Microsoft .NET Creating Installation Components Page - 3

To list the permission set for an assembly

Type the following command at the command prompt:
caspol [-enterprise|-machine|-user|-all] –resolveperm assembly-file

Specify the policy-level option before the –resolveperm option. If you omit the policy-level option, Caspol.exe shows the intersection of all policy levels.

The following command requests a list of permissions that apply to MyApplication.exe at the user policy level.
caspol –user –resolveperm MyApplication.exe

To undo a policy change

Type the following command at the command prompt:
caspol [-enterprise|-machine|-user|-all] –recover

Specify the policy-level option before the –recover option. If you omit the policy-level option, Caspol.exe undoes the policy change at the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

The following command undoes the last change to the user policy.
caspol –user –recover

To return to the default security policy settings

Type the following command at the command prompt:
caspol [-enterprise|-machine|-user|-all] –reset

Specify the policy-level option before the –reset option

The following command resets the machine policy.
caspol –machine –reset

Allow Partially Trusted Callers Attribute

Allows strong-named assemblies to be called by partially trusted code. Without this declaration, only fully trusted callers are able to use such assemblies. This class cannot be inherited. By default, a strong-named assembly that does not explicitly apply this attribute at assembly level to allow its use by partially trusted code can be called only by other assemblies that are granted full trust by security policy. This restriction is enforced by placing a

System.Security.Permissions.SecurityAction.LinkDemand for FullTrust on every public or protected

method on every publicly accessible class in the assembly. Assemblies that are intended to be called by partially trusted code can declare their intent through the use of the System.Security.AllowPartiallyTrustedCallersAttribute. The attribute is declared at the assembly level. An example of the in Visual Basic is

< assembly:AllowPartiallyTrustedCallers >

The presence of this assembly-level attribute prevents the default behavior of placing FullTrustSystem.Security.Permissions.SecurityAction.LinkDemand security checks, making the assembly callable from any other assembly (partially or fully trusted).

When this attribute is present, all other security checks function as intended, including any class-level or method-level declarative security attributes that are present. This attribute blocks only the implicit fully trusted caller demand.

This is not a declarative security attribute, but a regular attribute (it derives from System.Attribute, not System.Security.Permissions.SecurityAttribute).

Usage:

Dim allowPartiallyTrustedCallersAttribute1 As New AlowPartiallyTrustedCallersAttribute()

Methods of Deployment

There are three different strategies for deploying a ClickOnce application; the strategy that you choose depends primarily on the type of application that you are deploying.

• Deployment via Removable Media Like CD or DVD
  
• Install from the Web or a Network Share
  
• Launch from the Web or a Network Share
  

Deployment via Removable Media

Using this strategy, the application is deployed to removable media such as a CD-ROM or DVD. As with the previous option, when the user chooses to install the application, it is installed and launched, and items are added to the Start menu and the Add / Remove Programs group in the Control Panel. This strategy works best for applications that will be deployed to users without persistent network connectivity or with low-bandwidth connections. Because the application is installed from removable media, no network connection is necessary for installation; however, network connectivity is still required for application updates.

• To enable this deployment strategy in Visual Studio, click From a CD-ROM or DVD-ROM on the How Installed page of the Publish Wizard.
  
• To enable this deployment strategy manually, edit the forwardingUrl tag in the deployment manifest.
  

Network-based Deployment or Web-based Deployment

Using this strategy, the application is deployed to a Web server or a network file share. When an end user wants to install the application, he clicks an icon on a Web page or double-clicks an icon on the file share. The application is then downloaded, installed, and launched on their computer. Items are added to the Start menu and the Add / Remove Programs group in the Control Panel. Since this strategy depends on network connectivity, it works best for applications that will be deployed to users who have access to a local area network or a high-speed Internet connection. To enable this deployment strategy in Visual Studio, click From the Web or From a UNC path or file share on the How Installed page of the Publish Wizard. This is the default deployment strategy.

Launch from

This strategy is similar to the first, except the application behaves like a Web application. When the user clicks a link on a Web page (or double-clicks an icon on the file share), the application is launched. When the users close the application, it is no longer available on their local computer; nothing is added to the Start menu or the Add / Remove Programs group in the Control Panel. It must be note that technically the application is downloaded and installed to an application cache on the local computer, just as a Web application is downloaded to the Web cache. As with the Web cache, the files are eventually scavenged from the application cache. The perception of the user, however, is that the application is being run from the Web or file share. This strategy works best for applications that are used infrequently — for example, an employee-benefits tool that is typically run only once a year. To enable this deployment strategy in Visual Studio, click Do not install the application on the Install or Run From Web page of the Publish Wizard. To enable this deployment strategy manually, edit the shellVisible tag in the deployment manifest.

In this lesson we have seen the different ways in which Windows Applications can be deployed. We have also seen how the thinking on deployment has evolved over the different versions of VS.NET. The ClickOnce feature that has been introduced by VB.NET 2.0 is a natural evolution of the process.