Microsoft Australia Security Summit Deploying Applications with ClickOnce Andrew Coates...
-
Upload
elinor-pearson -
Category
Documents
-
view
222 -
download
0
Transcript of Microsoft Australia Security Summit Deploying Applications with ClickOnce Andrew Coates...
Microsoft Australia Security Summit
Deploying Applications with ClickOnceDeploying Applications with ClickOnce
Andrew [email protected] EvangelistMicrosoft Australia
Andrew [email protected] EvangelistMicrosoft Australia
Microsoft Australia Security Summit
Community ThingsCommunity Things
Brisbane .NET User Group3rd Tuesday of MonthGold Coast .NET User GroupIrregular
Community Dinner tonight7:30 Royal Thai OrchidLittle Cribb St, MILTON All WelcomeDrinks earlier if you get there beforehand
MSDN Connection Surf Board
Brisbane .NET User Group3rd Tuesday of MonthGold Coast .NET User GroupIrregular
Community Dinner tonight7:30 Royal Thai OrchidLittle Cribb St, MILTON All WelcomeDrinks earlier if you get there beforehand
MSDN Connection Surf Board
Microsoft Australia Security Summit
AgendaAgenda
Introduction
ClickOnce Basics
Security
Programming ClickOnce
Introduction
ClickOnce Basics
Security
Programming ClickOnce
Microsoft Australia Security Summit
IntroductionDeployment ProblemsIntroductionDeployment Problems
Client applications can be fragileWill the installation of one application break another application?
Traditional DLL-conflict problem
Installing client applications is hard and expensive
Must affect every client
For both the initial installation and updates
Web-based applicationsSolved many deployment issues, but there’s a “but"
At the expense of a rich client experience
Client applications can be fragileWill the installation of one application break another application?
Traditional DLL-conflict problem
Installing client applications is hard and expensive
Must affect every client
For both the initial installation and updates
Web-based applicationsSolved many deployment issues, but there’s a “but"
At the expense of a rich client experience
Microsoft Australia Security Summit
IntroductionVersion 1.0 of the .NET FrameworkIntroductionVersion 1.0 of the .NET Framework
Addressed the issue of DLL conflictIntroduced application isolation
Controlled the versioning of shared components
Began to address the ease-of-deployment issue
Run executable files from URL or UNC
HREF executable files
Set the stage for ClickOnce
Addressed the issue of DLL conflictIntroduced application isolation
Controlled the versioning of shared components
Began to address the ease-of-deployment issue
Run executable files from URL or UNC
HREF executable files
Set the stage for ClickOnce
Microsoft Australia Security Summit
IntroductionThe Best of the Client and the WebIntroductionThe Best of the Client and the Web
Web ClickOnce MSI Client
Reach
“No Touch” Deployment
Low System Impact
Install and Run per User
Rich and Interactive
Offline Access
Windows Shell Integration
Per-Computer and Shared Components
Unrestricted Installation
Microsoft Australia Security Summit
ClickOnce BasicsDevelopment ExperienceClickOnce BasicsDevelopment Experience
IDE support in Visual Studio 2005Integrated with core project types
Setup is not a post-development task
Project DesignerPublish pane
Security pane
Publish WizardCopies the application to a Web server
Server extensions through Microsoft FrontPage®
FTP or network file share
IDE support in Visual Studio 2005Integrated with core project types
Setup is not a post-development task
Project DesignerPublish pane
Security pane
Publish WizardCopies the application to a Web server
Server extensions through Microsoft FrontPage®
FTP or network file share
Microsoft Australia Security Summit
ClickOnce BasicsDeclarative InstallationClickOnce BasicsDeclarative Installation
Application manifestAuthored by the developer
Describes the application
Example: which assemblies constitute the application
Deployment manifestAuthored by the administrator
Describes the application deployment
Example: which version clients should use
Application manifestAuthored by the developer
Describes the application
Example: which assemblies constitute the application
Deployment manifestAuthored by the administrator
Describes the application deployment
Example: which version clients should use
Microsoft Australia Security Summit
ClickOnce BasicsDeployment OptionsClickOnce BasicsDeployment Options
Launched applicationsApplication launches but doesn’t install
No Start menu and no Add or Remove Programs
Always updates on launch
Installed applicationsInstall from the Web, a UNC location, or a CD-ROM
Start menu and Add or Remove Programs
Variety of update options
Launched applicationsApplication launches but doesn’t install
No Start menu and no Add or Remove Programs
Always updates on launch
Installed applicationsInstall from the Web, a UNC location, or a CD-ROM
Start menu and Add or Remove Programs
Variety of update options
Microsoft Australia Security Summit
ClickOnce BasicsUpdate OptionsClickOnce BasicsUpdate Options
On application startupIf an update is found, ask the user to update the application
After application startupIf an update is found, ask the user to update on the next run
Required updatesSpecified by using the minimum required version
Programmatic updatingIntegrate the update experience into the application
On application startupIf an update is found, ask the user to update the application
After application startupIf an update is found, ask the user to update on the next run
Required updatesSpecified by using the minimum required version
Programmatic updatingIntegrate the update experience into the application
Microsoft Australia Security Summit
ClickOnce BasicsApplication BootstrapperClickOnce BasicsApplication Bootstrapper
Installs the application prerequisites.NET FX, Microsoft DirectX®, MDAC, and so on
Requires administrator rights
Extensible architecture
Manages reboots
Install the ClickOnce application after the prerequisites
Use ClickOnce for automatic updates
No automatic updating of prerequisite components
Installs the application prerequisites.NET FX, Microsoft DirectX®, MDAC, and so on
Requires administrator rights
Extensible architecture
Manages reboots
Install the ClickOnce application after the prerequisites
Use ClickOnce for automatic updates
No automatic updating of prerequisite components
Microsoft Australia Security Summit
ClickOnce BasicsThe Bootstrapper in ActionClickOnce BasicsThe Bootstrapper in Action
Setup.exeSetup.exe
Dotnetfx.exeDotnetfx.exe
Web ServerWeb Server
Mdac_typ.exeMdac_typ.exe
Custom.msiCustom.msi
Bar.applicationBar.application RebootReboot
Client PCClient PCDotnetfx.exeDotnetfx.exe
Custom.msiCustom.msi
Bar.applicationBar.application MDAC detected!MDAC detected!
Setup.exeSetup.exe
Microsoft Australia Security Summit
Building, Deploying and Updating a Client ApplicationBuilding, Deploying and Updating a Client Application
Microsoft Australia Security Summit
SecuritySecure Execution Environment (Sandbox)SecuritySecure Execution Environment (Sandbox)
ClickOnce applications run in a sandbox by default
Permissions are based on origin Internet, Intranet, or Full Trust
Ensures that applications are safe to run
Similar to Microsoft Internet Explorer and JavaScript
Applications often need higher trustCall unmanaged code
Access the file system or the registry
Connect to a database
Consume Web services
ClickOnce applications run in a sandbox by default
Permissions are based on origin Internet, Intranet, or Full Trust
Ensures that applications are safe to run
Similar to Microsoft Internet Explorer and JavaScript
Applications often need higher trustCall unmanaged code
Access the file system or the registry
Connect to a database
Consume Web services
Microsoft Australia Security Summit
SecurityDetermining Permission RequirementsSecurityDetermining Permission Requirements
Security pane of Project DesignerUse to manually configure permissions
Permissions CalculatorCalculates the least-required permissions
Debug in the sandboxDebug applications with partial trust
Exception Assistant
Microsoft Intellisense® in the sandboxFiltered based on the security context
Security pane of Project DesignerUse to manually configure permissions
Permissions CalculatorCalculates the least-required permissions
Debug in the sandboxDebug applications with partial trust
Exception Assistant
Microsoft Intellisense® in the sandboxFiltered based on the security context
Microsoft Australia Security Summit
SecurityTrusted Application DeploymentSecurityTrusted Application Deployment
Establishes deployment authorityOne-time distribution
Configures the trusted license issuer
Trust licensesIssued by an authority
Deployed with applications
Application-developer tasksObtain a trust license (.tlic file)
Set the deployment ticket property
Establishes deployment authorityOne-time distribution
Configures the trusted license issuer
Trust licensesIssued by an authority
Deployed with applications
Application-developer tasksObtain a trust license (.tlic file)
Set the deployment ticket property
Microsoft Australia Security Summit
SecurityUser Consent ModelSecurityUser Consent Model
Users make trust decisions all the timeInstalling software from CD-ROMs
Useful for targeting random computersInternet or unmanaged Intranet
User is the administrator
Request the required permissionsWhen the application needs permissions that are higher than the sandbox
Administrators can disable prompting through policy
Users make trust decisions all the timeInstalling software from CD-ROMs
Useful for targeting random computersInternet or unmanaged Intranet
User is the administrator
Request the required permissionsWhen the application needs permissions that are higher than the sandbox
Administrators can disable prompting through policy
Microsoft Australia Security Summit
SecuritySecure UpdatesSecuritySecure Updates
ClickOnce manifests are signedXMLDSIG
Publisher key is needed to deploy updates
Ensures that updates come from the original author
Guarantees a unique application identity
Only the original publisher can updatePrevents the automatic deployment of viruses
ClickOnce manifests are signedXMLDSIG
Publisher key is needed to deploy updates
Ensures that updates come from the original author
Guarantees a unique application identity
Only the original publisher can updatePrevents the automatic deployment of viruses
Microsoft Australia Security Summit
Programming ClickOnceProgramming ScenariosProgramming ClickOnceProgramming Scenarios
Application updatingImplement the Update Now menu item
Match the client with back-end programs
Customize when-to-update logicLimit updates to only early adopters
Limit updates based on the server load
On-demand downloadProgressive installation
Shell with application plug-ins
System.Deployment namespaceApplicationDeployment
Application updatingImplement the Update Now menu item
Match the client with back-end programs
Customize when-to-update logicLimit updates to only early adopters
Limit updates based on the server load
On-demand downloadProgressive installation
Shell with application plug-ins
System.Deployment namespaceApplicationDeployment
Microsoft Australia Security Summit
Programming ClickOnce Application UpdatingProgramming ClickOnce Application Updating
Control when and how the application updates
CheckForUpdate
GetUpdateCheckInfo
Update
Synchronous and asynchronous versions of methods
Available only for applications that are deployed through ClickOnce
Use IsNetworkDeployed
Control when and how the application updates
CheckForUpdate
GetUpdateCheckInfo
Update
Synchronous and asynchronous versions of methods
Available only for applications that are deployed through ClickOnce
Use IsNetworkDeployed
Microsoft Australia Security Summit
Programming ClickOnceOn-Demand DownloadProgramming ClickOnceOn-Demand Download
Group files in the manifestPut related files in the same group
Download files as a group
Marks files as optional in the manifest
Optional files are not downloaded during the installation
AreFilesLocal
DownloadFilesTakes a group or file name
Simultaneously delivery (synchronous or asynchronous) of multiple downloaded files
Group files in the manifestPut related files in the same group
Download files as a group
Marks files as optional in the manifest
Optional files are not downloaded during the installation
AreFilesLocal
DownloadFilesTakes a group or file name
Simultaneously delivery (synchronous or asynchronous) of multiple downloaded files
Microsoft Australia Security Summit
Implementing User-Initiated UpdatesImplementing User-Initiated Updates
Microsoft Australia Security Summit
SummarySummary
ClickOnce makes client-application deployment easy and safe
Visual Studio bootstrapper facilitates the easy redistribution of prerequisites
Visual Studio 2005 provides integrated developer support for ClickOnce
ClickOnce APIs support a variety of application-update scenarios
ClickOnce makes client-application deployment easy and safe
Visual Studio bootstrapper facilitates the easy redistribution of prerequisites
Visual Studio 2005 provides integrated developer support for ClickOnce
ClickOnce APIs support a variety of application-update scenarios
Microsoft Australia Security Summit
Thank you!Thank you!
Please fill in your evaluation formsPlease fill in your evaluation forms
Microsoft Australia Security Summit
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only.
MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.Content created by 3 Leaf Solutions.
Microsoft Australia Security Summit