visual studio whidbey: deploying applications using clickonce sean draine program manager microsoft...
TRANSCRIPT
Visual Studio Whidbey: Deploying Applications Using ClickOnce
Sean DraineProgram ManagerMicrosoft Corporation
Session Code: TLS344
AgendaAgenda
ClickOnce Design GoalsDemo: ClickOnce end to endSigning and SecurityDemo: Targeting the sandboxBootstrapping prerequisite componentsDemo: Component BootstrapperSummary
ClickOnce Design GoalsDemo: ClickOnce end to endSigning and SecurityDemo: Targeting the sandboxBootstrapping prerequisite componentsDemo: Component BootstrapperSummary
ClickOnce VisionClickOnce Vision
Bring the ease & reliability of web application deployment to client applications.
Bring the ease & reliability of web application deployment to client applications.
ClickOnce Design GoalsClickOnce Design Goals
Safety of Web applicationsApplication isolation
Easy to installNo large infrastructure investment Apps can be installed by User
Easy to updateApp automatically detects and applies updates
Safety of Web applicationsApplication isolation
Easy to installNo large infrastructure investment Apps can be installed by User
Easy to updateApp automatically detects and applies updates
Web or Rich Client?Web or Rich Client?
Web clientPortals, search engines, documents, simple formsReach desktops without .NET Framework
ClickOnce rich clientRich user experience
Leverage Windows controls and standardsDrag/drop, right-click, keyboard shortcuts, etc.Reduce network round trips
Offline supportWindows shell integration
Web clientPortals, search engines, documents, simple formsReach desktops without .NET Framework
ClickOnce rich clientRich user experience
Leverage Windows controls and standardsDrag/drop, right-click, keyboard shortcuts, etc.Reduce network round trips
Offline supportWindows shell integration
The Best of the Client & WebThe Best of the Client & Web
Web ClickOnce
MSI Client
Reach Y
No Touch Deployment Y Y
Low System Impact Y Y
Install/Run Per-User Y Y
Rich / Interactive Y Y
Offline Y Y
Windows Shell Integration Y Y
Per-Machine/Shared Components
Y
Unrestricted Install Y
ClickOnce End to End
Sean DraineProgram ManagerMicrosoft Corporation
Code Access SecurityCode Access Security
ClickOnce apps default to partial trust
Permissions based on origin
Internet, Intranet, or full trust (local)
Apps may need more permission
Call unmanaged code (e.g., export to Excel)
Access file system
Connect to database or Web server
ClickOnce apps default to partial trust
Permissions based on origin
Internet, Intranet, or full trust (local)
Apps may need more permission
Call unmanaged code (e.g., export to Excel)
Access file system
Connect to database or Web server
Elevating Trust via PolicyImproved Policy ModelElevating Trust via PolicyImproved Policy Model
Establish deployment authority
Requires one time ever client deployment
Trust licenses
Issued by authority, deployed with app
Included in deployment manifest
Trust can be scoped
Application
Author (public key token)
Establish deployment authority
Requires one time ever client deployment
Trust licenses
Issued by authority, deployed with app
Included in deployment manifest
Trust can be scoped
Application
Author (public key token)
Elevating Trust via PromptingElevating Trust via Prompting
Useful for targeting “PC in the wild” Internet or unmanaged Intranet User is the admin
App requests required permissionsUser prompted if:
App needs permissions above the sandboxInternet applications must be Authenticode signed
Admin can disable prompting through policy
Useful for targeting “PC in the wild” Internet or unmanaged Intranet User is the admin
App requests required permissionsUser prompted if:
App needs permissions above the sandboxInternet applications must be Authenticode signed
Admin can disable prompting through policy
Targeting the SandboxTargeting the Sandbox
Debug In SandboxDebug applications in partial trustException Assistant
Intellisense In SandboxFiltered based on securitycontext
Permission CalculatorCalculates least required permissions
Debug In SandboxDebug applications in partial trustException Assistant
Intellisense In SandboxFiltered based on securitycontext
Permission CalculatorCalculates least required permissions
Strong name signingStrong name signingClickOnce manifests must be signed
Security: ensures updates came from original authorEnsures unique app identity
Authenticode signing required for elevated trust on Internet
ClickOnce manifests must be signedSecurity: ensures updates came from original authorEnsures unique app identity
Authenticode signing required for elevated trust on Internet
VS Signing SupportLarge ISVs and EnterpriseVS Signing SupportLarge ISVs and Enterprise
Private keys worth $$$Signing in development environment
Delay signingSign with temporary key
Signing production bitsPrivate key in lockboxAccessible to build lab only
Private keys worth $$$Signing in development environment
Delay signingSign with temporary key
Signing production bitsPrivate key in lockboxAccessible to build lab only
VS Signing SupportDepartmental, small business, hobbyist
VS Signing SupportDepartmental, small business, hobbyist
Need easy, inexpensive, secure process
Lockbox is overkill
Keys must be portable and shareable
Hard-drive crashes, computer upgrade, small teams
Solution: Password-encrypted key files
Uses PKCS-12 standard formatKey file lives in projectShareable through SCCEnter password once per machine
Need easy, inexpensive, secure process
Lockbox is overkill
Keys must be portable and shareable
Hard-drive crashes, computer upgrade, small teams
Solution: Password-encrypted key files
Uses PKCS-12 standard formatKey file lives in projectShareable through SCCEnter password once per machine
Security and Signing in VS
Sean DraineProgram ManagerMicrosoft Corporation
.NET Framework Deployment.NET Framework Deployment
Managed NetworksDesktops locked down Push technologies
SMS, Intellimirror, Imaging
Unmanaged PCsUser is the admin Component Bootstrapper
FX installed as part of app setup
Managed NetworksDesktops locked down Push technologies
SMS, Intellimirror, Imaging
Unmanaged PCsUser is the admin Component Bootstrapper
FX installed as part of app setup
Component BootstrapperComponent Bootstrapper
Lightweight setup.exe Detects prerequisitesDownloads/installs as needed
Web or disk installationsManages rebootsSupports any msi or exe installer
Out of the box.NET FX, MDAC 9, MSDE, J#, & MSI 2.0
Fully extensible for other components
Lightweight setup.exe Detects prerequisitesDownloads/installs as needed
Web or disk installationsManages rebootsSupports any msi or exe installer
Out of the box.NET FX, MDAC 9, MSDE, J#, & MSI 2.0
Fully extensible for other components
Bootstrapper in actionBootstrapper in action
Setup.exeSetup.exe
Dotnetfx.exeDotnetfx.exe
Web ServerWeb Server
Mdac_typ.exeMdac_typ.exe
Foo.msiFoo.msi
App.deployApp.deploy
WebWeb
RebootReboot
Client PCClient PCDotnetfx.exeDotnetfx.exe
Foo.msiFoo.msi
App.deployApp.deploy MDAC detected!MDAC detected!
Setup.exeSetup.exe
Bootstrapping Custom Components
Sean DraineProgram ManagerMicrosoft Corporation
SummarySummary
ClickOnce makes rich client deployment easy and safeComponent Bootstrapper allows easy redistribution of prerequisitesVS makes ClickOnce deployment easy
ClickOnce makes rich client deployment easy and safeComponent Bootstrapper allows easy redistribution of prerequisitesVS makes ClickOnce deployment easy
Additional ResourcesAdditional Resources
Related sessionsSession CLI371: Longhorn MSI enhancements (Room and time)Session CLI400: Advanced topics in web based deployment (Room and time)
Other resourcesHands on Lab 604
Related sessionsSession CLI371: Longhorn MSI enhancements (Room and time)Session CLI400: Advanced topics in web based deployment (Room and time)
Other resourcesHands on Lab 604
© 2003-2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.