The document discusses the development of Windows and web applications using Visual Studio, covering topics such as deployment, security, and the architecture of n-tier applications. It provides insights into technologies like LINQ to SQL, ClickOnce deployment, and role-based security, along with practical examples and best practices for implementation. Additionally, it highlights challenges and limitations encountered during application deployment and security management, offering suggestions for effective solutions.

1. Developing Windows and Web Applications using Visual Studio.NET Deployment and Security Peter Gfader Senior Software Architect

2. Attendance You initial sheet Hands On Lab You get me to initial sheet Homework Admin Stuff

3. Homework?

4. Code Auditor opinions? VS2010 Code analysis opinions? VS2010 Test manager? Too much?? Session 3: Last week?

5. N-Tier Application Simplified

6. Northwind DAL LINQ to SQL DBML BL WebUI WinUI

7. Isn’t LINQ to SQL a 2 tiered technology? How did we do it?

8. Where does LINQ to SQL fit in? The LINQ to SQL DBML consists of two main parts DataContext – Data Access e.g. NorthwindDataContext Entities – objects representing data in your database e.g. Customer, Order, Employee The DataContext talks to the database and the Entities just hold the data

9. By default it is 2 tiered I can call my data access from my Web using (var db = new NorthwindDataContext()) { return db.Customers.ToList(); } 2 Tiered?

10. Northwind Northwind.Common.Objects DataContext Entities

11. Northwind Northwind.Common.Objects DataContext Entities WebUI WinUI

12. Northwind Northwind.Common.Objects DataContext Entities WebUI WinUI

13. Northwind Northwind.Common.Objects DataContext Entities WebUI WinUI Services

14. The entities should be shared across all the projects UI needs to know how to present the customer Business logic needs to know what to do with a customer Data access needs to know how to get and update a customer What about the DataContext? It’s currently bundled with the entities Can we split it? Where does LINQ to SQL fit in?

15. Create our own generic DataContext class in a new DataAccess project. Create some methods in NorthwindData.cs to get and save data. Make the generated DataContext class internal So how do we separate our Data Access layer?

16. BusinessObjects used in all projects DataContext = internal Create your own DataContext N-Tier Business app

17. Part 1: Deployment of .NET Winforms apps History Deployment & Updates Security Issues & Warnings Configuration and user settings Part 2: Security Role-based security Authentication and Authorization Impersonation Code Access Security Assembly Strong Naming Agenda Session 4: Deployment & Security

18. Part 1 - ClickOnce

19. Windows vs Web forms Which side are you on? Why?

20. ClickOnce - The Best of both Worlds z Web Forms Network Dependency Limited User Experience Complex To Develop Windows Forms Fragile “ DLL Hell” Tough To Update Tough To Deploy Easy To Update Easy To Deploy Easy To Manage Rich User Experience Offline Capable Responsive & Flexible High User Productivity Click Once

21. ClickOnce The Best of both Worlds Which side are you on now?

22. History Remember the good old Windows Installer? Let’s compare it to ClickOnce…

23. History: Feel the pain… Windows Installer vs ClickOnce z Features Windows Installer ClickOnce Click a link Post-installation rollback Does not affect shared components Security permissions required Administrator Internet/Intranet Zone Installation-time user interface Multipart Wizard Single prompt Automatic Updates Application and deployment manifest signing Security permissions granted Full Trust by default only permissions necessary Installation of assemblies on demand Add application to Start menu Application installation location Program Files folder ClickOnce app cache Install time Registry access (so move to app) Limited Installation of Drivers Installation to Global Assembly Cache Installation for multiple users Installation of shared files Add application to Startup group Add application to Favorites menu Register File types Binary File patching

24. The.NET Framework must be already installed Only available offline if you are “Working Offline” Your application will run on the client as partially trusted code only. Bad performance as the executable will try to load several DLLs with localization resources; No way to guarantee that all your files are indeed downloaded; your client may be stuck with a "half updated" application. Your application won't have a shortcut in the desktop or the Start menu. History: Feel the pain… .Net 1.x HREFing .EXEs

25. You must change your application substantially in order to use it Needed to write to C:\Program Files\ It runs as a fully trusted local application, so it pretty much ignores code access security It's not supported by Microsoft. Since it uses BITS to download the application pieces, it does not run under Windows 98/ME. However, Jamie Cool has a work around: .NET Application Updater Component http://www.windowsforms.net/articles/appupdater.aspx History: Feel the pain… Updater Application Block

26. SSW Diagnostics install SSW Diagnostics - Clickonce

27. Let’s create our first ClickOnce application Demo

28. 1. Users download either: Setup.exe (~500kb) Bootsraper which checks pre-requisites Recommended OR 2. Application manifest Boo.application (small but does not check prerequisites) ClickOnce Deployment - How it works? z

29. Architecture based on two XML manifest files: Application manifest Authored by the developer Describes the application Example: which assemblies constitute the application Deployment manifest Authored by the administrator Describes the application deployment Example: which version clients should use ClickOnce Deployment Deployment Manifests

30. ClickOnce Deployment - Deployment Manifests z 1.0  1.1 Application Manifest Web Page Link to Manifest Deployment Manifest 1.0 Application Manifest 1.1

31. Deployed Files

32. ClickOnce Deployment - Bootstraper What does the bootstrapper do? z Setup.exe Dotnetfx.exe Mdac_typ.exe Custom.msi Bar.application Reboot Dotnetfx.exe Custom.msi Bar.application MDAC detected! Setup.exe  

33. Q: Which way? A: Depends on pre-requisites Q: What if the only pre-requisite is .NET 2? A: TIP: use Request.Browser.ClrVersion; dim verHave as Version = Request.Browser.ClrVersion dim verNeed as Version = new Version(&quot;2.0.50727&quot;) if ( verHave < verNeed ) then Response.Write(&quot;<a href=&quot;&quot;./Download/Setup.exe&quot;&quot;>&quot;) else Response.Write(&quot;<a href=&quot;&quot;./Download/SSWDiagnostics.application&quot;&quot;>&quot;) end if ClickOnce Deployment Which download to provide?

34. ClickOnce Deployment Prerequisites Missing prerequisites must be installed using separate redistributable packages. The deployment tools in Visual Studio let you install the .NET Framework and other redistributables as a part of your installation (bootstrapping). Note: Prerequisites can be downloaded beforehand into a network location to avoid redundant prerequisite downloads on networks z

35. Before installing an application on a client computer, ClickOnce will examine the client to ensure that it has certain requirements specified in the application manifest. These include: The minimum required version of the CLR The minimum required version of the Windows OS The minimum version of any and all assemblies that must be preinstalled in the GAC ClickOnce Deployment Prerequisites Note #1: If you specify an alternate prerequisite location, the packages must exist there; these errors are not handled with ClickOnce Note #2: While selecting your prerequisites, keep in mind that prerequisites might need administrator privileges to be installed.

36. Install from the Web or a Network Share ( Default Strategy) (a Setup.exe) Install from a CD (a Setup.exe) Run the Application from the Web or a Network Share ClickOnce Deployment - Strategies

37. ClickOnce Deployment Strategies Compared Web Install CD Install Web Run Adds Shortcuts Adds Add/Remove Requires Updates Allow Passing of Query Parameters Doesn’t require internet

38. ClickOnce Deployment Setup Interface

39. ClickOnce Deployment Setup Options Interface

40. ClickOnce uses the file version information specified in an application's deployment manifest to decide whether to update the application's files. After an update begins, ClickOnce uses a technique called file patching to avoid redundant downloading of application files. But, what is a File Patching? Compares the hash signatures of the files specified in the application manifest for the current application against the signatures in the manifest for the new version. ClickOnce Update How it works? Note 1: If you use Visual Studio to compile your application, it will generate new hash signatures for all files whenever you rebuild the entire project. Note 2: File patching does not work for files that are marked as data and stored in the data directory C:\Documents and Settings\AdamCogan\Local Settings\Apps\2.0

41. ClickOnce Update - How it works? z Yes No Application Store Installed Startup SHIM My Application Deployment Framework Service What is a SHIM? It’s a small piece of software that is added to an existing system program or protocol in order to provide some enhancement. Update Check?

42. ClickOnce Update - Strategies Checking for Updates after Application Startup background thread locate and read the deployment manifest best for low-bandwidth network connections or for larger applications

43. Checking for Updates before Application Startup ClickOnce Update - Strategies

44. Making Updates Required ClickOnce Update - Strategies

45. For optional updates, t he user can either accept or skip the update This dialog will not appear when an update is required To make an update required in Visual Studio 2010, you need to set the Minimum Required Version field in the Updates dialog box to match the version of the application you’re currently publishing We recommend just 4 prior versions ClickOnce Update Optional and Required Updates

46. ClickOnce Update - Blocking Want more control over the update? You may block update checking altogether and provide UI for updates using Deployment API in your application z

47. What if you release a bad version?

48. The latest 2 versions of the application are stored, the rest are removed. Clients may restore back 1 application update. Advanced Rolling back updates

49. Two types of settings: User and Application User Settings & Configuration

50. Strongly Typed Settings in code VB.NET Project Properties > Settings In code: My.Settings.ExportPath C# In code: Properties.Settings.Defaults.ExportPath User Settings

51. User editable Stored in C:\Documents and Settings\<username>\Local Settings\ApplicationData C:\users\<username>\Local Settings\ApplicationData User Settings

52. Read Only Changing by Editing the settings files Redeploy Application Settings

53. Create a bad version and deploy it Rollback to a previous version Update again with a good version Demo

54. Server Processing is fine Normal activation of a “ClickOnce” application is very inexpensive for the server & network Bandwidth is an issue Consider network bandwidth needed for initial application deployment & application updates However, the standard methods & techniques used to scale web or file servers can be used for “ClickOnce” applications (e.g server farms, etc) Advanced Scalability

55. Location for ClickOnce applications On XP: %userprofile%\Local Settings\Apps On VISTA or Win7: %userprofile%\AppData\Local\Apps Cache quota is 250MB Data files do not count toward this limit Modify by changing Registry key: HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows \CurrentVersion\Deployment\OnlineAppQuotaInKB Advanced Cache Note: The value in the OnlineAppQuoteInKB registry key is a DWORD that expresses the cache size in kilobytes

56. Issue: Clients accessing the internet through proxy servers will get the error when launching the application: The remote server returned an error: (407) Proxy Authentication Required Default credentials to the proxy are not passed through, ClickOnce attempts to download the files without going through the proxy. Workaround: A hot fix is available from Microsoft to replace the System.Deployment.dll or wait until the next service pack comes out for .Net 2. You must contact Microsoft for it. http://support.microsoft.com/kb/917952 BUGS Proxy Servers on Client Machines

57. Issue: The problem is that (rarely) the publish revision number that Visual Studio has in memory sometime gets out of sync with the publish revision number that is stored is the user project file (.xxproj.user). Users would get the following: Error 68 Publish failed with the following error: Could not find a part of the path… Workaround: The easiest work around, which is to manually up the publish revision number and choose File -> Save All. BUGS Publish Version sync issues

58. Issue: ClickOnce doesn’t work on non-IE browsers (by default). ClickOnce provides IE with a mime handler interface for the mime type application/x-ms-application which is associated with .application files on servers hosting ClickOnce application. So what happens in firefox? .application file is downloaded. If manifest contains relative paths, it will fall over. If it contains full paths, it will fail due to security checks (in place by ClickOnce team). Workaround: Firefox: There is an official Add-on https://addons.mozilla.org/firefox/1608/ Non-Firefox: ClickOnce helper is an attempted a solution, however it is not tested http://www.softwarepunk.com/cohelper/ Note: The ClickOnce team will fix this in the next release of the framework. Warnings ClickOnce and non-IE Browsers

59. Issue: The File Patching model for assemblies (even strong assemblies) is based entirely on file hash. Projects when rebuilt in VS often cause the same assemblies (exactly same source) to have different hashes. Hence if you are rebuilding your entire v2.0 solution its possible that assemblies that have not changed in terms of functionality will still have a different hash and hence be downloaded again by ClickOnce instead of being copied locally. Workaround: Don’t hit rebuild unless you need to! (when references might’ve changed) Warnings File Patching and Rebuilds

60. Issue: The manifest file for the <AppName>.exe.manifest is overwritten, causes strange compile errors when included in the solution. Workaround: You don’t need the manifest file in .Net 2 for XP Styles. If you need it for any other reason, then merge your manifest into the one built with clickonce. Note: If you are running SSW Code Auditor, this would not have been a problem  Warnings Manifest Overwriting

61. Issue: There are no file compression mechanisms in ClickOnce. By default, your file will be downloaded uncompressed across the network/internet. Workaround: ClickOnce supports HTTP 1.1 compression. Simply enable this on your web server & the files downloaded will be compressed. Warnings File Compression

62. Rollback Feedback We want our clients to give us feedback as to why they are rolling back a version Rollback Count Clients should be able to rollback back to a certain number of versions (set by the developer) Version Download/Update/Rollback Stats What versions our clients are downloading, updating to and rolling back from. Presented in Reporting Services reports. Microsoft should release MSN messenger as a ClickOnce app. Staged Rollout Specify beta testers, and grouped downloads via authentication eg. MSN Messenger could let MVPs and RDs get the latest beta We want 10% released each day, to manage bandwidth and transition. Scalability limit to x concurrent - the rest would not be told of the new version until later. Suggestions & Missing Features

63. You must consider: What about your previous Windows Installer installation on the client machines? Suggestion: Create a prerequisite that checks for and uninstalls the previous versions. (or uninstall it in the start of your app) Where is your data stored? ClickOnce uses different App folders for each new version, for each user. Suggestion: Use [ApplicationData] folder if the settings are per user, otherwise [CommonApplicationData] per application for all users. You must consider the Limitations Moving your Application to ClickOnce

64. Can’t install Shared files Drivers Assemblies in GAC For multiple users Office addins Installation UI cannot be changed Can’t add application to Startup group, Favorites menu Bootstrappers still need admin privileges if there are prerequisite redistributables Can’t register file types No updating via FTP Limitations Overview

65. Part 2 - Security

66. Why do we need security in our applications? Protect our investment – keep malicious users out Protect sensitive data Medical records, customer details, salary info… Security

67. 2 parts to .NET Security Role-based security Protects the application from the bad users Code Access Security (CAS) Protects the user’s system from bad application Security in .NET

68. How do we know who is using our application? (Authentication) e.g. Who are you? And how do we control what they can and cannot do? (Authorisation) e.g. employee info – don’t want employees to see each other’s salaries Role-based Security

69. In .NET, Users = Identities Authentication & Authorisation

70. In .NET, Groups = Roles Authentication & Authorisation

71. Where can we store a list of valid users? Active Directory (Common for internal apps) Database (Common for external applications) Web Service XML Excel etc. Authentication & Authorisation

72. Demo

73. We saw Windows (Integrated) Authentication Check against the user I am logged in as Authorisation Enable/disable button This can obviously be extended Locking methods e.g. “ViewCreditCardInfo” Custom messages Authentication & Authorisation

74. Authentication & Authorisation IIdentity (Authentication) IPrincipal (Authorisation) Active Directory (Windows Security) Generic (Text-based) Read from Database (Custom) … …

75. What is Impersonation? Tim goes to pick up a parcel for Adam Tim goes to the PO but access is denied (only Adam is allowed to have the parcel) Tim returns with Adam’s ID Staff says OK – Tim gets the parcel Impersonation

76. Running the code under another person’s permission. i.e. Doing something on someone else’s behalf Webforms example Accessing network share as domain user instead of the default local ASPNET account Winforms example Manager in Supermarket has to login to offer the customer the discount. Impersonation

77. How does it work? User logs in to website as “DOMAIN\TomJones” IIS checks the login against Active Directory If the login matches the one in Active Directory, the user is now impersonating a Windows user Application can now login to database, perform any functions that the Windows user can Impersonation

78. Impersonation Impersonation (example) Login via web as “ DOMAIN\TomJones” IIS checks login against Active Directory .NET code is now impersonating Windows User DOMAIN\TomJones

79. e.g. you have a public web site (blog, forums, ebay etc.) How would the user connect to the database? Embed a login and password in your connection string VERY BAD – this is stored in plain text AD / Impersonation BAD – big list of users BAD – can’t extend data Give the web ASPNET account access to the database GOOD for unknown numbers of users (i.e. public websites) GOOD – no stored credentials (using integrated security) What about lots of users?

80. e.g. you want your company users to log in on a public site So that they can get to company-only information Mixed mode Check against AD Check against Database Special case - Mixed

81. Imagine a world without SPAM and SpyWare… Code Access Security

82. What is Code Access Security (CAS) ? Protect your system against evil code Rules enforced by the .NET Framework Code Access Security

83. Who should control CAS policies? System administrators Not developers! Code Access Security

84. How do you know your software came from its publisher? e.g. SSW Registration Someone could simply replace the DLLs in the folder and your application would use that Assembly Strong Naming

85. Enter Strongly Named Assemblies… Use a special private key to uniquely “sign” an assembly (e.g. SSW Registration) The caller (e.g. SSW Code Auditor) uses a public key to “unlock” the code This guarantees the authenticity of any external components your application is using Really easy to use… Assembly Strong Naming

86. ClickOnce Security

87. Custom Permission settings can be set for the following: ClickOnce Security Partial Trust Permission Settings

88. Zero-impact installation Files cached under user profile Cannot touch shared resources on machine Code Access Security sandbox execution Based on origin of files (deployment server) Can elevate permissions through user prompting Can elevate permissions automatically through trust license XML Signature Signed manifests to ensure authentication and integrity Note : VS.NET enforces permissions during debugging  ClickOnce Security Security Features

89. Security in .NET www.4guysfromrolla.com/webtech/121901-1.shtml VS2010 - Where did my permission set controls go? http://blogs.msdn.com/krimakey/archive/2009/05/20/where-did-my-permission-set-controls-go.aspx Useful links

90. To get rid of all cursor statements Resources - AutoWaitCursor public void DoWork() { try { this.Cursor = Cursors.WaitCuros; DoSomeBigThing(); . . . . } catch() { . . . .. . . . . . } finally { . . . . this.Cursor = Cursors.Default; } }

91. VB version http://www.vbusers.com/codecsharp/codeget.asp?ThreadID=58&PostID=1&NumReplies=0 Convert to C# ;-) Resources - AutoWaitCursor

92. http://blogs.msdn.com/saurabh/archive/2006/03/02/541988.aspx http://blogs.msdn.com/clickonce/ http://blogs.msdn.com/saurabh/archive/2006/01/25/517613.aspx http://blogs.msdn.com/winformsue/archive/category/11821.aspx http://www.softwarepunk.com/cohelper/ http://msdn2.microsoft.com/en-us/library/142dbbz4.aspx http://www.windowsforms.net/FAQs/default.aspx?PageID=3&CategoryID=24&SubcategoryID=27&tabindex=2 http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=615033&SiteID=1 http://www.code-magazine.com/article.aspx?quickid=0601041&page=3 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnreal/html/realworld12012004.asp http://www.windowsforms.net/articles/appupdater.aspx http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=173747&SiteID=1 http://support.microsoft.com/kb/917952 References

93. What's next?

94. 3 things… PeterGfader @ ssw.com.au http:// peitor.blogspot.com twitter.com /peitor

95. Thank You! Gateway Court Suite 10 81 - 91 Military Road Neutral Bay, Sydney NSW 2089 AUSTRALIA ABN: 21 069 371 900 Phone: + 61 2 9953 3000 Fax: + 61 2 9953 3105 [email_address] www.ssw.com.au