I have several .NET WinForms applications that I'm preparing to convert into a click-once/smart-client deployment scenario. I've read the isn't-this-great tutorials but want to ask if there are pitfalls or "gotchas" that I should be aware of.
there are several minor apps used off and on, but the main app is in C#, runs 24/7, is quite large, but only changes every few weeks. It also writes a log file locallly, and talks to local hardware devices.
thanks in advance!
Here are a few that I am aware of.
Can't put an icon on the desktop. You can now.
Can't install for all users.
Need to jump through hoops to move the deployment to a different server. Not a problem if you are developing internally and the users can see the server that you are publishing to or if you are deploying to the public web, but not great if you need to roll out to multiple customer sites independently. Update: Since .Net 3.5 sp1 you do not need to sign the deployment manifest anymore which makes it much easier to move deployments to new servers.
Can't install assemblies in the GAC. You can get around this by creating regular install packages that are pre-requisites of the click once app.
One of the pitfalls with click-once is the fact that you can't install to the GAC. This is a problem if you want to install multiple applications that share DLLs. Each application will require a local copy of the DLLs. Also, multiple user installs are out.The list comparing Window Installer to Click-Once is here
We had an app we were going to deploy as a ClickOnce app. We needed the user to be able to modify some settings in the installation (such as the deployment path - IT wants to serve the files from their network share, not known at build time). When you change any of the files in your deployment, you need to re-calculate all of the hashes, and re-sign everything. So, if this solution is internal, you may not have problems passing around a signing cert, but if this is for clients, you will need to architect a fancy solution to bypass this issue.
I have heard rumblings from somewhere within the bowels of the internets that a future version of ClickOnce will remove some of this headache.
There's a whole lot of things you can't do with ClickOnce apps, like install a shortcut to the user's desktop or have any sayso in where the app gets installed. For some people these are dealbreakers.
Also it's been a while since I used it but there's a special way you can use to figure out and display the ClickOnce version/build number, which is separate from the application's version/build number. You have to do a try/catch and if the ClickOnce version/build number throws an exception then the app is not running as a ClickOnce-deployed app (i.e., it's running as a regularly compiled app or from Visual Studio).
For an app which is simple (i.e., not Microsoft Word but rather a quick-and-dirty app to do something) and needs a lot of regular deployment, ClickOnce is great. But you rather quickly hit the wall of "oh, this can't be done by ClickOnce, please choose MSI or something else).
You'll have less system access than your normal .NET app.
That's because you'll get a lower trust level, more about that: .NET Framework Developer's Guide: ClickOnce Deployment and Security
My biggest problem with that was that It's not possible to encrypt sections of your config file with the machine key, because you don't have the access to that key (when you think about it it makes sense to protect that key).
Most issues have been addressed but several people mentioned not being able to create a desktop shortcut. In fact, you can create a desktop shortcut with VS 2008 SP1.
Also, if you aren't using the latest version of VS, you can always write code to create a shortcut to the installed start menu shortcut.
Very late to this party, but in case someone refers to this in a search, we have found many customers concerned with the lack of security 'distributing' their application. The application must be available in a public location - without any authentication - for it to be able to check for updates. The only exception is if you have Windows NT authentication.
I think this page explains what I mean: link text
Desktop icons are fairly trivial to do via code, and as mentioned, with 3.5 sp1, baked in - so that is no longer an issue.
There is still an unfixed bug with the xmlSerializer - it doesn't get deployed properly in some cases. Easy workaround is to manually add this file to the deployment. PITA but easy enough... Can be shocking when your deployment suddenly fails though...
You can't silently uninstall ClickOnce deployed applications. Also I think it's impossible to add parameters to the startup shortcut.
In Response to: http://stackoverflow.com/questions/149718/pitfallsgotchas-of-click-oncesmart-client-deployment-in-net#149734
The GAC thing is still true, but at least as of Visual Studio 2008, you can put an icon on the desktop. I haven't tried it with previous VS versions.
I didn't know that SP1 allowed you to create the desktop icon. Here's how we have been doing it (now known as "the hard way"):
try
{
string company = string.Empty;
string product = string.Empty;
if (Attribute.IsDefined(asm, typeof(AssemblyCompanyAttribute)))
{
AssemblyCompanyAttribute asCompany = (AssemblyCompanyAttribute)Attribute.GetCustomAttribute(asm, typeof(AssemblyCompanyAttribute));
company = asCompany.Company;
}
if (Attribute.IsDefined(asm, typeof(AssemblyProductAttribute)))
{
AssemblyProductAttribute asProduct = (AssemblyProductAttribute)Attribute.GetCustomAttribute(asm, typeof(AssemblyProductAttribute));
product = asProduct.Product;
}
if (!string.IsNullOrEmpty(company) && !string.IsNullOrEmpty(product))
{
string desktopPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Desktop),
product + ".appref-ms");
string shortcutPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Programs),
Path.Combine(company, product + ".appref-ms"));
File.Copy(shortcutPath, desktopPath, true);
}
}
catch
{
// Shortcut could not be created
}
Very late response, but anyone else looking at this: you can't install if the client is behind a proxy that requires authentication.