What do you think is going to be the most likely need for ClickOnce?

Deploying apps to anyone in the world? Not for me, I write custom apps for my client.

Deploying apps on the intranet? Sure, but we have had a very simple hack for that for a long time.

C’mon, think smart client….

Yep – deploying apps to users on the go over the web.

I need ClickOnce to work for mobile workers who need to be able to install and update their company’s custom software.

And what’s the best way to do this? You would think it was Forms Authentication. That’s what I want to use. Not all of these people have windows accounts or will be using VPN. But they do have logins to get to the company portal, fill out their timesheets online, etc. Additionally, we are already using web services as the back end to their smart-client applications so that they can do their work over HTTP.

But guess what – sure I have had two years to discover this, but I am just coming up for air on this one now – Forms Authentication is not supported for Click Once. See this msdn document.

Their suggestion? Just let anyone in the whole world download your client’s application and then use web service based authentication (which I just happen to already have built into this smart client app) to make sure they can’t use it.

No no no no no.  I do not think this would make my client very happy at all.

So I am struggling wtih hacking this together. The forms authentication works just great for accessing the installation page, but setup.exe and myapp.application are not protected by forms authentication. Anyone can browse right to them.

Next step is to feed them to ISAPI for this web app, which for some reason I can’t get to work yet.

I’m sure there have already been many discussions and rants about this problem but I have been focused on other things and am pretty late to the game.

Web deployment has become my a#1 pet peeve with .NET. I have been trying to use it since it was called zero touch deployment. ClickOnce is supposed to be my savior and I have ported their app to VS2005 just for ClickOnce. I won’t give up, but I might have to rant and rave every so often as I get this to work for me.

Don’t Forget: www.acehaid.org

I put .NET 2.0 on my client’s web server the other day. Both 2.0 and 1.1 asp.net apps continued to run just fine.

Last night I was mucking with some of the mappings in .NET 2.0 and they weren’t taking. So I did an iisreset. Here’s where that led me (to the best of my recollection)

• 1.1 apps: Server Unavailable, 2.0 apps okay
• run aspnet_regiis -i  for 1.1
• 2.0 apps Server Unavailable, 1.1 apps okay
• iis reset
• 1.1 apps: Server unavailable, 2.0 apps okay
• aspnet_regiis -i for 1.1
• 1.1 apps okay, 2.0 apps okay
• close the MMC for iis
• 1.1 apps okay, 2.0 apps server unavailable
• aaargh!! That shouldn’t have happened.
• aspnet_regiiis -i for 2.0
• 1.1 apps: Server Unavailable, 2.0 apps okay
• aspnet_regiiis -i for 1.1
• both okay
• don’t touch a damned thing
• slept with my fingers crossed
• this morning – both still okay but I realize that clickonce deployment on the 2.0 site is broken.

Most of the above problems could have probably been avoided if I used some of the other available parameters for aspnet_regiis, such as -sn for fixing the mappings on just one application.

Update, though using the -sn was a good thing, the root of the problem (thanks to some reminders in the comments) was that I had neglected to create a separate Application Pool for the .net 2.0 websites. They were running in the same process as the asp.net 1.1 sites. So far, everyone has been behaving properly.

Don’t Forget: www.acehaid.org

CAS is confusing! Mike Downen’s MSDN Mag article about CAS in 2.0 is really an excellent explanation of CAS along with some great info on what’s new in 2.0 as well. [read more …]

[A DevLife post]

Don’t Forget: www.acehaid.org

These guys are NOT to be missed if you are able to get to Waltham, MA on March 25th. It’s a “mini-code camp.” A one day one track event.

Patrick Hynds and Duane LaFlotte are two guys you want on YOUR side when it comes to hacking. Had Duane found a different mentor in his youth, he’d be the guy downloading all of your credit card companies most secure data! Phew, we lucked out.

Not only do they know amazing things about security, but they are one hell of an entertaining duo!

One word of advice though. If Patrick offers to drive you around Boston, do NOT, I repeat, do NOT sit in the back seat! 🙂

Don’t Forget: www.acehaid.org

Did you know that there are 40 command line utitiles in .NET? [read more …]

[A DevLife post]

Don’t Forget: www.acehaid.org

Well, it seems really official now. GE purchased Burlington based IDX in 2005 for $1.2 billion. Today I got an email from someone at IDX asking me to update his email address from @idx.com to @ge.com!

That’s going to take some getting used to.

I’m experimenting with a simple .NET 2.0 WinForms application and ClickOnce and still, as is my destiny, banging my head on the wall.

My latest frustration (while trying to use all of the built-in automated functionality) is trying to limit who has access to the downloads.

For a particular application, we only want it to run in-house on the intranet, yet our webserver is exposed to the www. Windows Authentication sounds like a good solution, but it doesn’t work if you are trying to deploy requirements in addition to the main application.

If I have the IIS properites of the deployment site set to allow anonymous users, everything works peachy-keen. However if I use integrated authentication and no anonymous users, I’m going around in circles and getting “access denied” errors which are buried in a log file (not something I want my users to deal with). If I pre-install the prerequisites manually (.net 2.0, etc.),then I can install the application from the “launch” hyperlink.

I can’t believe that I am still in this hole and trying to out-think the available tools to get what I want. Is it so unusual to not want the entire world to have access to my client’s applications?

There is an msdn document called Server Configuration Issues in ClickOnce Deployments which addresses the authentication problem directly.

Server Authentication Issues

“The files could not be downloaded from http://<remoteserver>/<myapplication>/.The remote server returned an error: (401) Unathorized.”

But even after following the above recommendation (where I have turned off anonymous access and selected integrated authentication, and am then prompted to log in) I can’t follow through a full setup with requisites and the application. I have already described the result above.

Now I have the choice between just figuring out my own solution to this (not using the automatically generated publish page and building my own asp.net page for downloading some things anonymously and some things securely) or continuing to google endlessly to see if anyone else has dealt with this seemingly commonplace scenario.

Sadly this is just a tiny little exe and this down-the-toilet-again-weekend is making me more worried about getting my big multi-layered app working with ClickOnce.

Update about 2 hours later: After venting (in this blog post 🙂 ) I came up with a solution that is somewhat clunky but does the trick for now. I am modified the publish.htm in the following way:

1. For the .NET 2.0 requirement, I put a hyperlink to the Microsoft’s .NET 2.0 x86 redistributable download page.
2. For the crystal reports .net 2.0 msi, I put a hyperlink to the msi on our web server.
3. I changed the Install button to point to myapp.application, instead of setup.exe. Setup.exe tries to install the requirements.
4. I wrote text for #1 and #2 to explain to the users how to determine if .NET 2.0 or crystal reports needs to be installed, how long it might take and that this only needs to be done once on their computer.

I also had to muck with proxies on the machines on the intranet. They get at the web through isa-server. So for the local link to publish.htm and the msi for crystal, everything was okay. With the isa-server proxy set up for non-local sites, the microsoft link was okay. But even with “don’t use proxy for local urls”, I couldn’t get the myapp.application to install. Therefore, I had to explicitly put the ip address of intranet web-server into the exceptions list on the Advanced page for the proxy settings. What I’m talking about here is in Internet Explorer/ Tools / Internet Option / Connections / LAN Settings/ “Use a Proxy Server” with my proxy info and “By Pass Proxy Server for Local Addresses” are both checked. Then click on the Advanced button and add the ip of the local web server into “exceptions”.

I have not tried this over the web yet, but remember, my goal is for intranet only installs on this application.

Don’t Forget: www.acehaid.org

The sessions for DevTeach have been announced and the early bird discount of $300 is only good for a few more days. So if you are hoping to go to beautiful Montreal in early May, register sooner than later for savings. I’ll be doing 3 sessions at DevTeach. I love presenting at this conference and it’s oh so close to home!

Don’t Forget: www.acehaid.org

Have you gone out of your way to avoid .NET namespaces that just sound too scary? [Read more…]

[A DevLife post]

Don’t Forget: www.acehaid.org

Although my own recent DLL hell with VS2005 is in design time, I have learned quite a good lesson about dynamically loading assemblies and the dll hell you can introduce in that way.

I have an application that makes heavy use of Reflection.Assembly.LoadFrom where I pass in the path of a DLL to be loaded. The DLLs are randomly added to the application as we create them.

What I learned was from this post of Suzanne Cooke’s about the difference between Load and LoadFrom. Load will load assemblies that are in the GAC (and a few other .NET locales) and is a big help in avoiding dll hell because the GAC does a good job of versioning. LoadFrom will load from a  file that you explicitly tell it to and cares not about versioning. There are a lot more pointers to be aware of here. Check out her post on choosing a binding context (Load and LoadFrom are binding contexts) as well as her related post about switching your code from using LoadFrom to using Load. Suzanne writes the kind of posts that cant’ be read lightly and I can’t really absorb their lessons unless it’s something that I need to know. And I needed to know this today!

Don’t Forget: www.acehaid.org