Download presentation
Presentation is loading. Please wait.
Published byNicholas Underwood Modified over 9 years ago
1
DEV396 Windows Forms: No Touch Deployment Tips and Tricks Jamie Cool Program Manager.NET Client Microsoft Corporation
2
Introduction Deploying the Framework Debugging Deployments Performance Tips Designing for Security How to be safe and functional? Safely modifying security policy
3
No Touch Deployment Run managed apps without install Zero-impact Deploy via network (HTTP) URL to EXE Controls in a web page UNC/File Share Requires the.NET FX on the client box
4
Deploying the Framework All deployments require Framework redistributable Detect Framework on web page Built into IE’s User-Agent String Dim clrV as String = Request.Browser.ClrVersion window.navigator.userAgent ASP.NET makes this simple on the server
5
Framework Bootstrapper Versions for RTM, Everett Launches MSI install of Framework Use if Framework not detected Use for local EXE deploys CAVEAT: User must have install rights
6
Debugging URL-Launched Apps URL-launched EXEs run in IEExec System sees IEExec, not “MyApp.exe” How to debug on launch? Launch IEExec from debugger RTM: IEExec url flags [securityZone] [domainID] 1.1: IEExec url
7
Debugging in Browser IEHost – equivalent of IEExec Provides CLR hosting, security Startup errors usually show blank page How to debug? FUSLOGVW.EXE IEHost Debug Log – Q313892
8
Debugging Network Deployments demo demo
9
No-Touch Performance “Probing”: Searching appBase for assemblies Happens for updates, resources Can hammer performance Use.config file to eliminate probing Q814668 OR: Set Language=Neutral in Forms
10
Using.config Files Used by EXEs, Browser controls App-specific data, customization RTM: ASP.NET blocks.config Resolved in 1.1 BUT: Only anonymous access allowed Alternative: Custom XML config via HTTP
11
Code Access Security Evidence-based security model Partial trust: Runs with reduced rights Granular - no more “all-or-none” Extensible (add new permissions)
12
Evidence-Based Security Evidence Strong name, site, Authenticode signature, etc. Permissions Control access to a resource Policy Evidence + Permissions Determines what code can do
13
Demands Make It Work Demand causes stack walk MYAPP (INTRANET).... myComponent.ReadSetting(key); MYCOMPONENT (LOCALMACHINE).... Stream fileStream = FileStream.Open(“settings.xml”);.... Calls Got Permission? Exception CallsFRAMEWORK public FileStream (string name) { FileIOPermission fp = new FileIOPermission(name) FileIOPermission fp = new FileIOPermission(name) fp.Demand() fp.Demand()........}
14
Security In Action demo demo
15
Local Machine - Defaults FullTrust PermissionSet Full access to all machine capabilities UnmanagedCode permission granted But: Requires installation (xcopy) FullTrust double-edged sword
16
Intranet/Internet - Defaults Best End-User Experience No installation No registry touch No admin/user action required But: More limited permissions
17
Comparing Defaults LocalIntranetInternet UI Full Limited Network FullSame site Printing FullVia print dialog File System FullVia file dialog Environment FullSome Unmanaged Full Registry Full Database Full Security Full
18
Working In Partial Trust File system access Use FileDialogs, Isolated Storage Database access XML Web Services Remote XML Web Services Create same-site proxy
19
Working In Partial Trust demo demo
20
Changing Policy Done by Administrators Not designed for end users Also deployable via MSI Limit what you trust Design for “Least Permissions” Trust a particular server, strong name
21
Changing Policy demo demo
22
AllowPartiallyTrustedCallers Required when elevating permissions Signals developer thought about trust using System.Security; … [assembly:AllowPartiallyTrustedCallers()] Imports System.Security …
23
Summary No touch deployment Great model Takes some effort to get right Design security in! Set policies up-front Run in Partial Trust when possible Use trusted core for extended functionality
24
Community Resources Windows Form.Net http://www.windowsforms.net Windows Forms Forums http://www.windowsforms.net/Forums/ MSDN Support Database http://msdn.microsoft.com/support/
25
Community Resources http://www.microsoft.com/communities/default.mspx Most Valuable Professional (MVP) http://www.mvp.support.microsoft.com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http://www.microsoft.com/communities/newsgroups/default.mspx User Groups Meet and learn with your peers http://www.microsoft.com/communities/usergroups/default.mspx
26
Appendix Use Bootstrapper for Framework installs http://msdn.microsoft.com/library/ default.asp?url=/library/en- us/dnnetdep/html/dotnetframedepguid1_1. asp
27
evaluations evaluations
28
© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.