tags:

views:

78

answers:

2
+1  Q: 

Is loading a dependency assembly from the internet a good practice?

I know there are several ways to deploy a .net windows client application:

There's Windows Installer, Click Once, a simple download & run, and loading the windows forms / WCF application in Internet Explorer (no to confuse the latter with WCF/E - Silverlight RIA applications)

So... thinking about the true windows client applications --just to make it really clear: those consisting of an .exe in your filesystem,-- can loading some or all of its dependencies from the internet be a good idea?

<assemblyIdentity 
    name="MyAssembly"
    publicKeyToken="89a956accc8f98e98a9e954a"
    culture="en-US" />
<codeBase 
    version="2.0.0.0"
    href="http://www.contoso.com/MyAssembly.dll" /> <!-- look here -->

There are obviously some serious drawbacks: Have to be allways connected, CAS configuration in the client (the internet dependencies would be in Internet_Zone code group), not to mention the loading time.

But I can think of several advantages, too.

What are the issues? Has someone used this in a real project?

+2  A: 

I could see doing what you suggest within a corporate intranet environment, where the custom application can talk to a custom server and each understands the other well. Granted there would be possible connectivity and synchronization issues, but those could get worked on over time to some extent. I have done this in one case where the application was doing basic CRUD tasks to a back-end set of servers that ran the commands against the database. Granted that it wasn't given a lot of importance and was someone's pet project for a while, it did do some things OK in the end.

In an internet environment, I think the security concerns would be my biggest worry about doing what you suggest as another factor is that if that assembly gets upgraded it may crash the application. For an internet situation, I think something like Click Once would be my suggestion.

JB King  2008-12-17 01:28:16
+1  A: 

If the assemblies you're loading are digitally signed from a trusted provider, it shouldn't be so bad from a security standpoint. IF you really trust them... For example, if you go downloading an assembly from some third-rate third party vendor who might not keep good tabs on their secret key, then yes, I would be wary of doing this.

Dave Markle  2008-12-17 02:27:34

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?