VIEWS: 2 PAGES: 61 POSTED ON: 9/3/2011
Developing Windows and Web Applications using Visual Studio.NET Part 1: Developing Windows Applications using Visual Studio.NET Session 4: Deployment and Security of Windows Forms (in C# 2005) Presented by Marten Ataalla (MartenAtaalla@ssw.com.au) Eric Phan (EricPhan@ssw.com.au) About Marten • Senior Software Architect at SSW • Specialize in • Application Deployment • SQL Reporting Services • Software Auditing • SharePoint 2003 & 2007 • Speaker at Sydney .Net Usergroups & UTS lectures Admin Stuff • Attendance – You initial sheet • Hands On Lab – You get me to initial sheet • Homework Session 4: Deployment & Security Agenda Part 1: Deployment of .NET Winforms apps – History – Deployment & Updates – Security – Issues & Warnings Part 2: Security – Role-based security • Authentication and Authorization • Impersonation – Code Access Security – Assembly Strong Naming Part 1 ClickOnce Windows vs Web forms Which side are you on? Why? ClickOnce The Best of both Worlds Click Once Windows Forms Web Forms Rich User Network Tough To Experience Easy To Dependency Deploy Update Offline Capable Tough To Easy To Limited User Update High User Deploy Experience Productivity Easy To Fragile Responsive & Manage Complex To “DLL Hell” Flexible Develop ClickOnce The Best of both Worlds Which side are you on now? History Remember the good old Windows Installer? Let’s compare it to ClickOnce… History: Feel the pain… Windows Installer vs ClickOnce Features Windows Installer ClickOnce Click a link Post-installation rollback Does not affect shared components Security permissions required Administrator Internet/Intranet Zone Installation-time user interface Multipart Wizard Single prompt Automatic Updates Application and deployment manifest signing Security permissions granted Full Trust by default only permissions necessary Installation of assemblies on demand Add application to Start menu Application installation location Program Files folder ClickOnce app cache Install time Registry access (so move to app) Limited Installation of Drivers Installation to Global Assembly Cache Installation for multiple users Installation of shared files Add application to Startup group Add application to Favorites menu Register File types Binary File patching History: Feel the pain… .Net 1.x HREFing .EXEs The.NET Framework must be already installed Only available offline if you are “Working Offline” Your application will run on the client as partially trusted code only. Bad performance as the executable will try to load several DLLs with localization resources; No way to guarantee that all your files are indeed downloaded; your client may be stuck with a "half updated" application. Your application won't have a shortcut in the desktop or the Start menu. History: Feel the pain… Updater Application Block You must change your application substantially in order to use it Needed to write to C:\Program Files\ It runs as a fully trusted local application, so it pretty much ignores code access security It's not supported by Microsoft. Since it uses BITS to download the application pieces, it does not run under Windows 98/ME. However, Jamie Cool has a work around: .NET Application Updater Component http://www.windowsforms.net/articles/appupdater.aspx Demo: SSW Diagnostics install Demo Let’s create our first ClickOnce application ClickOnce Deployment How it works? Users download either: 1. Setup.exe (~500kb) Bootsraper which checks pre- requisites (Recommended) OR 2. Application manifest Boo.application (small but does not check prerequisites) ClickOnce Deployment Deployment Manifests Architecture based on two XML manifest files: 1. Application manifest • Authored by the developer • Describes the application • Example: which assemblies constitute the application 2. Deployment manifest • Authored by the administrator • Describes the application deployment • Example: which version clients should use ClickOnce Deployment Deployment Manifests Application 1.0 1.1 Manifest Deployment Manifest 1.0 Application Web Page Manifest Link to Manifest 1.1 Deployed Files ClickOnce Deployment Bootstraper • What does the bootstrapper do? Web Server Setup.exe Dotnetfx.exe Client PC Mdac_typ.exe Custom.msi a Bar.application Reboot MDAC detected! a ClickOnce Deployment Which download to provide? Q:\ Which way? A:\ Depends on pre-requisites Q:\ What if the only pre-requisite is .NET 2? A:\ TIP: use Request.Browser.ClrVersion; dim verHave as Version = Request.Browser.ClrVersion dim verNeed as Version = new Version("2.0.50727") if ( verHave < verNeed ) then Response.Write("<a href=""./Download/Setup.exe"">") else Response.Write("<a href=""./Download/SSWDiagnostics.application"">") end if ClickOnce Deployment Strategies Install from the Web or a Network Share (Default Strategy) (a Setup.exe) Install from a CD (a Setup.exe) Run the Application from the Web or a Network Share ClickOnce Deployment Strategies Compared Web Install CD Install Web Run Adds Shortcuts Adds Add/Remove Requires Updates Allow Passing of Query Parameters Doesn’t require internet ClickOnce Deployment Setup Interface ClickOnce Deployment Setup Options Interface ClickOnce Update How it works? • ClickOnce uses the file version information specified in an application's deployment manifest to decide whether to update the application's files. • After an update begins, ClickOnce uses a technique called file patching to avoid redundant downloading of application files. But, what is a File Patching? Compares the hash signatures of the files specified in the application manifest for the current application against the signatures in the manifest for the new version. Note #1: If you use Visual Studio to compile your application, it will generate new hash signatures for all files whenever you rebuild the entire project. Note #2: File patching does not work for files that are marked as data and stored in the data directory C:\Documents and Settings\AdamCogan\Local Settings\Apps\2.0 ClickOnce Update How it works? Deployment Framework Application Service Store Yes Update Check? Installed No Startup My SHIM Application But, what is a SHIM? It’s a small piece of software that is added to an existing system program or protocol in order to provide some enhancement. ClickOnce Update Strategies • Checking for Updates after Application Startup – background thread will run to locate and read the deployment manifest – best for low- bandwidth network connections or for larger applications – Specifying Update Intervals ClickOnce Update Strategies • Checking for Updates before Application Startup ClickOnce Update Strategies • Making Updates Required ClickOnce Update Optional and Required Updates For optional updates, the user can either accept or skip the update. This dialog will not appear when an update is required. To make an update required in Visual Studio 2005, you need to set the Minimum Required Version field in the Updates dialog box to match the version of the application you’re currently publishing We recommend just 4 prior versions ClickOnce Update Blocking Want more control over the update? You may block update checking altogether and provide UI for updates using Deployment API in your application What if you release a bad version??? Advanced Rolling back updates • The latest 2 versions of the application are stored, the rest are removed. • Clients may restore back 1 application update. Demo: – Create a bad version and deploy it – Rollback to a previous version – Update again with a good version Advanced Scalability • Server Processing is fine Normal activation of a “ClickOnce” application is very inexpensive for the server & network • Bandwidth is an issue Consider network bandwidth needed for initial application deployment & application updates • However, the standard methods & techniques used to scale web or file servers can be used for “ClickOnce” applications (e.g server farms, etc) Advanced Cache • Location for ClickOnce applications – On XP: %userprofile%\Local Settings\Apps – On VISTA: %userprofile%\AppData\Local\Apps • Cache quota is 250MB. • Data files do not count toward this limit • Modify by changing Registry key: HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows\Cu rrentVersion\Deployment\OnlineAppQuotaInKB Note: The value in the OnlineAppQuoteInKB registry key is a DWORD that expresses the cache size in kilobytes Warnings File Patching and Rebuilds Issue: The File Patching model for assemblies (even strong assemblies) is based entirely on file hash. Projects when rebuilt in VS often cause the same assemblies (exactly same source) to have different hashes. Hence if you are rebuilding your entire v2.0 solution its possible that assemblies that have not changed in terms of functionality will still have a different hash and hence be downloaded again by ClickOnce instead of being copied locally. Workaround: Don’t hit rebuild unless you need to! (when references might’ve changed) Suggestions & Missing Features • Rollback Feedback – We want our clients to give us feedback as to why they are rolling back a version • Rollback Count – Clients should be able to rollback back to a certain number of versions (set by the developer) • Version Download/Update/Rollback Stats – What versions our clients are downloading, updating to and rolling back from. Presented in Reporting Services reports. • Microsoft should release MSN messenger as a ClickOnce app. • Staged Rollout – Specify beta testers, and grouped downloads via authentication – eg. MSN Messenger could let MVPs and RDs get the latest beta – We want 10% released each day, to manage bandwidth and transition. • Scalability – limit to x concurrent - the rest would not be told of the new version until later. Limitations Overview 1. Can’t install shared files, drivers, assemblies in GAC, for multiple users, office addins, etc 2. Installation UI cannot be changed 3. Can’t add application to Startup group, Favorites menu 4. Bootstrappers still need admin privileges if there are prerequisite redistributables 5. Can’t register file types 6. No updating via FTP Part2 Security Security Why do we need security in our applications? • Protect our investment – keep malicious users out • Protect sensitive data – Medical records, customer details, salary info… Security in .NET 2 parts to .NET Security 1. Role-based security – protects the application from the bad users • Code Access Security (CAS) – protects the user’s system from bad application Role-based Security 1. How do we know who is using our application? (Authentication) • e.g. Who are you? 2. And how do we control what they can and cannot do? (Authorisation) • e.g. employee info – don’t want employees to see each other’s salaries Authentication & Authorisation In .NET, Users = Identities Authentication & Authorisation In .NET, Groups = Roles Authentication & Authorisation Where can we store a list of valid users? • Active Directory • Database • Web Service • XML • Excel • etc. • Demo Authentication & Authorisation We saw • Windows (Integrated) Authentication – Check against the user I am logged in as • Authorisation – Enable/disable button – This can obviously be extended • Locking methods e.g. “ViewCreditCardInfo” • Custom messages Authentication & Authorisation Generic (Text-based) Read from Database (Custom) IIdentity (Authentication) … IPrincipal (Authorisation) … Active Directory (Windows Security) Impersonation What is Impersonation? 1. Tim goes to pick up a parcel for Adam 2. Tim goes to the PO but access is denied (only Adam is allowed to have the parcel) 3. Tim returns with Adam’s ID 4. Staff says OK – Tim gets the parcel Impersonation • Running the code under another person’s permission. i.e. Doing something on someone else’s behalf • Webforms example – Accessing network share as domain user instead of the default local ASPNET account • Winforms example – Manager in Supermarket has to login to offer the customer the discount. Special case - Mixed • e.g. you want your company users to log in on a public site – So that they can get to company-only information • Mixed mode 1. Check against AD 2. Check against Database Nice and flexible Code Access Security Imagine a world without SPAM and SpyWare… Code Access Security What is Code Access Security (CAS)? • Protect your system against evil code • Rules enforced by the .NET Framework Code Access Security Who should control CAS policies? • System administrators • Not developers! Assembly Strong Naming How do you know your software came from its publisher? • e.g. SSW Registration • Someone could simply replace the DLLs in the folder and your application would use that Assembly Strong Naming Enter Strongly Named Assemblies… • Use a special private key to uniquely “sign” an assembly (e.g. SSW Registration) • The caller (e.g. SSW Code Auditor) uses a public key to “unlock” the code • This guarantees the authenticity of any external components your application is using • Really easy to use… ClickOnce Security ClickOnce Security Partial Trust Permission Settings Custom Permission settings can be set for the following: ClickOnce Security Security Features • Zero-impact installation – Files cached under user profile – Cannot touch shared resources on machine • Code Access Security sandbox execution – Based on origin of files (deployment server) – Can elevate permissions through user prompting – Can elevate permissions automatically through trust license • XML Signature – Signed manifests to ensure authentication and integrity Note : VS.NET 2005 enforces permissions during debugging Thanks for your attention • Marten Ataalla – MartenAtaalla@ssw.com.au • Eric Phan – EricPhan@ssw.com.au
"Developing Windows and Web Applications using Visual Studio"