Configuring Smart Client and Server Precursors

If clients will be allowing smart updates from an external Internet site, those clients will need to be configured correctly to support downloading executable .NET assemblies. This section describes a manual process for configuring those clients. (Because manually configuring a large number of clients may not be practicableand customers may not want to bother themselves we will talk about automating the security policy information in the Creating a Microsoft Installer File to Manage Security Policies section later in this chapter.

As an overview, here are the summarized precursors for client workstations to support smart updates. Clients will need:

• A connection to the Internet

• The .NET Framework installed

• Your site added to the browser's list of trusted sites

• The security policy adjusted to trust your application's assemblies

Let's take a moment to look at the implications of each of these precursors and review the steps necessary to support smart updates on the client.

Connecting to the Internet

Connecting to the Internet sounds simple, but there are some specific implications relative to smart client updates. The first fact you should know is that .NET assemblies tend to be quite small because a lot of the functionality exists in the framework. This means quite complex applications will have relatively small, binary assemblies. The benefit is that even relatively slow dial-up connections should be able to download new clients. On the other hand, if the client workstation is not connected, a direct Assembly.LoadFrom method will fail even if the assembly has already been cached. You will get a FileNotFoundException on the client because either the file can't be found on the server or the file on the client cannot be compared to the file on the serverboth because there is no Internet connection. To work in offline mode you will need to devise some strategy that uses a fail-over scheme if the online assembly can't be found.

Installing the .NET Framework

It has been amazing to hear about the resistance some people and companies have to installing the .NET Framework. PCs that run something as small as a Java applet have Java on them. PCs that run applications written in Delphi have some Borland runtimes on them. Visual Basic 6 applications drag along the VB runtime, and every Windows user has tons of disk space taken up in API DLLs and probably Microsoft Office DLLs too. Runtimes , frameworks, and APIs exist to factor out commonality so you are not paying storage costs for the same code over and over. Microsoft's .NET Framework is not significantly different in size than Java's Java Runtime Environment (JRE) or Borland's Visual Control Library. The 20 cents it costs for the 20MB in storage space for the .NET Framework isn't worth mentioning. The benefits you will get from this world-class framework are priceless.

You can download and install the framework from the Microsoft software or obtain a redistributable copy from your Visual Studio .NET distribution disks. I suspect that your next Windows upgrade will include the .NET Framework for obvious reasons, including the likelihood that many Microsoft applications will have been ported to .NET.

Adding to the Trusted Sites List

Having an Internet connection and the .NET Framework are obvious enough. However, if you want customers to be able to download your smart clients, including the application launcher, from the Internet, customers will need to make some adjustments to their browsers.

I run my computer footloose because I would rather restore an image on the very rare occasion I might download something nasty than have restrictions on what I can do while surfing. To ensure your customers can download executables, like your application launcher's assembly, have customers add your Web site to the workstation's list of trusted sites. Clearly customers will have to trust your company and want your product to be motivated to add your company to their trusted sites list. To adjust the browser security, follow these steps.

1. In Internet Explorer, select ToolsOptions.

2. In the ToolsOptions dialog, select the Security tab and click the Trusted sites icon (Figure 10.3).

   Figure 10.3. Changing the security settings for trusted sites.

   

3. Click the Sites button and type the URL of the trusted site in the dialog.

4. Click OK when you have added all the sites to which you want to extend trust.

Fun applications to experiment with are the Wahoo! game, available for download at http://www.sellsbrothers.com/Wahoo/Wahoo.exe, and the Football game (Figure 10.4), available at http://www.softconcepts.com/Football/Football.exe. (The latter is based on the popular Mattel football game from the 1970s. Apparently the game is making a comeback along with all the other retro 1970s memorabilia, and I got one for Christmas. I thought it would be fun to write a version for my PC, thus improving my chances of beating the sharper mind and reflexes of my wife, Lori.)

Adjusting Security Policy for Application Assemblies

Chapter 18 covers the management of security policies in more depth. For now we need a convenient and reliable way to manually allow clients to run our smart client assemblies downloaded from the Internet. The easiest way to do this is to run the Microsoft .NET Framework wizard, Trust an Assembly. To indicate that an individual assembly downloaded from the Internet can be trusted and allowed to run, follow these steps.

1. Click the StartControl PanelAdministrative ToolsMicrosoft .NET Framework Wizards applet.

2. Click the Trust an Assembly icon (Figure 10.5).

   Figure 10.5. The Trust an Assembly wizard makes modifying security policies a bit easier.

   

3. Complete the wizard by selecting options on each screen as directed.

4. For the first screen with the question, "What would you like to modify?" select the Make changes to this computer option. Click Next.

5. Type in the path or URL of the assembly to trust, or use the Browse button to navigate to that assembly. As an exercise, type in http://www.softconcepts.com/Football/Football.exe. Click Next.

6. Using the slider in Windows XP to give the executable Full Trust. Click Next.

7. Click Finish to complete the process.

At this point you can point your browser to http://www.softconcepts.com/Football/Football.exe and the executable will download and start running automatically. (You should see the latest update of the game, similar to the game shown in Figure 10.4.)

You may want to experiment with varying degrees of trust for each assembly you want to download and execute from any specific provider. As an application implementer you want your customers to give you as much trust as possible; while as an application consumer you want to yield only as little trust as is necessary. Unfortunately there are few blanket rules for security, especially when it comes to the World Wide Web. As mentioned, we will talk more about security in Chapter 18.

Configuring Server Precursors for Smart Client Assemblies

When you are configuring a Web site, you want to limit permissions to only those absolutely needed by your legitimate customers. There are enough people in the world trying to hack Web sites for fun and profit, and you and I don't need to encourage them. To permit customers to download your smart client assemblies from an intranet or the Internet, set access permissions to Read and application permissions to Scripts, as shown in Figure 10.6.

You can create any executable assembly and set Web sharing by right-clicking on the folder containing the executable, selecting the Sharing and Security context menu item, and navigating to the Web Sharing tab. The Web Sharing tab can be used to create a virtual directory and set permissions for that virtual directory. This shortcut yields the same results as establishing a virtual directory from the management console for IIS. Figure 10.7 shows the virtual Football directory in the management console on my laptop.