More on No Touch Deployment...

  • Article

I got some great feedback on my article on what a smart client so smart. Thank you everybody.

I also got a couple of questions about No Touch deployment so here are some more details...

There is a quirk with NTD in that it does not check the version of the application that you point to with the URL, only the time stamp. This is because it uses the HTTP If-Modified-Since header to determine if the client needs to download a later version of the executable and this mechanism uses the image's timestamp and knows nothing of the .NET runtime and the application's specific version.

What this means is that if you have a newer version of your application (with an incremented version number) but with a time stamp that is prior to the old version, then the client will use the old version from its cache. Usually, this is not a problem since the time stamp usually follows the version number.

Once the application is downloaded the .NET runtime will pull in the exact versions of assemblies it was compiled against. If it finds the required assemblies in the local cache then it will use those and will not consult the web site even if newer versions are available there. For reliability reasons, this is usually what you want since the application will be run with the exact combination of assemblies which were used during testing.

Chris Sells wrote an article on NTD a while back which makes interesting reading...

msdn.microsoft.com/msdnmag/issues/02/07/NetSmartClients/

The second question was concerning how to secure your NTD application from unauthorized access. Since the application is delivered by a web server, you can use whatever security mechanisms your web server provides to restrict access to the application URL. For instance, with IIS you can disable anonymous access and select Windows integrated security and restrict access to the application and it's assemblies using NTFS ACL's. You could also use digest or basic authentication (though only over HTTPS) or client certificates or whatever. Either way, only clients with access permissions can get access to the executable image...