Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Jamie Cool - Demo of ClickOnce

Download

Right click “Save as…”

ClickOnce is a new deployment technology in the next version of Visual Studio (Visual Studio 2005, aka "Whidbey"). 

ClickOnce lets you deliver .NET apps with just a single click off of a Web page. Here Jamie Cool demonstrates the developer experience of ClickOnce and how you'll be able to use it in your own applications.

Tag:

Follow the Discussion

  • joe.wurzburgerjoe.​wurzburger Scary, I know
    Cool demo.  Our install and support folks are going to go ga-ga over this.  We were doing early design work on an "auto-upgrader" for our existing .NET client apps ... looks like that'd be a waste of time now.

    I did get a kick out of the IISRESET, though ... now that's a realistic demo. Smiley
  • farquharfarquhar useless drivel
    About key files: "I could have...whatever."

    Doesn't sound like the security message is sticking. That, sir, is lip service to security. Demonstrate real world examples.

    The more Microsoft folks "whatever" security and use demo/dev behavior the more the folks who only watch and copy will get it wrong or not value the security bits and wizards and what they were designed to do. I realize security wasn't the purpose of the demonstation but the "whatever" hurts the cause.
  • ZippyVZippyV Fired Up
    The guy mentioned that it wouldn't work on Netscape. Why? Can the program and ClickOnce only be launched by Internet Explorer? It should work with other browsers too. Maybe not Netscape but certainly with FireFox or Mozilla or Opera.
  • moofishmoofish Living in Scotland, UK
    so what you are saying is that it only works on ms products
  • ZippyV wrote:
    The guy mentioned that it wouldn't work on Netscape. Why? Can the program and ClickOnce only be launched by Internet Explorer? It should work with other browsers too. Maybe not Netscape but certainly with FireFox or Mozilla or Opera.


    I think it was more a case that it won't work the way they are written today. If they call the Windows URL APIs or handle the MIME types correctly themselves it should work fine.

    I'm more concerned by how much space will potentially be wasted by the roll-back feature. It's not much for a simple app like that but what about something the size of Office? That said it is potentially very cool for those times when an update breaks functionality.
  • Mike SampsonSampy And I come back to you now - at the turn of the tide
    Jamie most likely "whatevered" security because we're still working on tweaking our security settings and system before we release. Thus, what he shows you now in the security part of ClickOnce isn't what you're going to see when we ship Beta 2 and RTM.

    As someone who is deeply involved in this (I wrote the code on the security property page and I'm updating the signing page), I can tell you that we are NOT taking security lightly. We work closely with the Windows team to make sure we make the right security choices going forward. The CLR security team is a key contributor to the ClickOnce effort.

    Security is ALWAYS on our mind when we design, implement, and test ClickOnce.
  • Question.. If a user downloaded/installed the application, and then the Dev changed the security permissions and the user gets an update, does it warn that user about changes in the privileges of the updated version?
  • Mike SampsonSampy And I come back to you now - at the turn of the tide
    Manip wrote:
    Question.. If a user downloaded/installed the application, and then the Dev changed the security permissions and the user gets an update, does it warn that user about changes in the privileges of the updated version?


    Yes.
  • AndyC wrote:

    I think it was more a case that it won't work the way they are written today. If they call the Windows URL APIs or handle the MIME types correctly themselves it should work fine.


    I'm also confident that the good people working on Firefox will adress that issue. This could become what ActiveX never was! Or in a worst case become ActiveX all over again.
    I think the deciding factor will be if it is possible to get end users to pay attention to the security dialogs and not just click accept/deny like zombies.

    - Warning: The application "Paris Hilton pictures" needs permissions to mess up your system - is that okey?
    - Hell yes, hit me bro!!

    CAS is a suweet thing. If people just learn to use it.
  • Tom ServoTom Servo W-hat?
    I can tell you from experience that home users will likely hit OK and ignore any warnings if the application title is pleasing enough, for instance above mentioned exampole "Paris Hilton pictures".

    Another question anyway:

    Will ClickOnce show warnings if the publisher changed during an update? Because it wouldn't be exactly the bomb when some hacker uploads a different package and ClickOnce assumes it automatically safe because the update comes from the same place as the initial install and all previous updates.
  • farquharfarquhar useless drivel
    Thanks Sampy. I really Know MS is taking security seriously. I also Know people deploy code based on your samples. They hop over the wizard they see an MS demo hop over.

    My plea is to deal with the security where ever it is encountered in demos. In time it will become second nature, requiring no comment or explanation.

    In the mean time I'll go back to educating my devteams and consulting groups on why not to use SQL sa , why not to store secrets in plaintext with everyone read ACLs , and all the other things they learned in the bad old days.

    http://ftp.gnu.org/savannah/files/faifes/c1291.html
  • ZippyVZippyV Fired Up
    Why is ClickOnce not available in the Express products?
  • scobleizerscobleizer I'm the video guy
    Want the honest answer? We'd like to sell you a copy of Visual Studio.
  • Mike SampsonSampy And I come back to you now - at the turn of the tide
    ClickOnce in express is being considered for Beta 2.

    However, you can play with ClickOnce with your express SKU today! See my blog post on the topic:

    http://blogs.msdn.com/misampso/archive/2004/07/26/197577.aspx
  • Since this thread has been brought back up already...

    ClickOnce sounds suspiciously close in name to InstallShield's One-Click.  It's been bugging me enough to mention it. Smiley
  • Mike SampsonSampy And I come back to you now - at the turn of the tide
    farquhar wrote:
    Thanks Sampy. I really Know MS is taking security seriously. I also Know people deploy code based on your samples. They hop over the wizard they see an MS demo hop over.


    All ClickOnce manifests must be signed otherwise they are invalid. VS does not let you create unsigned manifests (we'll make a new key for you if you try  and publish without a key selected) and the runtime will not execute them. If a ClickOnce application activated from the internet and does not run inside the Internet zone, it will not activate unless the signature is trusted. Try it in Beta 1, the user isn't even allowed to override this choice.

    The ClickOnce defaults will be secure and prevent unathorized execution. We're taking a very XP SP2 approach to things in this regard. "We" being not just the ClickOnce team but all of the Visual Studio and .Net frameworks team and all of Microsoft.
  • ZippyVZippyV Fired Up
    Sampy wrote:
    ClickOnce in express is being considered for Beta 2.

    In your face Scoble!

    BTW, is it possible to pack an application and the setup.exe in a .cab file? My ISP doesn't allow exe files on the webspace or files bigger than 2MB.
  • Tom ServoTom Servo W-hat?
    Dumb question, are the premises (code and whatnot) for a ClickOnce install packed with the file that gets deployed on a webserver? Means, can anyone install a ClickOnce package without installing something else in advance?
  • Is there a forum we can ask questions about ClickOnce?
    Like how to pass it arguments (main String[] type)?
    .V
  • scobleizerscobleizer I'm the video guy
    These are the best places to go:

    http://www.windowsforms.net/Articles/default.aspx?PageID=1&Cat=%22ClickOnce%22+Deployment&ModuleFilter=131&tabindex=3

    http://msdn.microsoft.com/smartclient/community/wffaq/wf20.aspx#9mqicswf

  • LFSLFS Tom Foolery
    Sampy wrote:
    If a ClickOnce application activated from the internet and does not run inside the Internet zone, it will not activate unless the signature is trusted. Try it in Beta 1, the user isn't even allowed to override this choice.

    It looks like I'll need a couple more zones then because I want my internet zone as restrictive as it can be made (absolutely no downloaded script/code is to be executed) so click-once applications from a 'cool-apps' site would not be allowed. Also, I don't want to have to provide full trust to a C-O application from someone I do not know, and I may want to relax restrictions for applications from well known sources, but still not allow full trust (such as executing unmanaged code)

    This all looks like it could get very messy, rather quickly if I want anything other than Internet zone, or Full Trust. But I actually do want a sandbox zone for these type of applications, without having to change the settings I have for the current zones.  What is being done to provide that sort of sandbox zone?
     
    What I'd like to see is a means to set up a customized zone (sandbox) the first time I hit a click once link such that I can set the permissions right there, or can choose from a preconfigured (admin supplied) template.  It seems to me, having just the two extremes (Internet and Trusted) will not be enough to enjoy the technology in a safe manner.  Having variable shades of grey will be confusing to a casual user, but providing a few common templates may be well advised.... 

  • I know I'm a bit late here, but...

    I've been asked to create an app that deploys in the way ClickOnce does, and updates silently, with no user interaction at all.

    Is this possible using ClickOnce or does the user always get prompted when a new version is available?

    TIA

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.