. NET client application:. NET application Update component (6)

Program | client (Next article)

Install as required

by using. NET Framework is scalable in nature. NET application update component makes it possible to install another feature----as required. By using on-demand installation, only the master executable is explicitly installed on the client. The rest of the application can be automatically downloaded and installed based on basic needs.

Pass. NET application to update the component's Autofileload properties to make the installation available or disabled on demand. You must carefully consider where the assembly boundaries are located in your application and what actions will cause the assembly to be downloaded. Because the download of an assembly involves network input and output, the time it takes to download is variable. During the assembly download, the application is frozen waiting for the assembly download to complete.

Deployment security

The ability to automatically install application updates is accompanied by a number of potential dangers when it comes with many benefits. When you make installation updates simple, if you are not careful, you may also make it easier to install malicious code. There are two kinds of dangers. The first danger is that someone will use their Web server to spoof the Web server that is used to deploy updates. They may use that Web server to install a virus program on your application path. The easiest way to prevent spoofing or other improper interference over the network is to use HTTPS. To and. NET application update component with HTTPS, you can simply replace the HTTP URLs with HTTPS URLs. Of course, HTTPS is not a silver bullet. There are two issues with using HTTPS. The first is scalability. Using HTTPS requires the server to encrypt all files downloaded from the Web server. If an application has a large update file, the cost of encrypting the updated file can overload the server. Another problem with HTTPS is that it has no benefit for the second security risk. The second danger is to compromise your server, and hackers can attack your servers from within and from outside. If your Web server compromises, the situation is very bad, but if it means that hundreds of clients are also being compromised by Automatic updates, this would be disastrous.

In order to solve this problem. NET application update component validates the downloaded assembly by using the ability to add a enhanced name to a. NET assembly. If. NET application update component detects that an assembly is not signed with your key during download. The download will be canceled. This means that only people who have the private key to your application can create updated files that can be deployed automatically. NET security is based on maintaining the confidentiality of your private key. Even within your organization, only a handful of people with a few choices can access your private key.

To verify that the assembly is valid. NET application update component to verify that the public key of the application executable program you are currently installing matches the public key of the downloaded update. If two assemblies are signed with the same and secret private key, then the embedded public key is the same. Because an assembly loaded by the CLR verifies its public key, the CLR computes its normal hash check to ensure that the assembly is actually a real assembly rather than a rigged assembly. If the validation check fails, it will be treated as if the other update failed. To be able to validate at download time, simply add the enhanced name to all your application sets and will. The Validateassemblies property of the NET application update component is set to true.

assembly validation at download time can be very useful, but in practice, applications often have components that are signed with different private keys. For example, your application may have two files: an executable assembly signed with your private key and another DLL assembly that contains the Third-party chart controls you purchased that apply to your application. Third party assemblies may be signed using a third party rather than your own private key. Complicating the situation is that the setting of a valid private key to sign an assembly in your application may change as the version number changes. How do you automatically update the types of applications? To solve this problem, you can generate an assembly in your application that contains a list of valid public keys. The assembly is signed with the application's primary private key, the application's EXE-signed key, and the assembly is placed on the Web server in the directory with the application update file. Before the update download process begins,. NET application update component checks the next well-known assembly "AppUpdaterKeys.dll" on the Web server for application update catalogs. If it exists, the Assembly will be downloaded. The assembly is then validated against the public key of the main application. If the signature is valid, the key list is extracted. After the second, any key that is in the list is considered a valid signature for the updated file.

The recommended method for security is to use HTTPS URLs to implement an update check. This will provide the first level of deception protection. For update downloads, it is best not to use HTTPS URLs to avoid overloading your Web server. Instead, add the enhanced name to your application's assembly and use the assembly validation attribute.

Scalability

In the example described earlier in this article, we simply drag and drop a component into the application and set some properties to automate the deployment. While this works well in many applications, high levels of control are required in some applications, which can only be obtained by writing code. NET application update component has application interfaces that are available to customize and override application updates.

. NET application update component also contains additional application interfaces that allow explicit control when actions such as update checking and updates are implemented. These actions are controlled by the checkforupdate () and Applyupdate () methods respectively.

Debugging

This section will indicate some of the preferred debugging options, as well as the most common issues that describe the users who use the component.

. NET application update generates a hidden log file named AppUpdate.log under the same directory as AppStart.exe. All update success and failure information is recorded in the log. Log files are especially useful when there is a special client that cannot be updated successfully. You can use the log to determine at what time and how the update failed. Other than that. NET application update component uses the Debug class of the. NET Framework to output a large amount of useful information. If you run your application in the debugger, you will see this information in the Output window. You can follow. NET application updates focus on observing and finding out where the problem is.

If for some reason you can't make. NET application update work. Before you go into debugging, make sure that the following points are likely to be the one that you are experiencing:

• Do you have the IIS directory browsed to open? If not, the update will not download any files installed.

• Did you properly deploy everything and set the URL correctly?

• If your application is installed in the Program Files directory, make sure you are the Super Administrator or Superuser of the machine? If not, you will not have write permission to update the application.

• Do you generate Appupdater objects in the main user interface thread of the application? If not, the update will not be able to display the user interface and fail to fire the event back into the user interface.

• Was the update successful, but the application failed to restart automatically with the new update?. NET application update component attempts to restart the application by calling the Application.exit method. However, this method does not guarantee that an application is closed. If you generate and bequeath a separate thread to run, the method cannot shut down the process. The solution to ensure that all threads terminate is by invoking the Application.onexit event, or by hooking up the Onupdatecomplete event of the. NET application update and handling the shutdown itself.

Summarize

The convenience of client application deployment is. NET Framework is an important goal for the first version. There is no better use. NET Framework to build a better alternative technology for client applications that address deployment issues. Ease of deployment is still the future. NET Framework is an important goal of the new version. As far as the programme is concerned, this is described here. NET application update component represents some of our ideas in future versions of. NET Framework we will be able to use directly. However, in the period before the arrival of that time,. NET application update component is an important way to start building an automatic update application.

(End of full text)