .NET Framework
Code Access Security


 Who should control CAS policies?
 • System administrators
 • Not developers!
Assembly Strong Naming


 How do you know your software came from
   its publisher?
 • e.g. SSW Registration
 • Someone could simply replace the DLLs
   in the folder and your application would
   use that
Assembly Strong Naming


 Enter Strongly Named Assemblies…
 • Use a special private key to uniquely
    “sign” an assembly (e.g. SSW
    Registration)
 • The caller (e.g. SSW Code Auditor) uses
    a public key to “unlock” the code
 • This guarantees the authenticity of any
    external components your application is
    using
 • Really easy to use…
ClickOnce Security
ClickOnce Security
Partial Trust Permission Settings


 Custom Permission settings can be set for
  the following:
ClickOnce Security
Security Features


 • Zero-impact installation
    – Files cached under user profile
    – Cannot touch shared resources on machine

 • Code Access Security sandbox execution
    – Based on origin of files (deployment server)
    – Can elevate permissions through user prompting
    – Can elevate permissions automatically through trust
      license

 • XML Signature
    – Signed manifests to ensure authentication and integrity

 Note : VS.NET 2005 enforces permissions during debugging 
Thanks for your attention


 • Marten Ataalla

    – MartenAtaalla@ssw.com.au


 • Eric Phan

    – EricPhan@ssw.com.au

				
DOCUMENT INFO