I've got an app that publishes and updates from an http update location (I publish to the ftp site of the host, and update from the website).
The publish.htm page is very handy as I can install the app on any machine, anywhere without needing media. The problem is, so can anyone else. How can I secure the update location so that only authorized users can install the app without buggering the auto-update feature of clickonce?
Is this an internal application? If so you could just exclude the publish.htm page from your deployment. Then to install you would then just use the application manifest link http://yoursite/YourApplication.application which should kick the install off, this would not affect automatic updates. This may be just enough obfuscation to for your purposes.
Failing that you can dynamically generate the application manifest using a little bit of asp.net which would only produce the manifest for the users you want. The other benefit this has is that you can isolate a small group of users when rolling out a new version.
Just a thought.
If you're still transferring over HTTP, it's as easy as running a traffic sniffing program like Wireshark to see where the application is downloading from. To evade this you'll need to make sure to transfer over HTTPS, on top of whatever obfuscation you do to hide the update location.
Related
I have several WinForm tools now. I publish them on an internal website. So my issue is that in case SmartScreen filter is turned on in IE then the users can't download them. They get "blocked" error message. If it's turned off then everything is fine, so it is SmartScreen for sure.
All the files are signed by Verisign certificates and all the file details are filled.
So the question: Ho can you make SmartScreen to trust your files, or how can you bypass it without making all the users turning it off?
Since this is an internal company tool, you should ask the company's systems administrators to deploy it for you.
It can be deployed using Group Policy, Systems Management Server or whatever management system they use.
Systems administrators have the ability to enable ClickOnce, then you can deploy it using ClickOnce.
No doubt they have other methods they use for other internal tools.
But the short answer is: You should not be trying to circumvent the protections that your company has put in place.
Instead, talk to them and they will help you find a way to get it done.
Smartscreen creates problems when you are trying to send binary files.SmartScreen responds by stating that the file is not commonly downloaded and can therefore install harmful files on your system. A common distribution trick to bypass SmartScreen warnings is to pack the installation package (Setup.exe) into ZIP-archive and distribute it that way.
I have a simple console application written in .NET. I need to make an installer for the console application and put it in the server directory. This can be achieved by using the Setup Project in MS Visual Studio. I also want the ability that whenever I open the app it checks for a new version. If the new version exists then it installs it. Any recommendations on how to achieve this in .NET?
ClickOnce handles versioning for you. Simply publish new versions to the same place as previous versions, and when the user starts the app they will receive notice of the new version. That's part of the whole point of ClickOnce. The downside is, you lose control over the location of your application in the user's filesystem (for a simple console app like yours, that's probably not a huge deal, but I'll leave that decision to you). We've also had difficulty with certificates; if you sign your ClickOnce manifests (strongly recommended) you have to keep exactly the same certificate, strongly identifiable from a major CA, to keep the ClickOnce process strictly "click once".
Pretty much the only other way to handle versioning is to implement some web service that will report the most current version, and have your app call that service on startup to notify the user of upgrades. The upside is that your users still control where the app goes, and you can control where the app is published (if the next version needs to go on a different server, no problem; just point the user there using some information returned by the web service). The downside is more work for you to develop and deploy.
I published an application,when publishing it i checked that the application should check for updates-now how do i make it realy check for updates-where should i put the new files and in which format?
You'll need it on some kind of Web server.
I would imigine that you also want some authentication so that only the application it self can gain access to the new version of the software.
I'm going to assume you mean you are using CLickOnce as the installer. If you want the app to check for updates every time it is ran you need to publish to a location all the apps can see. If this is an internal app I believe a network share will do. If not then you need to publish to a web server or ftp server.
You can use ClickOnce as nportelli mentioned above, or you can use a 3rd party utility to do the heavy lifting for you.
I wrote an open-source library to do just that transparently - including an external update application to do the actual cold update. See http://www.code972.com/blog/2010/08/nappupdate-application-auto-update-framework-for-dotnet/
The code is at http://github.com/synhershko/NAppUpdate (Licensed under the Apache 2.0 license)
I have an XBAP that needs to be able to burn cd's. When running from inside Visual Studio, everything works okay. However when running from a browser, the IMAPI dll reports that the environment is not supported as soon as it tries to access the drive.
I am assuming this is coming down to permissioning. I have a signed certificate which I have installed and the xbap is set to run as a full trust application (although I'm guessing that it can't be or I wouldn't be having this problem).
Currently this is all running on my local machine, however eventually I want this to be deployed to a web server (all users will already have the certificate installed on their clients).
Does anyone have any ideas as to what I've missed / done wrong?
Update:
I have tried creating a new, test certificate which I've installed in my certificate store and then signed the XBAP against it, but it makes no difference.
Really could do with some ideas if anyone has any?
Further Update:
I have created a console application which is able to burn cd's. Shelling out to this console application allows me to burn the cd from my xbap, but not from inside the xbap itself.
However, this is really not what I want. Ideally I want to have all this contained within the xbap. Failing that, is there a way to include the console application in the xbap's one click deployment?
Thanks
I believe this is not possible to do with XBAP. According to MS documentation on XBAPs,
Examples of permissions not available
in the Internet zone:
FileIOPermission - This permission controls the ability to read and write files on disk. Consequently, applications in the Internet zone cannot read files on the user's hard disk.
RegistryPermission - This permission controls the ability to read/write to the registry. Consequently, applications in the Internet zone cannot access or control state in the user's registry.
SecurityPermission.UnmanagedCode - This permission controls the ability to call native Win32 functions.
When you run your XBAP over the internet, you'll hit issue #3: trying to interop with unmanaged code.
I would recommend deploying your app as a stand-alone app with ClickOnce. That way, you can have full access to the system, but still get easy deployment and upgrades like you do with XBAP.
*edit*
One thing you could try -- and I can't guarantee it will work -- but you could have your users go into IE Internet Options, add your site to the trusted sites list. I'm betting then your CD burning code will work because it will be in the trusted zone, rather than the Internet Zone.
Try going to
HKLM\SOFTWARE\Microsoft.NETFramework\Windows Presentation Foundation\Hosting
in the registry
create a new DWORD named RunUnrestricted with value 1.
I have build an C# Winforms application which will need regular updates and patches in the future. To ease the update process for the users of my app I'd like to build an web-update class that looks for an update on my site.
What would be the most secure and reliable way to implement such a class, considering:
The site is build in PHP / Joomla
I haven't the foggiest idea how to program in PHP
All webserver directories are read-only by default (and only writeable by an FTP account I own)
The first and so far only idea that comes up to me is to create a file on my webserver that'll never be renamed, and in it I'll define the location of the latest version and number of it. The app will then be able to download the update from that path using the WebClient class.
However, if there's anyone with a better update-class idea that doesn't require an asp.net webserver nor webservices (already tried and failed on that one), I'll be grateful.
Edit:
I've tried the ClickOnce solution suggested by Gabriel McAdams, but on application startup I experience a "ClickOnce launch utility has stopped working" crash. So I'm again looking for a solution to update an application. For the moment, the answer of Kristian Damian is the most suitable.
I would look into ClickOnce Deployment.
Here is some of the text from that page:
ClickOnce deployment allows you to publish Windows-based applications to a Web server or network file share for simplified installation. Visual Studio provides full support for publishing and updating applications deployed with ClickOnce.
Maybe this link can help you:
http://themech.net/2008/05/adding-check-for-update-option-in-csharp/
I developed a Windows application in C# that does updates automatically over the Internet. After much grief, mainly because at that time I had very little experinece with Web development, I purchased a product that made it easy to update the application. If it is OK with StackOverFlow and you are interested, I can give you the URL.