dev396 windows forms: no touch deployment tips and tricks jamie cool program manager.net client...
TRANSCRIPT
DEV396Windows Forms:No Touch Deployment Tips and TricksJamie Cool
Program Manager
.NET Client
Microsoft Corporation
Introduction
Deploying the Framework
Debugging Deployments
Performance Tips
Designing for SecurityHow to be safe and functional?
Safely modifying security policy
No Touch Deployment
Run managed apps without installZero-impact
Deploy via network (HTTP)URL to EXE
Controls in a web page
UNC/File Share
Requires the .NET FX on the client box
Deploying the Framework
All deployments require Framework redistributable
Detect Framework on web pageBuilt into IE’s User-Agent String
Dim clrV as String = Request.Browser.ClrVersion
window.navigator.userAgent
ASP.NET makes this simple on the server
Framework Bootstrapper
Versions for RTM, Everett
Launches MSI install of Framework
Use if Framework not detected
Use for local EXE deploys
CAVEAT: User must have install rights
Debugging URL-Launched Apps
URL-launched EXEs run in IEExec
System sees IEExec, not “MyApp.exe”
How to debug on launch?Launch IEExec from debugger
RTM: IEExec url flags [securityZone] [domainID]
1.1: IEExec url
Debugging in Browser
IEHost – equivalent of IEExecProvides CLR hosting, security
Startup errors usually show blank page
How to debug?FUSLOGVW.EXE
IEHost Debug Log – Q313892
Debugging Network Debugging Network DeploymentsDeployments
demodemo
No-Touch Performance
“Probing”: Searching appBase for assemblies
Happens for updates, resources
Can hammer performance
Use .config file to eliminate probing Q814668
OR: Set Language=Neutral in Forms
Using .config Files
Used by EXEs, Browser controlsApp-specific data, customization
RTM: ASP.NET blocks .config
Resolved in 1.1
BUT: Only anonymous access allowed
Alternative: Custom XML config via HTTP
Code Access Security
Evidence-based security model
Partial trust: Runs with reduced rights
Granular - no more “all-or-none”
Extensible (add new permissions)
Evidence-Based Security
EvidenceStrong name, site, Authenticode signature, etc.
PermissionsControl access to a resource
PolicyEvidence + Permissions
Determines what code can do
Demands Make It Work
Demand causes stack walkMYAPP (INTRANET)MYAPP (INTRANET). . . .. . . .myComponent.ReadSetting(key);myComponent.ReadSetting(key);. . . .. . . .
MYCOMPONENT (LOCALMACHINE)MYCOMPONENT (LOCALMACHINE). . . .. . . .Stream fileStream = FileStream.Open(“settings.xml”);Stream fileStream = FileStream.Open(“settings.xml”);. . . .. . . .
CallsCalls
Got Permission?Got Permission?
Got Permission?Got Permission?
ExceptionException
CallsCalls
FRAMEWORKFRAMEWORKpublic FileStream (string name) {public FileStream (string name) { FileIOPermission fp = new FileIOPermission(name)FileIOPermission fp = new FileIOPermission(name) fp.Demand()fp.Demand() . . . .. . . .}}
Security In ActionSecurity In Action
demodemo
Local Machine - Defaults
FullTrust PermissionSetFull access to all machine capabilities
UnmanagedCode permission granted
But: Requires installation (xcopy)
FullTrust double-edged sword
Intranet/Internet - Defaults
Best End-User ExperienceNo installation
No registry touch
No admin/user action required
But: More limited permissions
Comparing Defaults
Local Intranet Internet
UI Full Full Limited
Network Full Same site Same site
Printing Full Via print dialog Via print dialog
File System Full Via file dialog Via file dialog
Environment Full Some
Unmanaged Full
Registry Full
Database Full
Security Full
Working In Partial Trust
File system accessUse FileDialogs, Isolated Storage
Database accessXML Web Services
Remote XML Web ServicesCreate same-site proxy
Working In Partial Working In Partial TrustTrust
demodemo
Changing Policy
Done by AdministratorsNot designed for end users
Also deployable via MSI
Limit what you trustDesign for “Least Permissions”
Trust a particular server, strong name
Changing PolicyChanging Policy
demodemo
AllowPartiallyTrustedCallers
Required when elevating permissions
Signals developer thought about trust
using System.Security;
…
[assembly:AllowPartiallyTrustedCallers()]
Imports System.Security
…
<assembly:AllowPartiallyTrustedCallers()>
Summary
No touch deploymentGreat model
Takes some effort to get right
Design security in!Set policies up-front
Run in Partial Trust when possible
Use trusted core for extended functionality
Community ResourcesCommunity Resources
Windows Form.Nethttp://www.windowsforms.net
Windows Forms Forumshttp://www.windowsforms.net/Forums/
MSDN Support Databasehttp://msdn.microsoft.com/support/
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
Appendix
Use Bootstrapper for Framework installs
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetdep/html/dotnetframedepguid1_1.asp
evaluationsevaluations
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.