Windows Forms Deployment

Question

Hi,

I'm writing a windows forms application to be sold to small to mid-size corporations and be used by users on a LAN.

To make it easier for network administrators, I'm thinking of using .Net 3.5 SP1 and have the app running from a network share. This way, client installation is minimal (I know they must have .Net 3.5 SP1 installed).

Admin will install the app in a server, running a windows installer and then email the users the path to the network path so they can start using the app. The alternative is to have the admin install the app in hundreds of PCs, which I try to avoid. Every time I update the app , admin has only to re-install it in a single server.

Also, the app will have a SQL Express database attached to it to store its data or it can be configured to access external SQL servers (same LAN).

I want to get your opinion if you used such deployment, what the pitfalls are and what should I be aware of.

I'm a bit concerned on .Net 3.5 SP1 penetration but I'm using LINQ to SQL all over so I don't think I have any other choice.

Thanks in advanced.

Answer 1

Could you get away with using OneClick deployment? There are pitfalls to be aware of, but it should handle auto-updating.

The slightly stronger approach is to install a self updating EXE (so it goes to a database to check released versions, downloads those assemblies that it requires, before loading the final application).

Answer 2

Have a look here: http://weblogs.sqlteam.com/jhermiz/archive/2007/08/14/60284.aspx

The .net framework programs that run on the CLR use CAS (code access security). What this means is you no longer assign rights to users / groups on a network. Instead you assign trust to actual code that the programmer has developed. Basically your applications assembly file is compared with the security policy of the machine. When you run your application on your local machine and it works just brilliantly fine it's due to the fact that you are running your code in the MyComputer zone. By default the MyComputer zone has FullTrust (unrestricted permissions) to do virtually anything. This is why the application works on your local pc just fine...now why is it not working on the server.

Your application bails on the server because the server is more restrictive given its zone is the LocalIntranet zone which does not have full trust to run an executable by just anyone from any machine. In addition, it is a lot more secure (and that's the whole idea behind microsoft security from now on, make it more secure). It also makes a lot more sense since now not anyone can just throw executables in a server shared and run them.

There's a couple of ways to avoid this. You can do it the right way which takes a bit longer and seems to be a bit more complex, or you can do it the other way which is much quicker but is poor practice and a security vulnerability.

The 2 ways are:

• Create a strong name key and use it in your applications AssemblyInfo.vb file
• Modify the security policy to fully trust the LocalIntranet zone

Answer 3

Not a great idea. Most places are either small enough where running an installer on each workstation is fine (and standard practice), or they already have the ability to perform automated installs.

Your best bet is to stick with a standard MSI package and let the customer decide how to deploy it using existing tools meant to deal with MSIs.

You could throw in some auto-updating logic, or use Click Once deployment, but they all have issues.