|< Day Day Up >|
There is more to developing an application or component than simply implementing code to handle a specific task or set of tasks. Ancillary issues such as code correctness, adherence to code standards, code efficiency, security, and code deployment must be addressed. This chapter has presented an overview of tools and approaches available to handle these issues in .NET.
A useful tool for determining how your code meets .NET coding standards is FxCop. It's included with the .NET SDK and evaluates an assembly against a set of rules that define good coding practice. You can add custom rules and disable rules that don't apply.
To secure an application, .NET employs a concept known as Code Access Security. Unlike role- or user-based security which .NET also supports CAS restricts what resources code can access. When an assembly loads, .NET gathers information about its identity known as evidence. It evaluates the evidence against security policies and maps it into a set of permissions that are granted to the assembly. A security administrator typically configures the security policy using the .NET Configuration tool, although a command-line utility is also available. Security can also be implemented in code. Permissions are nothing more than classes, and can be used by developers to request permissions for an assembly and demand that calling assemblies have the necessary permissions to access a secure resource.
The final step in developing an application is settling on a deployment strategy. In .NET, this can be as easy as creating an install based on copying files to a machine (XCOPY deployment); alternatively, MSI files can be created for use with the Microsoft Windows Installer. One of the key install decisions is how to deploy assemblies. Private assemblies are placed together in a common directory path; shared assemblies are stored in the Global Assembly Cache. In addition, a configuration file can be set up to instruct the runtime to search for assemblies in directories on the local computer or a remote Web server located across a network.
|< Day Day Up >|