More on No Touch Deployment…


I got some great feedback on my article on what a smart client so smart. Thank you everybody.


I also got a couple of questions about No Touch deployment so here are some more details…


There is a quirk with NTD in that it does not check the version of the application that you point to with the URL, only the time stamp. This is because it uses the HTTP If-Modified-Since header to determine if the client needs to download a later version of the executable and this mechanism uses the image’s timestamp and knows nothing of the .NET runtime and the application’s specific version.


What this means is that if you have a newer version of your application (with an incremented version number) but with a time stamp that is prior to the old version, then the client will use the old version from its cache. Usually, this is not a problem since the time stamp usually follows the version number.


Once the application is downloaded the .NET runtime will pull in the exact versions of assemblies it was compiled against. If it finds the required assemblies in the local cache then it will use those and will not consult the web site even if newer versions are available there. For reliability reasons, this is usually what you want since the application will be run with the exact combination of assemblies which were used during testing.


Chris Sells wrote an article on NTD a while back which makes interesting reading…


http://msdn.microsoft.com/msdnmag/issues/02/07/NetSmartClients/


The second question was concerning how to secure your NTD application from unauthorized access. Since the application is delivered by a web server, you can use whatever security mechanisms your web server provides to restrict access to the application URL. For instance, with IIS you can disable anonymous access and select Windows integrated security and restrict access to the application and it’s assemblies using NTFS ACL’s. You could also use digest or basic authentication (though only over HTTPS) or client certificates or whatever. Either way, only clients with access permissions can get access to the executable image…


 


 


 

Comments (2)

  1. David, we cannot do any kind of Windows Authentication. Our users may be at home, on the road or in the office. In all cases, they need to be able to downlaod the dlls ‘over the wire’. I’d like to be able to authorize who is trying to download the dlls prior to letting them download them. I also have concerns where someone is fired and they still have the app on an off site machine (home desktop or laptop). How can one block this ‘fired’ person from still using the app?

    We will be using HTTPS to ‘secure’ the data transport over the wire.

  2. Greg Robinson says:

    David, we are not using IE to download the assembly. We are using an exe that calls Assembly.LoadFrom. It seems to me that doing this cause the If-Modified_Since check to fail, or not work. Is this correct? Do we have to downloaddeploy with IE to get this behavior to work?