Learning Center
Plans & pricing Sign in
Sign Out

Developing Windows and Web Applications using Visual Studio


									 Developing Windows and Web Applications using Visual Studio.NET
 Part 1: Developing Windows Applications using Visual Studio.NET

Session 4: Deployment and Security of
            Windows Forms (in C# 2005)

    Presented by

    Marten Ataalla (
    Eric Phan (
About Marten

 • Senior Software Architect at SSW

 • Specialize in
      • Application Deployment
      • SQL Reporting Services
      • Software Auditing
      • SharePoint 2003 & 2007

 • Speaker at Sydney .Net Usergroups & UTS
Admin Stuff

 • Attendance
   – You initial sheet
 • Hands On Lab
   – You get me to initial sheet
 • Homework
Session 4: Deployment & Security

 Part 1: Deployment of .NET Winforms apps
    –   History
    –   Deployment & Updates
    –   Security
    –   Issues & Warnings

 Part 2: Security
    – Role-based security
         • Authentication and Authorization
         • Impersonation
    – Code Access Security
    – Assembly Strong Naming
Part 1

Windows vs Web forms

     Which side are you on? Why?
The Best of both Worlds

                            Click Once
   Windows Forms                                   Web Forms

                  Rich User                         Network
    Tough To
                 Experience              Easy To   Dependency
                 Offline Capable
  Tough To                           Easy To         Limited User
   Update          High User         Deploy           Experience
                                         Easy To
      Fragile    Responsive &            Manage    Complex To
    “DLL Hell”     Flexible                         Develop
The Best of both Worlds

        Which side are you on now?

 Remember the good old Windows Installer?

 Let’s compare it to ClickOnce…
History: Feel the pain…
Windows Installer vs ClickOnce

Features                                        Windows Installer             ClickOnce
Click a link
Post-installation rollback
Does not affect shared components
Security permissions required                        Administrator         Internet/Intranet Zone

Installation-time user interface                    Multipart Wizard            Single prompt

Automatic Updates
Application and deployment manifest signing
Security permissions granted                       Full Trust by default   only permissions necessary

Installation of assemblies on demand
Add application to Start menu
Application installation location                  Program Files folder       ClickOnce app cache

Install time Registry access (so move to app)                                       Limited

Installation of Drivers
Installation to Global Assembly Cache
Installation for multiple users
Installation of shared files
Add application to Startup group
Add application to Favorites menu
Register File types
Binary File patching
History: Feel the pain…
.Net 1.x HREFing .EXEs

   The.NET Framework must be already installed

   Only available offline if you are “Working Offline”

   Your application will run on the client as partially trusted code

   Bad performance as the executable will try to load several DLLs
   with localization resources;

   No way to guarantee that all your files are indeed downloaded;
   your client may be stuck with a "half updated" application.

   Your application won't have a shortcut in the desktop or the Start
History: Feel the pain…
Updater Application Block

   You must change your application substantially in order to
   use it

   Needed to write to C:\Program Files\

   It runs as a fully trusted local application, so it pretty much
   ignores code access security

   It's not supported by Microsoft.

   Since it uses BITS to download the application pieces, it
   does not run under Windows 98/ME.
   However, Jamie Cool has a work around:
       .NET Application Updater Component

 SSW Diagnostics install

 Let’s create our first ClickOnce application
ClickOnce Deployment
How it works?

Users download either:

1.   Setup.exe (~500kb)
     Bootsraper which
     checks pre-


2. Application manifest

     (small but does not
     check prerequisites)
ClickOnce Deployment
Deployment Manifests

 Architecture based on two XML manifest
   1. Application manifest
       • Authored by the developer
       • Describes the application
       • Example: which assemblies constitute the application

   2. Deployment manifest
       • Authored by the administrator
       • Describes the application deployment
       • Example: which version clients should use
ClickOnce Deployment
Deployment Manifests

       1.0  1.1                     Manifest
       Deployment Manifest


       Web Page
       Link to Manifest

Deployed Files
ClickOnce Deployment
 • What does the bootstrapper do?

    Web Server
     Dotnetfx.exe              Client PC

    Bar.application           Reboot
                              MDAC detected!

ClickOnce Deployment
Which download to provide?

 Q:\ Which way?
 A:\ Depends on pre-requisites

 Q:\ What if the only pre-requisite is .NET 2?
 A:\ TIP: use Request.Browser.ClrVersion;

    dim verHave as Version = Request.Browser.ClrVersion
    dim verNeed as Version = new Version("2.0.50727")

    if ( verHave < verNeed ) then
         Response.Write("<a href=""./Download/Setup.exe"">")
         Response.Write("<a href=""./Download/SSWDiagnostics.application"">")
    end if
ClickOnce Deployment

    Install from the Web or a Network Share
    (Default Strategy) (a Setup.exe)

    Install from a CD         (a Setup.exe)

   Run the Application from the Web or a
    Network Share
ClickOnce Deployment
Strategies Compared

                    Web Install   CD Install   Web Run
 Adds Shortcuts

 Adds Add/Remove

 Requires Updates

 Allow Passing of
 Query Parameters
 Doesn’t require
ClickOnce Deployment
Setup Interface
ClickOnce Deployment
Setup Options Interface
ClickOnce Update
How it works?

 • ClickOnce uses the file version information specified in an
   application's deployment manifest to decide whether to update
   the application's files.

 • After an update begins, ClickOnce uses a technique called file
   patching to avoid redundant downloading of application files.

 But, what is a File Patching?
   Compares the hash signatures of the files specified in the application
   manifest for the current application against the signatures in the manifest
   for the new version.

             Note #1: If you use Visual Studio to compile your application, it will generate new
             hash signatures for all files whenever you rebuild the entire project.
             Note #2: File patching does not work for files that are marked as data and stored in
             the data directory C:\Documents and Settings\AdamCogan\Local Settings\Apps\2.0
ClickOnce Update
How it works?
                                     Framework                  Application
                                       Service                    Store


Installed                                       No
                      SHIM                                         Application

  But, what is a SHIM?
    It’s a small piece of software that is added to an existing system program
    or protocol in order to provide some enhancement.
ClickOnce Update

 • Checking for Updates after Application
   – background thread will
     run to locate and read
     the deployment
   – best for low-
     bandwidth network
     connections or for
     larger applications
   – Specifying Update
ClickOnce Update

 • Checking for Updates before Application
ClickOnce Update

 • Making Updates Required
ClickOnce Update
Optional and Required Updates

 For optional updates, the user can either accept or skip the update.

 This dialog will not appear when an update is required.

 To make an update required in Visual Studio 2005, you need to set
    the Minimum Required Version field in the Updates dialog box to
    match the version of the application you’re currently publishing

 We recommend just 4 prior versions
ClickOnce Update

Want more control
 over the update?

You may block
  update checking
  altogether and
  provide UI for
  updates using
  Deployment API
  in your application
What if you release a bad
Rolling back updates

 • The latest 2 versions of the application are
   stored, the rest are removed.
 • Clients may restore back 1 application

  – Create a bad version and deploy it

  – Rollback to a previous version

  – Update again with a good version

 • Server Processing is fine
   Normal activation of a “ClickOnce” application is
   very inexpensive for the server & network

 • Bandwidth is an issue
   Consider network bandwidth needed for initial
   application deployment & application updates

 • However, the standard methods & techniques
   used to scale web or file servers can be used for
   “ClickOnce” applications (e.g server farms, etc)

 • Location for ClickOnce applications

    – On XP:   %userprofile%\Local Settings\Apps

    – On VISTA:    %userprofile%\AppData\Local\Apps

 • Cache quota is 250MB.

 • Data files do not count toward this limit

 • Modify by changing Registry key:

           Note: The value in the OnlineAppQuoteInKB registry key is a DWORD that
           expresses the cache size in kilobytes
  File Patching and Rebuilds

The File Patching model for assemblies (even strong assemblies) is
   based entirely on file hash.
   Projects when rebuilt in VS often cause the same assemblies
   (exactly same source) to have different hashes. Hence if you are
   rebuilding your entire v2.0 solution its possible that assemblies
   that have not changed in terms of functionality will still have a
   different hash and hence be downloaded again by ClickOnce
   instead of being copied locally.

Don’t hit rebuild unless you need to! (when references might’ve
Suggestions & Missing

 • Rollback Feedback
    – We want our clients to give us feedback as to why they are rolling
      back a version
 • Rollback Count
    – Clients should be able to rollback back to a certain number of versions
      (set by the developer)
 • Version Download/Update/Rollback Stats
    – What versions our clients are downloading, updating to and rolling
      back from. Presented in Reporting Services reports.
 • Microsoft should release MSN messenger as a ClickOnce app.
 • Staged Rollout
    – Specify beta testers, and grouped downloads via authentication
    – eg. MSN Messenger could let MVPs and RDs get the latest beta
    – We want 10% released each day, to manage bandwidth and transition.
 • Scalability
    – limit to x concurrent - the rest would not be told of the new version
      until later.
Limitations Overview

 1.   Can’t install shared files, drivers, assemblies in GAC, for
      multiple users, office addins, etc

 2.   Installation UI cannot be changed

 3.   Can’t add application to Startup group, Favorites menu

 4.   Bootstrappers still need admin privileges if there are
      prerequisite redistributables

 5.   Can’t register file types

 6.   No updating via FTP


 Why do we need security in our applications?
 • Protect our investment – keep malicious
   users out
 • Protect sensitive data
    – Medical records, customer details, salary info…
Security in .NET

 2 parts to .NET Security

 1. Role-based security
    – protects the application from the bad users

 • Code Access Security (CAS)
    – protects the user’s system from bad
Role-based Security

 1. How do we know who is using our
    application? (Authentication)
   • e.g. Who are you?
 2. And how do we control what they can
    and cannot do? (Authorisation)
   • e.g. employee info – don’t want employees to
     see each other’s salaries
Authentication & Authorisation

 In .NET, Users = Identities
Authentication & Authorisation

 In .NET, Groups = Roles
Authentication & Authorisation

 Where can we store a list of valid users?
 • Active Directory
 • Database
 • Web Service
 • XML
 • Excel
 • etc.
• Demo
Authentication & Authorisation

 We saw
 • Windows (Integrated) Authentication
    – Check against the user I am logged in as
 • Authorisation
    – Enable/disable button
    – This can obviously be extended
       • Locking methods e.g. “ViewCreditCardInfo”
       • Custom messages
Authentication & Authorisation

            (Text-based)           Read from Database

      IIdentity (Authentication)           …
      IPrincipal (Authorisation)

           Active Directory
         (Windows Security)

 What is Impersonation?
 1. Tim goes to pick up a parcel for Adam
 2. Tim goes to the PO but access is denied
    (only Adam is allowed to have the parcel)
 3. Tim returns with Adam’s ID
 4. Staff says OK – Tim gets the parcel

 • Running the code under another person’s
   permission. i.e. Doing something on
   someone else’s behalf
 • Webforms example
   – Accessing network share as domain user
     instead of the default local ASPNET account
 • Winforms example
   – Manager in Supermarket has to login to offer
     the customer the discount.
Special case - Mixed

 • e.g. you want your company users to log
   in on a public site
    – So that they can get to company-only
 • Mixed mode

 1. Check against AD
 2. Check against Database

 Nice and flexible
Code Access Security

 Imagine a world without SPAM and SpyWare…
Code Access Security

 What is Code Access Security (CAS)?
 • Protect your system against evil code
 • Rules enforced by the .NET Framework
Code Access Security

 Who should control CAS policies?
 • System administrators
 • Not developers!
Assembly Strong Naming

 How do you know your software came from
   its publisher?
 • e.g. SSW Registration
 • Someone could simply replace the DLLs
   in the folder and your application would
   use that
Assembly Strong Naming

 Enter Strongly Named Assemblies…
 • Use a special private key to uniquely
    “sign” an assembly (e.g. SSW
 • The caller (e.g. SSW Code Auditor) uses
    a public key to “unlock” the code
 • This guarantees the authenticity of any
    external components your application is
 • Really easy to use…
ClickOnce Security
ClickOnce Security
Partial Trust Permission Settings

 Custom Permission settings can be set for
  the following:
ClickOnce Security
Security Features

 • Zero-impact installation
    – Files cached under user profile
    – Cannot touch shared resources on machine

 • Code Access Security sandbox execution
    – Based on origin of files (deployment server)
    – Can elevate permissions through user prompting
    – Can elevate permissions automatically through trust

 • XML Signature
    – Signed manifests to ensure authentication and integrity

 Note : VS.NET 2005 enforces permissions during debugging 
Thanks for your attention

 • Marten Ataalla


 • Eric Phan


To top