Transcript Session Code: CLI370 Introducing ClickOnce: The New Application Deployment Model for Windows Forms and “Avalon” Jamie Cool ([email protected]) Program Manager Microsoft Corporation.

Session Code: CLI370
Introducing ClickOnce: The New
Application Deployment Model for
Windows Forms and “Avalon”
Jamie Cool ([email protected])
Program Manager
Microsoft Corporation
1
Agenda
Client Deployment Re-visited
ClickOnce Walkthrough & Demos
Reliable & easy web based installs
Deployment & update options
Security model
Questions
2
Tools
Client Application Model
Avalon
Windows Forms
System.Windows
System.Windows.Forms
Web & Service Application Model
Data Systems Application Model
Win FS
ASP.NET / Indigo
Yukon
System.Data.SqlServer
System.Storage
System.Web
Mobile PC & Devices Application Model
Compact
Framework
Command Line
System.Console
Mobile PC Optimized
System.Windows.Forms
NT Service
System.Windows
System.ServiceProcess
System.Search
System.Windows
UI Element
Explorer
Documents
Media
Controls
Text Element
Controls
SideBar
Shape
Navigation
Relevance
Panel
Design
DataSet
SqlTypes
Mapping
SqlXML
ObjectSpaces
WebControls
Control
Control
Adaptors
Printing
HtmlControls
Design
MobileControls
Recognition
Synthesis
System.NaturalLanguageServices
System.Remoting
System.Runtime.Remoting
Query
Activities
OracleClient
Schema
System.Web.Services
Description
Discovery
Contact
Media
Location
Audio
Message
Video
Document
Images
Event
Protocols
Transport
Queue
Port
PubSub
Channel
Router
Service
Policy
System.Net
System.Web
Personalization
Query
System.MessageBus
Peer Group
System.Xml
Serialization
Uddi
OleDbClient
Relationship
Xpath
TransientDataSession
SignalingSession
Media
Core
Schema
Active
Directory
ObjectSpace
System.Speech
System.Drawing
RealTimeEndpoint
System.DirectoryServices
Web.Service
Item
System.Collaboration
System.
Discovery
OdbcClient
System.Storage
System.Web.UI
Page
System.Help
System.Messaging
SqlClient
Logging
Forms
Design
Monitoring
Control
Notification
System.Windows.Forms
System.Data
Annotations
Animation
Dialogs
Shapes
Ink
Communication
Data
Presentation
Caching
SessionState
HttpWebRequest
NetworkInformation
FtpWebListener
Sockets
SslClientStream
Cache
WebClient
Fundamentals
Security
Base & Application Services
System.Timers
System.Globalization
System.Serialization
System.Threading
System.Text
System.Design
System.IO
Ports
System.Collections
Serialization
CompilerServices
System.ComponentModel
System.Reflection
InteropServices
Configuration
System.Web.Configuration
System.Security
Generic
System.CodeDom
System.Runtime
System.Windows.
TrustManagement
System.EnterpriseServices
System.Web.
Security
System.Message
Bus.Security
Authorization
AccessControl
Administration
System.Configuration
Management
Policy
Principal
Cryptography
Token
System.Web
System.MessageBus.Configuration
Permissions
Credentials
Deployment/Management
System.Resources
System.Management
System.Deployment
System.Diagnostics
System.Transactions
3
Deployment Problems
Installing client apps is fragile
Will the install of app1 break app2?
Traditional DLL hell problem
Installing client apps is hard & expensive
Must touch every client
Both for 1st time install & subsequent updates
4
ClickOnce Vision
Bring the ease & reliability of web
application deployment to client
applications.
5
ClickOnce User
Experience
Running a client app from the web
6
V1 of the .NET Framework
Addressed #1 app safety issue, DLL Hell
Application Isolation
Controlled versioning of shared components
Did not address application install safety
Began to address ease of deployment
Run from URL/UNC exes, browser controls…
ClickOnce builds upon these technologies
7
Development Experience
Integrated VS Support
Integrated to core project system
Setup is not a post-development operation
Publish Wizard
Copies application to web server
FTP, UNC, FrontPage Server Extensions
8
ClickOnce End-To-End
Building, deploying & updating a
client application
9
The Best of the Client & Web
Web
Reach
No Touch Deployment
Low System Impact
Install/Run Per-User
Rich / Interactive
Offline
Windows Shell Integration
Per-Machine/Shared Components
Unrestricted Install
Y
Y
Y
Y
Click
Once
Y
Y
Y
Y
Y
Y
MSI
Client
Y
Y
Y
Y
Y
10
Install Goals
Reduce install fragility
Allow what’s low impact
Ex. App file copy, start menu integration, etc…
Can always undo what was installed
Disallow what’s not low impact
Apps never run with admin rights (LUA)
Driver registration, COM objects, etc..
Custom actions; large source of install uncertainty
Expand the definition of “low impact”
Requires OS Changes. Starts with Longhorn
11
Install-Time Support
Low Impact
Application Files
Start Menu / ARP
RegFree COM (XP)
File Associations
Shell Extensions
Managed Config
Shared Component
Custom Actions
ClickOnce
“Whidbey”
Yes
Yes
Yes
Yes
ClickOnce
“Longhorn”
Yes
Yes
Yes
Yes
Yes
Yes
Yes
*MSI is flexible, what it does is totally up to the MSI developer.
MSI
No*
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
12
VS Bootstrapper
Bridging the Gap to the Future
Lay down application pre-reqs
Ex. (.NET FX, Crystal, DirectX, MDAC, etc…)
Must be an admin to run Bootstrapper
Extensible
Install ClickOnce application after pre-reqs
Use ClickOnce for auto-updates
No auto-updates of pre-reqs components
.NET FX V1.1 Bootstrapper available today
All ClickOnce apps require the .NET FX
FX is part of “Longhorn”
13
Declarative Install
Application Manifest
Describes the application
Ex.. What assemblies constitute the app
Authored by the developer
Deployment Manifest
Describes the application deployment
Ex.. What version clients should run
Authored by the administrator
14
Run & Update from the Web
Deployment
Manifest
1.0  1.1
Application
Manifest
1.0
Web
Page w/
Link to
Manifest
Assembly
List…
Application
Manifest
1.1 Assembly
List…
15
Deployment Options
‘Installed’ Applications
From Web, UNC or CD
Start Menu, Add/Remove Programs
Varied update options
‘Launched' Applications
App launches but doesn’t “install”
No Start Menu, Add/Remove Programs
Always update on launch
16
Update Options
On App Startup
If found, ask user to update app
After App Startup
If found, ask user to update on next run
Programmatic
Integrate update experience into app
Required
Update can specify minimum version required
Background Updates
Updates drizzle in silently – like Windows Updates
“Longhorn” only
17
Secure Updates
Only the original deployer can update
No auto-deployment of viruses
Manifests are signed
XMLDSIG
Deployer key needed to publish updates
18
“Longhorn Web” Apps
Integrated with Browser
Install UI built into browser
Best possible user experience
Leverages Avalon app/navigation model
No shell presence (ex. Start Menu shortcut)
Runs in semi-trust
Progressive Install
App automatically installs as it’s used
File level install
19
“Longorn Web” Apps
Deploying & running an app in the
browser
20
Security: The Sandbox (SEE)
Apps run in secure sandbox by default
Similar to IE javascript
Ensures applications are safe to run
Increased sandbox size
“Longhorn” > “Whidbey” > .NET V1.1
VS helps author for the sandbox
Debug in Zone
PermissionCalc
Security Exception helper
21
Security: Sandbox Restrictions
Some apps need more permission
Un-managed code access
Export to Excel or any MS Office integration
Un-restricted file access
Un-restricted network access
22
Security: Policy Deployment
Application level policy
“Trust this app”
“App” defined by it’s app manifest
Baked into core CLR security
Trust Licenses
License issued by admin, deployed with app
License indicates admin says app is trusted
Requires only one-time (ever) client touch
To configure trusted license issuer
23
User Consent
Admins should make trust decisions, but…
Not always possible
Home users are their own admin
Users make trust decisions all the time
Putting a CD in their computer
Installing software
Submitting a Credit card to a web page
24
User Consent Design
App request permissions needed
Requests specified in app manifest
VS helps identify needed permissions
Prompt is simple & binary
Happens at install / 1st launch
Combined Install & Trust Prompt
User prompted if:
App needs permissions above the sandbox
Admin has configured to allow prompting
25
ClickOnce Security
Declarative security & user
consent
26
ClickOnce APIs
Update Support
Control when & how the app updates
CheckForUpdate(), Update(), etc..
On-Demand Support
Download files as needed
Download only required files at 1st install
Use API to trigger download of files as needed
Replaces Assembly.LoadFrom()
27
Other Sessions…
Session
CLI400: Advanced Topics in Web
Based Application Deployment for
Windows Forms and "Avalon"
TLS344: Visual Studio "Whidbey":
Deploying Applications Using
ClickOnce
CLI303: Avalon: Creating
Windows “Longhorn” User
Experiences
CLI312: Windows “Longhorn”:
Enhancements for a Trustworthy
Application Experience
Date/Time
Wens, 2:00 PM
Wens, 10:00 AM
Wens, 3:30 PM
Wens, 5:00 PM
28
Call to Action
Use ClickOnce!
Included in “Whidbey” & “Longhorn” Alphas
Give us your Feedback!
What do you like?
What’s missing?
What did you have problems with?
29
© 2003-2004 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
30