1 / 75

Developing Windows and Web Applications using Visual Studio.NET Deployment and Security

Developing Windows and Web Applications using Visual Studio.NET Deployment and Security. Zune Vien Julian Bueno. Admin Stuff. Attendance You initial sheet Hands On Lab You get me to initial sheet Homework. Homework?. Session 3: Last week?. Code Auditor opinions?

chaim
Télécharger la présentation

Developing Windows and Web Applications using Visual Studio.NET Deployment and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Developing Windows and Web Applications using Visual Studio.NETDeployment and Security Zune Vien Julian Bueno

  2. Admin Stuff • Attendance • You initial sheet • Hands On Lab • You get me to initial sheet • Homework

  3. Homework?

  4. Session 3: Last week? • Code Auditor opinions? • VS2010 Code analysis opinions? • VS2010 Test manager? • Too much??

  5. N-Tier Application Simplified

  6. UI Business Data Data Access Common Objects WebUI BL DAL Northwind WinUI LINQ to SQL DBML

  7. How did we do it? • Isn’t LINQ to SQL a 2 tiered technology?

  8. Where does LINQ to SQL fit in? • The LINQ to SQL DBML consists of two main parts • DataContext – Data Access • e.g. NorthwindDataContext • Entities – objects representing data in your database • e.g. Customer, Order, Employee • The DataContext talks to the database and the Entities just hold the data

  9. 2 Tiered? • By default it is 2 tiered • I can call my data access from my Web • using (var db = new NorthwindDataContext()){ return db.Customers.ToList();}

  10. Data Data Access/Classes Northwind Northwind.Common.Objects DataContext Entities

  11. UI Data Data Access/Classes WebUI WinUI Northwind Northwind.Common.Objects DataContext Entities

  12. UI Data Data Access/Classes WebUI WinUI Northwind Northwind.Common.Objects DataContext Entities

  13. UI Data Data Access/Classes Business WebUI Services WinUI Northwind Northwind.Common.Objects DataContext Entities

  14. Where does LINQ to SQL fit in? • The entities should be shared across all the projects • UI needs to know how to present the customer • Business logic needs to know what to do with a customer • Data access needs to know how to get and update a customer • What about the DataContext? • It’s currently bundled with the entities • Can we split it?

  15. So how do we separate our Data Access layer? • Create our own generic DataContext class in a new DataAccess project. • Create some methods in NorthwindData.cs to get and save data. • Make the generated DataContext class internal

  16. N-Tier Business app • BusinessObjects used in all projects • DataContext = internal • Create your own DataContext

  17. AgendaSession 4: Deployment & Security Part 1: Deployment of .NET Winforms apps • History • Deployment & Updates • Security • Issues & Warnings • Configuration and user settings Part 2: Security • Role-based security • Authentication and Authorization • Impersonation • Code Access Security • Assembly Strong Naming

  18. Part 1 -ClickOnce

  19. Windows vs Web forms Which side are you on? Why?

  20. z ClickOnce - The Best of both Worlds Click Once Windows Forms Web Forms Rich UserExperience NetworkDependency Tough ToDeploy Easy To Update Offline Capable Tough To Update Easy To Deploy Limited UserExperience High User Productivity Easy To Manage Fragile “DLL Hell” Responsive & Flexible Complex To Develop

  21. ClickOnceThe Best of both Worlds Which side are you on now? ClickOnce Web Apps

  22. History Remember the good old Windows Installer? Let’s compare it to ClickOnce…

  23. z History: Feel the pain… Windows Installer vsClickOnce

  24. SSW Diagnostics - Clickonce SSW Diagnostics install

  25. Demo Let’s create our first ClickOnce application

  26. z ClickOnce Deployment - How it works? 1. Users download either: Setup.exe (~500kb) Bootsraper which checks pre-requisites Recommended OR 2. Application manifestBoo.application(small but does not check prerequisites)

  27. ClickOnce DeploymentDeployment Manifests Architecture based on two XML manifest files: • Application manifest • Authored by the developer • Describes the application • Example: which assemblies constitute the application • Deployment manifest • Authored by the administrator • Describes the application deployment • Example: which version clients should use

  28. z ClickOnce Deployment - Deployment Manifests Application Manifest Deployment Manifest 1.0 Web Page Link to Manifest 1.1 1.0  1.1 Application Manifest

  29. Deployed Files

  30. z ClickOnce Deployment - Bootstraper What does the bootstrapper do? Client PC Web Server Setup.exe Setup.exe Dotnetfx.exe Dotnetfx.exe Mdac_typ.exe a Custom.msi Custom.msi Reboot MDAC detected! Bar.application Bar.application a

  31. ClickOnce DeploymentWhich download to provide? Q: Which way? A: Depends on pre-requisites Q: What if the only pre-requisite is .NET 2? A: TIP: use Request.Browser.ClrVersion; dim verHave as Version = Request.Browser.ClrVersion dim verNeed as Version = new Version("2.0.50727") if ( verHave < verNeed ) then Response.Write("<a href=""./Download/Setup.exe"">") else Response.Write("<a href=""./Download/SSWDiagnostics.application"">") end if

  32. ClickOnce Deployment - Strategies Install from the Web or a Network Share (Default Strategy) (a Setup.exe) Install from a CD (a Setup.exe) Run the Application from the Web or a Network Share

  33. ClickOnce DeploymentStrategies Compared

  34. ClickOnceDeploymentSetup Interface

  35. ClickOnceDeploymentSetup Options Interface

  36. ClickOnceUpdateHow it works?  • ClickOnce uses the file version information specified in an application's deployment manifest to decide whether to update the application's files. • After an update begins, ClickOnce uses a technique called file patching to avoid redundant downloading of application files. But, what is a File Patching? Compares the hash signatures of the files specified in the application manifest for the current application against the signatures in the manifest for the new version. Note 1: If you use Visual Studio to compile your application, it will generate new hash signatures for all files whenever you rebuild the entire project. Note 2: File patching does not work for files that are marked as data and stored in the data directory C:\Documents and Settings\AdamCogan\Local Settings\Apps\2.0

  37. z ClickOnce Update -How it works?  Update Check? Deployment Framework Service Application Store What is a SHIM?It’s a small piece of software that is added to an existing system program or protocol in order to provide some enhancement. Yes No Installed Startup SHIM My Application

  38. ClickOnce Update - Strategies Checking for Updates after Application Startup background thread locate and read the deployment manifest best for low-bandwidth network connectionsor for larger applications

  39. Checking for Updates before Application Startup ClickOnce Update - Strategies

  40. Making Updates Required ClickOnceUpdate - Strategies

  41. ClickOnceUpdateOptional and Required Updates • For optional updates, the user can either accept or skip the update • This dialog will not appear when an update is required • To make an update required in Visual Studio 2010, you need to set the Minimum Required Version field in the Updates dialog box to match the version of the application you’re currently publishing • We recommend just 4 prior versions

  42. z ClickOnce Update -Blocking Want more control over the update? You may block update checking altogether and provide UI for updates using Deployment API in your application

  43. What if you release a bad version?

  44. AdvancedRolling back updates • The latest 2 versions of the application are stored, the rest are removed. • Clients may restore back 1 application update.

  45. Two types of settings: User and Application User Settings & Configuration

  46. User Settings • Strongly Typed Settings in code • VB.NET • Project Properties > Settings • In code: My.Settings.ExportPath • C# • In code: Properties.Settings.Defaults.ExportPath

  47. User Settings • User editable • Stored in • C:\Documents and Settings\<username>\Local Settings\ApplicationData • C:\users\<username>\Local Settings\ApplicationData

  48. Application Settings • Read Only • Changing by • Editing the settings files • Redeploy

  49. Demo • Create a bad version and deploy it • Rollback to a previous version • Update again with a good version

  50. AdvancedScalability • Server Processing is fineNormal activation of a “ClickOnce” application is very inexpensive for the server & network • Bandwidth is an issueConsider network bandwidth needed for initial application deployment & application updates However, the standard methods & techniques used to scale web or file servers can be used for “ClickOnce” applications (e.g server farms, etc)

More Related