BUILDING SMART CLIENT APPLICATIONS

About This Presentation

Title:

BUILDING SMART CLIENT APPLICATIONS

Description:

... XP Tablet PC Edition ... The Tablet PC Platform SDK v1.5. Includes API reference, design guide ... Applications in the Tablet PC SDK. A great way ... – PowerPoint PPT presentation

Number of Views:595

Avg rating:3.0/5.0

Slides: 126

Provided by: Cyn3

Category:

more less

Transcript and Presenter's Notes

Title: BUILDING SMART CLIENT APPLICATIONS

1
BUILDING SMART CLIENT APPLICATIONS
2
Prerequisites for Today's Seminar

Familiarity with the .NET Framework
The Common Language Runtime (CLR)
The Framework Class Library (FCL)
Managed code and assemblies
Familiarity with a managed language
The C programming language
The Visual Basic .NET programming language
It will be helpful if you also have familiarity
with
Database programming with ADO.NET
Developing Web applications with ASP.NET

3
Agenda

Developing Smart Client applications
What is a Smart Client Application?
Deploying and Testing Smart Client Applications
Code Access Security
Communicating With a Web Service
Storing Data Locally
Smart Client Features of the Microsoft Office
System

4
What is a Smart Client Application?

An application that combines
the advantages of traditional desktop
applications
the advantages of Web applications
the power and productivity of the .NET Framework

5
Traditional Desktop Applications

Benefits
Rich graphical user interface
Responsive to user's actions
Development tools provide high productivity
levels
Drawbacks
Requires costly client-side setup
Hard to deploy, maintain and update application
code
Vulnerable to component versioning problems (i.e.
DLL Hell)
Often relies on direct connection to DBMS
Hard to communicate with other systems in larger
network environments

6
Browser-based Web Applications

Benefits
Requires little or no client-side setup
Easy to deploy, maintain and update application
code
Eliminates user's need for direct connection to
DBMS
Works in larger network environments and across
firewalls
Drawbacks
User interface not as rich as a desktop
application
Client-side code must be written in JavaScript
(lower productivity)
Server-side roundtrips degrade application
responsiveness
Web application unusable when Web server is
offline
Web application unusable when user disconnected
from network

7
Once again, what is a Smart Client Application?

Definition of a Smart Client application
Rich graphical user interface
Responsive to user's actions
Requires little or no client-side setup
Easy to deploy, maintain and update application
code
Uses Web services to interact with remote server
computers
Works in larger network environments and across
firewalls
Works in connected mode and in disconnected mode

8
Smart Client Targets

Developing for desktop PCs and laptop PCs
Full access to the .NET Framework
Developing for Tablet PCs
Full access to the .NET Framework plus support
for pen computing
Developing for lightweight devices
Subset of .NET Framework known as .NET Compact
Framework (CF)
Visual Studio .NET supports Device
Programmability Features (DPF)

Lightweight Devices
Desktop and Laptop PCs
Tablet PCs
9
Smart Client Applications for Desktop PCs

You have full access to the .NET Framework
Build rich GUI with Windows Forms
Call to Web services using support in .NET
Framework
Store data for offline usage using support in
.NET Framework

10
Smart Client Layers

Smart Client application built on top of CLR and
FCL
Smart Client GUI built with Windows Forms
IEExec.exe provides support within IE for
downloading and running managed applications
deployed on a Web server

11
Smart Client Deployment Model

Applications deployed from Web server using href
tags
IEExec.exe automatically downloads application
files
IEExec.exe detects updates to application files

lta href"MyApp.exe"gtHERElt/agt
Local Hard Drive
MyApp.exe DateTime 710 AM 10/1/2003
Web Server
MyApp.exe.config DateTime 1036 PM 10/31/2003
IEExec.exe
MyLibrary.dll Version 1.0.24.0
BobsLibrary.dll Version 2.1.1969.1
12
Smart Client Communications Architecture

Smart clients communicate to server using Web
services
Smart clients can communicate to non-Windows
platforms
Smart clients store data locally for use in
disconnect mode

SQL Server
Custom Web Service
ASP.NET
Windows Server 2003
DB2
Custom Web Service
IBM Web Sphere
Local Hard drive
Unix
13
Developing Application for the Tablet PC

Today's Tablet PCs
Ship with Windows XP Tablet PC Edition installed
The .NET Framework is already built into the OS
Hardware already has built-in wireless support
When developing Tablet PC applications
You have full access to the .NET Framework
You have extra capabilities with Digital Ink and
Recognition
You can work in either portrait or landscape mode

14
Valuable Tablet PC Features

Digital Ink
Ink becomes a first class data type
Handwriting Recognition
Recognition support is built directly into the
.NET Framework

15
The Tablet PC Platform SDK v1.5

Includes API reference, design guide lines,
sample applications
http//msdn.microsoft.com/library/default.asp?url
/downloads/list/windevtpc.asp

16
Sample Applications in the Tablet PC SDK

A great way to get started

17
The .NET Compact Framework

The .NET Compact Framework (CF)
A subset of the .NET Framework runtime and
libraries
Designed for lightweight devices with constrained
resources
Runs on smart phones, Pocket PCs and other
handheld devices
Device Programmability features (DPF) of VS.NET
DPF are a set of tools that plug into Visual
Studio .NET
DPF simplifies software development targeting the
CF
DPF installs automatically with Visual Studio 2003

18
.NET Compact Framework Platforms

Supported Platforms
Pocket PC 2000
Pocket PC 2002
Pocket PC 2003
Pocket PC Phone Edition
Windows CE .NET 4.1 (Jameson) and above

19
What's Different About Smart Device Apps?

Display size
Desktop applications use 17 inch monitor
Pocket PC applications use 3.5 inch display
Mobile phone applications use 1.5 inch display
Memory usage
Desktop applications use 128 MB memory or more
Pocket PC applications often limited to 16 MB of
memory
Mobile phone applications may be limited to less
than that
Execution Model
Desktop applications store to disk, shut down and
then restart
Pocket PC applications run in always-ready mode

20
What .NET functionality do you lose?

Windows Forms
Controls have reduced set of methods, properties
events
All redundant functionality eliminated
"Slimmed down" object model takes some getting
used to
What else is missing?
No configuration files
No support for COM Interoperability
No support for XPath and XSLT Transforms
No support for ASP.NET
No support for .NET Remoting

21
Getting Started

Create a new Smart Device Application project
Choose C or Visual Basic .NET

22
Getting Started

Choose a target platform
Choose project type

23
Choosing the Target Platform

Windows CE
Target device should run Windows CE 4.1
WinForms apps have initial form size of 640x443
VS.NET uses Windows CE 4.1 emulator for testing
Pocket PC
Target device should be PPC 2000/2002 or PPC
Phone Edition
WinForms apps have initial form size of 240x320
VS.NET uses PPC emulator for testing
Additional Platforms Downloadable
Pocket PC 2003, soon SmartPhone

24
.NET CF Windows Forms Controls

A subset of .NET Windows Forms Controls

25
Developing Compact Framework Forms

Build GUI using Visual Studio .NET's Forms
Designer

26
Testing With The VS.NET Emulator

Testing simplified in VS.NET using device
emulator
VS.NET supports both WinCE 4.1 and PPC 2002
Emulator runs true operating system image

27
Building And Testing Smart Device Apps
28
Learning More About The Compact Framework

Online Resources
http//www.dotnetcf.com
http//msdn.microsoft.com/mobility
http//smartdevices.microsoftdev.com
Training
Developmentors .NET Compact Framework class
http//www.develop.com/netcf
Books
.NET Compact Framework Core Reference
Andy Wigley, Stephen Wheelwright
ISBN 0735617252

29
Smart Client Defining the Next Generation
Applications

Smart clients are the embodiment of the next
generation of client software that
Takes full advantage of end user devices (full
PC, PDA, phone)
Consumes web services,
Supports a rich experience both online and off,
and
Has the ease of deployment that is typically
associated with Web-based applications.

30
The Smart Client Landscape Breaking down the
different experiences
Thin Clients
Fat Clients
Smart Clients
SmallFootprint
Rich UserExperience
NetworkDependency
Ease of Deployment
DeveloperProductivity
HeavyFootprint
Poor UserExperience
EasyChangeManagement
Tough ToDeploy
Responsive
Complex To Develop
DLL Hell
31
Smart Client Readiness Program for ISVsGet SMART
about Smart Clients
1,500 ISVs enrolled!

Learn about smart clients
FREE benefits
S/W and dev kits
DevCon DVDs
Newsgroups
MS Press books

http//members.microsoft.com/partner/isv/smartclie
nts
32
Agenda

Developing Smart Client applications
What is a Smart Client Application?
Deploying and Testing Smart Client Applications
Code Access Security
Communicating With a Web Service
Storing Data Locally
Smart Client Features of the Microsoft Office
System

33
Check List for Smart Client Development

Learn how to create a Windows Forms application
Learn how to deploy and upgrade your code
Learn how to work within the CLR security sandbox
Learn how to create and call a Web Service
Learn how to store and retrieve your data locally

34
Building a Smart client application

Start by building a Windows Forms application

35
Using The Windows Forms Designer
36
Configuring applications

Applications can have configuration files
Configuration file has same name of application
and ".config"
Configuration file can contain application
settings
Visual Studio .NET provides app.config file for
convenience

lt!-- SmartClientDemo1.exe.config --gt lt?xml
version"1.0" encoding"utf-8" ?gt ltconfigurationgt
ltappSettingsgt ltadd key"MainFormCaption"
value"Barracuda .NET Customer Tracker 1.0" /gt
ltadd key"AboutCaption" value"Barracuda .NET
Customer Tracker 1.0" /gt ltadd
key"AboutMessage" value"Customer Tracker is
produced by Barracuda .NET, Inc." /gt
lt/appSettingsgt lt/configurationgt
Sub MainForm_Load(ByVal sender As Object, ByVal e
As EventArgs) Handles MyBase.Load Try '
read applications from configuration file
Me.Text ConfigurationSettings.AppSettings.Item("
MainFormCaption") Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Exclamation,
ex.GetType.Name) End Try End Sub
37
Component DLLs

What code should you component-ize?
Reusable UI controls
Business logic
Data access code
The .NET Framework facilitates reuse through DLLs
Created in Visual Studio .NET use Class Library
projects
Windows application project must reference DLL
project

38
Gratuitous ADO.NET Code

Create and populate DataSet object with customer
data

Class DataAccessCode Public Shared Function
GetCustomerData() As DataSet ' use this
connection string for testing but NOT FOR
PRODUCTION! Dim cs As String
"server(local)databaseCustomersDBuidsapwd"
' create a connection and a command
Dim conn As New SqlConnection(cs) Dim sql As
String "SELECT ID, FirstName, LastName, Phone
FROM Customers" Dim cmd As New
SqlCommand(sql, conn) ' create a data
adapter based on connection and command Dim
adapter As New SqlDataAdapter(cmd) '
create a new DataSet object and populate it using
adapter Dim CustomersDS As New DataSet
adapter.Fill(CustomersDS, "CustomersTable")
' clean up all database objects
adapter.Dispose() cmd.Dispose()
conn.Dispose() ' return DataSet object
reference to caller Return CustomersDS End
Function End Class
39
Gratuitous Data Binding

Many Windows Forms controls support data binding
Automatically populates DBMS data into grids,
list boxes, etc
How is it done?
Assign a DataView or a DataTable to control's
DataSource property

Dim CustomerDS As DataSet DataAccessCode.GetCust
omerData Dim CustomerTable As DataTable
CustomerDS.Tables("CustomersTable") ' bind
grid to default view of customers
table Me.grdCustomers.DataSource
CustomerTable.DefaultView
40
Inside Assemblies

Assembly-specific metadata
Type Information
Intermediate Language with executable
instructions

41
What's in a Name?

Each assembly has a 4-part name
Friendly name
Version number
Culture setting
Public key (or public key token)
Assembly names are tracked using format strings

MyLibrary, Version1.0.1.0, Cultureneutral,
PublicKeyTokennull
BobsLibrary, Version1.0.24.0, Cultureneutral,
PublicKeyToken816fbbdf1ffdccf7
42
Building An Assembly
' AssemblyInfo.vb file within
BobsLibrary.vbproj Imports System Imports
System.Reflection ' important attributes that
affect assembly name ltAssembly
AssemblyVersion("1.0.24.0")gt ltAssembly
AssemblyKeyFile("..\..\BobsKey.snk")gt ' less
important attributes that do not affect assembly
name ltAssembly AssemblyCompany("Bob's Widgets,
Inc.")gt ltAssembly AssemblyProduct("Widget-Meiste
r v1.0")gt ltAssembly AssemblyDescription("Widget-
Meister Data Access Code")gt
43
Assembly Signing and Tampering Protection

Assembly signing involves generating digital
signature
Digital signature built from private key and
assembly file hash
CLR authenticates digital signature with strong
name verification
Strong name verification detects traces or
tampering

' AssemblyInfo.vb Imports System.Reflection ltA
ssembly AssemblyVersion("1.0.24.0")gt ltAssembly
AssemblyKeyFile("..\..\BobsKey.snk")gt
44
Assembly Deployment Options

Deploy it as a private assembly
Install it into the Global Assembly Cache (GAC)
Deploy it by configuring a ltcodeBasegt element

45
The Global Assembly Cache

GAC serves as machine-wide assembly repository
Only allows for strongly-named assemblies
Allows for side-by-side deployment
GAC Administrative Tools
GACUTIL.EXE
Assembly Cache Viewer

46
Configuring an assembly with a codeBase

Assembly can be deployed anywhere using codeBase
Primarily used with strongly-named assemblies
ltcodeBasegt element can point to file or HTTP
address
Remote assemblies copied to CLR download cache
Downloaded assemblies run in restricted sandbox

ltconfigurationgt ltruntimegt ltassemblyBinding
xmlns"urnschemas-microsoft-comasm.v1"gt
ltdependentAssemblygt ltassemblyIdentity
name"BobsLibrary"
publicKeyToken"816fbbdf1ffdccf7" /gt
ltcodeBase version"1.0.24.0"
href"http//www.Bob.com/downloads/BobsLibrary.dll
"/gt lt/dependentAssemblygt
lt/assemblyBindinggt lt/runtimegt lt/configurationgt
47
Versioning Policy

the CLR enforces a set of versioning policy rules
used to ensure client gets the appropriate
version
assembly load fails if versioning policy rules
are not met
versioning policy is not enforced for all
assemblies
assemblies without strong names are not affected
by policy
assemblies with version number 0.0.0.0 not
affected by policy

48
Version Numbers

Version number has four parts (e.g. 1.0.24.0)
Major number
Minor number
Build number
Revision number

' AssemblyInfo.vb Imports System.Reflection ltA
ssembly AssemblyVersion("1.0.24.0")gt
49
More Versioning Policy

Assembly version number tracked at compile time
Client-side manifest contains compile-time
version number
CLR runs checks when attempting to load an
assembly
CLR inspects version number of assembly loaded at
run time and matches it the compile-time version
number
by default, these numbers must match or the load
fails
loading different version number requires custom
configuration

50
Redirecting a client to a different version

You can redirect client to use a different
version
done using binding redirect element

ltconfigurationgt ltruntimegt ltassemblyBinding
xmlns"urnschemas-microsoft-comasm.v1"gt
ltdependentAssemblygt ltassemblyIdentity
name"BobsLibrary"
publicKeyToken"816fbbdf1ffdccf7" /gt
ltbindingRedirect oldVersion"1.0.24.0"
newVersion"1.0.98.0" /gt
lt/dependentAssemblygt lt/assemblyBindinggt
lt/runtimegt lt/configurationgt
51
The assembly loader

Assembly resolver looks for assembly in this
order
in the GAC
at location specified by codeBase
in AppBase directory
in subdirectories as specified in private probe
path
What can you do if things are going wrong?
use the Assembly Binding Log Viewer (Fuslogvw.exe)

52
Deploying Smart Client Applications

XCOPY Deployment
Just copy files to the target machine
Installation Program
Using Window Installer technology and MSI files
No-touch deployment
Launching application from HREF on a Web page

53
XCOPY Deployment

Benefits
Its so easy - just copy AppBase directory to the
target machine
Requirements
Target machine must already have .NET Framework
installed
Drawbacks
Cannot add Windows short cuts for convenience
Updated files must be pushed out to target
machines

54
MSI File Installation Programs

Benefits
You can install the .NET Framework if needed
You can install Windows short cuts for
convenience
You can install dependant assemblies in the GAC
Requirements
You must create a setup program using an MSI file
Drawbacks
Updated application files must be explicitly
installed on target machines

55
Creating A Setup Program (1)

Setup Project under Setup and Deployment Projects
Create a project that produces an MSI file
installation program

56
Creating A Setup Program (2)

Install the .NET Framework if it's not already on
target machine
Install assembly DLLs in the GAC
Add shortcuts to the desktop and Start menu

57
No-touch Deployment

Benefits
No application-specific setup program required
User seamlessly downloads updated application
files
Requirements
User's PC must already have the .NET Framework
installed
User must launch EXE file from href tag on Web
page
Drawbacks
Application code must run within partially
trusted security context

58
How does no-touch deployment work?

CLR provides a hook (IEExec.exe) in Internet
Explorer
IEExec.exe hooks in when launching managed EXE
from href
IEExec.exe responsible for downloading/running
managed code
IEExec.exe uses version-aware caching

lta href"MyApp.exe"gtHERElt/agt
Local Hard Drive
MyApp.exe DateTime 710 AM 10/1/2003
IEExec.exe
Web Server
MyApp.exe.config DateTime 1036 PM 10/31/2003
MyLibrary.dll Version 1.0.24.0
BobsLibrary.dll Version 2.1.1969.1
59
The Download Cache

CLR copies all remote code to local download
cache
Prevents the need to download an EXE or DLL more
than once
Allows user to work in offline mode (with
caveats)
Interesting facts about the download cache
It's maintained on a per-user basis
Quota for storage space can be configured on a
per-user basis
Code in download cache not consider fully trusted

60
Version-aware Caching (1)

Upon first request to run an application EXE
The EXE file is copied to the download cache
Application configuration file is downloaded and
used
DLLs in AppBase directory are copied into the
download cache

GET /MyApp.exe HTTP/1.1 Accept
/ Accept-Language en-us Accept-Encoding gzip,
deflate User-Agent Mozilla/4.0 (compatible MSIE
6.0 Windows NT 5.1 Q312461 .NET CLR
1.0.3705) Host localhost Connection Keep-Alive
HTTP/1.1 200 OK Server Microsoft-IIS/5.1 Date
Fri, 01 Feb 2002 021129 GMT Content-Type
application/octet-stream Accept-Ranges
bytes Last-Modified Fri, 01 Feb 2002 014116
GMT ETag "50aae089c1aac11916" Content-Length
45056 ltltstream of bytes from MyApp.exegtgt
61
Version-aware Caching (2)

When application EXE is launched from an href
tag
IEExec.exe compares date-time stamp before
downloading
IEExec.exe downloads updated EXE file if
date-time stamp is more recent than copy of EXE
in download cache
IEExec.exe doesn't care about EXE's assembly
version number

GET /MyApp.exe HTTP/1.1 Accept
/ Accept-Language en-us Accept-Encoding gzip,
deflate If-Modified-Since Fri, 01 Feb 2002
014116 GMT If-None-Match "50aae089c1aac11916"
User-Agent Mozilla/4.0 Host
localhost Connection Keep-Alive
HTTP/1.1 304 Not Modified Server
Microsoft-IIS/5.1 Date Fri, 01 Feb 2002 024203
GMT ETag "a0fa92bc8aac11916" Content-Length 0
62
Limitations of URL-launched Applications

User must have connectivity to Web server by
default
Working from CLR download cache when disconnected
requires "Work Offline" mode to be selected in IE
Updates only detected at application launch time
User must quit and restart to pick up updates

63
ASP.NET and .NET configuration files

ASP.NET doesn't allow access to .config files by
default
Done to prevent the bad guy from downloading
web.config
Prevents downloading of application configuration
files inno-touch deployment scenarios
This behavior can be disabled using custom
web.config file

lt?xml version"1.0" encoding"utf-8"
?gt ltconfigurationgt ltsystem.webgt
lthttpHandlersgt lt!-- allow downloading
of all configuration files --gt ltremove
verb"" path".config" /gt lt!--
disallow downloading of web.config file --gt
ltadd verb"" path"web.config"
type"System.Web.HttpForbiddenHandler" /gt
lt/httpHandlersgt lt/system.webgt lt/configurationgt

64
Agenda

Developing Smart Client applications
What is a Smart Client Application?
Deploying and Testing Smart Client Applications
Code Access Security
Communicating With a Web Service
Storing Data Locally
Smart Client Features of the Microsoft Office
System

65
Traditional Windows security

Windows has always had a process-centric security
model
each process runs with identity and permissions
of a specific user
all code in process runs with identity and
permissions of this user
Is a process-centric security model effective?
Yes, in cases where one company has written all
the code
No, in cases where code comes from many different
companies
No, in the case where code is downloaded from a
partially trusted site

all code in process runs with Betty's identity
and Betty's permissions
Windows process running as Betty
BobsApp.exe
SallysCode.dll
WallysCode.dll
Betty the computer user
66
Where does managed code come from?

Managed Code may originate from many different
places
local hard drive
local intranet
the Internet

local hard drive
.NET application process running as Betty
BobsApp.exe
Intranet File server or Web server
SallysCode.dll
Internet
WallysCode.dll
Web Server
67
Motivation for component-centric security

Traditional Windows security doesnt suffice many
scenarios
Undesirable for all code to run with same
permissions as user
Code from different origins must be handled
differently

Windows process running as Betty
Code from executable application launched from
local hard drive should run without security
restrictions
BobsApp.exe
SallysCode.dll
Code downloaded from Intranet server should run
with a more restrictive set of permissions
WallysCode.dll
Code downloaded from unknown Internet server
should run in highly restrictive sandbox to
prevent security breeches, viruses, worms, etc.
68
Code Access Security

CLR introduces new model called Code Access
Security (CAS)
CAS is a preventative, component-centric security
model
CAS layers on top of security provided by OS
How does CAS work?
CLR assembly loader discovers evidence of
assembly origin
CLR assembly loader discovers evidence of
assembly producer
code from different origins/producers given
varying levels of trust
partially trusted code can be run using custom
permission set
code from unknown origins/producers runs in
restrictive sandbox

69
Host Evidence

CLR gathers host evidence while loading
assemblies
host evidence tracks information about where the
code came from
host evidence tracks information about who
published the code
Evidence about where the code came from
Url
Zone
Site
ApplicationDirectory
Evidence about who wrote the code
Strong name (i.e. public key)
Publisher (i.e X.509 certificate)

70
Zone

Zone evidence is created using information in Url
MyComputer - code originating from local hard
disk
Intranet - code originating from file server or
WINS address
Trusted - code originating from Url known to be
trusted
Internet - code originating from DNS or IP
address
Untrusted - code originating from Url known to be
untrusted

' defined in mscorlib.dll Namespace
System.Security Enum SecurityZone NoZone
-1 MyComputer Intranet Trusted
Internet Untrusted End Enum End Namespace
71
Security Policy

Assembly access rights controlled through
security policy
permissions determine what an assembly can and
cannot do
CLR assigns permissions to assembly at load time
CLR assigns permissions to assembly based on host
evidence
Security policy is based on four important
concepts
security policy levels
permissions
permission sets
code groups

72
Administering security policy

There are two tools to administrate security
policy
MSCORCFG.MSC - a visual admin tool that's an MMC
snap-in
CASPOL.EXE - a command-line driven utility

73
Security Policy Levels

Security policy is set at four different levels
all levels must agree to grant a permission
one policy level cannot lift restrictions defined
by another
by default, machine level is only level that
imposes restrictions

AppDomain-level settings not stored in
system-defined file - dynamic settings created by
host environment
Enterprise-level settings C\WINDOWS\Microsoft.NET
\Framework\v1.1.4322\config\enterprisesec.config
Machine-level settings C\WINDOWS\Microsoft.NET\Fr
amework\v1.1.4322\config\security.config
User-level settings C\Documents and
Settings\BobTheUser\Application
Data\ Microsoft\CLR Security Config\v1.1.4322\secu
rity.config
74
Permissions

Permissions allow code to do something
CLR ships with many built-in permission types

75
Permission Sets

A permission set represents a collection of
permissions
Permission sets make permission assignment more
manageable
CAS provides several built-in named permission
sets
CAS allows you to create custom permission sets
as well

Allows full access to all resources and .NET
framework class libraries
Grants right to bypass the verification
Permits execution of code
Denies all resources, including the right to
execute
Default rights given to applications on the local
intranet
Default rights given to internet applications
Allows unrestricted access to all resources
covered by built-in permissions
76
Creating a Custom Permission Set

MSCORCFG.MSC provides wizard to create a
permission set
permissions can be configured and added to
permission set

77
Code Group Trees

Each policy level consists of a tree of code
groups
CLR provides several built-in code groups
You can also create custom code groups
Code groups can have parent-child relationships
Child code group criteria evaluated only if
parent criteria are met

Custom code group
78
Creating a custom code group by hand

Steps to creating a custom code group
provide a name for your code group
specify a membership condition
assign a permission set to your code group

79
CAS and No-touch Deployment

With no-touch deployment, EXE runs without Full
Trust
Code runs within CAS sandbox by default
Code must be written to run in partially trusted
context
Partially trusted code
cannot call into strongly-named assemblies
is limited to what it can do around the network
is limited to where is can write on the local
file system
cannot write to the Windows Registry

80
AllowPartiallyTrustedCallersAttribute

Assembly with strong name imposes a noteworthy
restriction
by default, can only be used by caller that is
fully trusted
by default, cannot be used by application
launched from Web site
default behavior overridden using
AllowPartiallyTrustedCallers attribute

' AssemblyInfo.vb file within
BobsLibrary.vbproj Imports System Imports
System.Reflection ' important attributes that
affect assembly name ltAssembly
AssemblyVersion("1.0.24.0")gt ltAssembly
AssemblyKeyFile("..\..\BobsKey.snk")gt '
allow partially trusted caller to access this
assembly ltAssembly AllowPartiallyTrustedCallers()
gt
81
Modifying Local CAS Policy

Accomplished using an MSI file installation
program
You must write code to create and configure a new
code group
What can you do?
You modify CAS policy so an EXE runs with
specific permissions
You modify CAS policy so an EXE runs with full
trust

82
Steps to Creating MSI File To Modify CAS Policy

Create a new Setup project
Add a new Class Library project
Add an Installer Class
Create handler for BeforeInstall event

Imports System.ComponentModel Imports
System.Configuration.Install ltRunInstaller(True)gt
_ Public Class PolicyInstaller Inherits
System.Configuration.Install.Installer Sub
PolicyInstaller_BeforeInstall(ByVal sender As
Object, _
ByVal e As InstallEventArgs) _
Handles MyBase.BeforeInstall
' add code to configure local CAS policy
End Sub End Class
83
Code For Modifying CAS Policy
Imports System.ComponentModel Imports
System.Configuration.Install Imports
System.Security Imports System.Security.Permission
s Imports System.Security.Policy ltRunInstaller(Tr
ue)gt_ Public Class PolicyInstaller Inherits
Installer Private Sub PolicyInstaller_BeforeIns
tall( ) Handles MyBase.BeforeInstall '
(1) find Machine-wide policy level object Dim
machinePolicyLevel As PolicyLevel Dim cursor
As IEnumerator SecurityManager.PolicyHierarchy
Do While (cursor.MoveNext) Dim current
As PolicyLevel CType(cursor.Current,
PolicyLevel) If (current.Label "Machine")
Then machinePolicyLevel current
Exit Do End If Loop ' (2) create
membership condition Dim condition As New
UrlMembershipCondition("http//Barracuda.net/")
' (3) create code group using FullTrust
named permission set Dim permissionsetFullTrus
t As New NamedPermissionSet("FullTrust") Dim
policyStatement As New PolicyStatement(permissions
etFullTrust) Dim BarracudaCodeGroup As
CodeGroup BarracudaCodeGroup New
UnionCodeGroup(condition, policyStatement)
BarracudaCodeGroup.Name "Barracuda_FullTrust"
BarracudaCodeGroup.Description "Custom code
group for no-touch deployment apps" ' (4)
add code group to machine policy level and then
save work machinePolicyLevel.RootCodeGroup.Add
Child(BarracudaCodeGroup) SecurityManager.Save
Policy() End Sub End Class
84
Agenda

Developing Smart Client applications
What is a Smart Client Application?
Deploying and Testing Smart Client Applications
Code Access Security
Communicating With a Web Service
Storing Data Locally
Smart Client Features of the Microsoft Office
System

85
Why Web services?

They have advantages over other distributed
communications technologies such as DCOM, CORBA
and Java RMI
communicate across firewalls
integrate applications across vendor and platform
boundaries
create business-to-business applications
leverage Internet-style security (e.g. SSL,
passport)
leverage HTTP load balancing

86
Web Services Specifications and Technologies

XML (Extensible Markup Language)
XML provides a standard way to represent data
XSD (XML Schema)
A standard type system for XML data
SOAP (Simple Object Access Protocol)
A RPC mechanism for invoking Web service methods
WSDL (Web Service Description Language)
A language for defining a Web service contract
A WSDL contract is machine readable and human
readable

87
.NET Supports Web Services via Web Methods

.NET provides support for building custom Web
services
Custom Web services can be deployed using .asmx
files
Custom Web services can also be deployed as DLLs
Web service is custom class that inherits from
WebService class
Methods marked with WebMethod attribute are
exposed via SOAP
ASP.NET can build WSDL contract dynamically using
reflection
ASP.NET provides listener that maps client
requests to your code

lt_at_ WebService Language"vb" Class"Service1"
gt ltWebService(Namespace"http//Barracuda.com/"
)gt _ Public Class Service1 Inherits
WebService ltWebMethod()gt _ Public Function
HelloWorld() As String Return "Hello World"
End Function End Class
88
Web Service For The Customer Tracker App

Deploy this .asmx file on any Web server with
ASP.NET

lt_at_ WebService Language"vb" Class"CustomerServic
e" gt Imports System Imports System.Data Imports
System.Web Imports System.Web.Services ltWebServic
e(Namespace"http//Barracuda.net/")gt _ Public
Class CustomerService ltSystem.Web.Services.WebM
ethod()gt _ Function GetCustomerData() As
DataSet ' (1) connect to DBMS using
ADO.NET ' (2) retrieve data from
Customers table ' (3) return DataSet with
Customers table data End Function End Class
89
ASP.NET Web Service projects

Web Service projects used to created ASP.NET Web
Service
each project based on an IIS virtual directory
VS.NET creates code-behind .vb files for Web
service code

90
Web References

Web References used on client-side to access Web
services
VS.NET generate client-side proxy class using
WSDL
proxy class manages SOAP request and response

91
Programming Against A Web Reference

Special Proxy object created on client machine
Proxy object exposes easy to use methods
Proxy object deals with XML and SOAP behind the
scenes

Public Function FileDownload() As DataTable
' call Web service to download DataSet Dim
proxy As New BarracudaServices.CustomerService
proxy.Url "http//Barracuda.net/CustomerService
.asmx" Me.CustomerDS proxy.GetCustomerData
Return CustomerDS.Tables(0) End Function
SQL Server
XML/SOAP
Local Proxy
Custom Web Service
ASP.NET
Windows Server 2003
92
Calling Web Services from Partially Trusted Code

Partially trusted code is limited to what it can
do
Partially trusted code can call Web service from
its own domain
Partially trusted code cannot call Web service
anywhere else
Recommendation
Deploy smart client application files from the
same domain that provides access to the Web
service

93
Agenda

Developing Smart Client applications
What is a Smart Client Application?
Deploying and Testing Smart Client Applications
Code Access Security
Communicating With a Web Service
Storing Data Locally
Smart Client Features of the Microsoft Office
System

94
Streaming I/O

I/O in .NET is built on top of the concept of a
stream
stream is an abstraction representing a generic
array of bytes
stream abstracts away details of
transmitting/storing data
Stream-based I/O often involves reader and writer
objects
Writer objects write formatted data into stream
Reader objects pull data out of stream

Stream media memory buffer operating system
file network message
Reader object
95
Writing text to a file

System.IO.FileStream class provides support for
file I/O
FileStream constructor accepts file path, file
mode, and file access
StreamWriter object can be used to write text
into file stream

Imports System.IO Class WriterApp Shared Sub
Main() Dim fs As New FileStream("MyData.txt",
FileMode.Create, FileAccess.Write) Dim writer
As New StreamWriter(fs) writer.WriteLine("Hell
o") writer.WriteLine("Goodbye")
writer.Flush() ' call Flush on writer when
done fs.Close() ' call Close to release
lock on file End Sub End Class
96
Reading text from a file

FileStream object can be opened for read access
StreamReader object can be used to read text out
of file stream

Imports System.IO Module ReaderApp Sub Main()
Dim fs As New FileStream("MyData.txt",
FileMode.Open, FileAccess.Read) Dim reader As
New StreamReader(fs) ' read text out of
file Dim contents As String
reader.ReadToEnd ' make sure to close
stream when work is complete fs.Close() End
Sub End Module
MyData.txt
97
CLR Serialization

CLR can automatically serialize in-memory objects
to a stream
serialization transforms object (or object graph)
into byte array
serialized object can be written to disk
serialized object can be transmitted across
network
Serialized object state can be deserialized into
cloned object
Deserialization allows copy of object to be
created at later time
Deserialization allows copy of object to be
created in different place

98
Understanding How CLR Serialization Works

What types of objects can be serialized
Objects created from class with the
ltSerializablegt attribute
CLR can provide automatic serialization
Custom serialization requires implementing
ISerializable
When does object serialization typically occur?
When client calls Serialize on a formatter class
When an objects is passed over marshaling
boundaries

ltSerializable()gt _ Public Class Employee '
class definition goes here End Class
99
Using automatic serialization

CLR provides serialization support for
ltSerializablegt classes
CLR serialization driven through component
metadata
CLR serializes private fields as well as public
fields

ltSerializable()gt _ Public Class Employee
Public ID As Integer Public Name As String
Private Salary As Decimal Sub New(ID As
Integer, Name As String, ByVal Salary As
Decimal) Me.ID ID Me.Name Name
Me.Salary Salary End Sub End Class
100
Binary formatter
Imports System.IO Imports System.Runtime.Serializa
tion.Formatters.Binary Class MyApp Shared Sub
SaveEmployees() ' create a 3-element array
of Employee object Dim employees() As
Employee New Employee(1, "Bob Roberts",
120000D), _
New Employee(2, "Pam Bamblets", 275000D), _
New Employee(3, "Guy
Laney", 28600D) Dim fs As FileStream fs
File.Open("Employees.dat", IO.FileMode.Create)
Dim fmt As New BinaryFormatter
fmt.Serialize(fs, employees) fs.Close() End
Sub Shared Sub LoadEmployees() Dim fs As
FileStream fs File.Open("Employees.dat",
IO.FileMode.Open) Dim fmt As New
BinaryFormatter Dim employees() As Employee
CType(fmt.Deserialize(fs), Employee())
fs.Close() Dim emp As Employee For Each
emp In employees Console.WriteLine(emp.Name)
Next End Sub End Class
Employees.dat
101
SOAP formatter
Imports System.IO Imports System.Runtime.Serializa
tion.Formatters.Soap Class MyApp Shared Sub
SaveEmployees() Dim employees() As Employee
New Employee(1, "Bob Roberts", 120000D), _
New Employee(2, "Pam
Bamblets", 275000D), _
New Employee(3, "Guy Laney", 28600D)
Dim fs As FileStream fs File.Open("MyData.xm
l", IO.FileMode.Create) Dim fmt As New
SoapFormatter fmt.Serialize(fs, employees)
fs.Close() End Sub Shared Sub
LoadEmployees() Dim fs As FileStream fs
File.Open("MyData.xml", IO.FileMode.Open) Dim
fmt As New SoapFormatter Dim employees() As
Employee CType(fmt.Deserialize(fs),
Employee()) fs.Close() Dim emp As
Employee For Each emp In employees
Console.WriteLine(emp.Name) Next End
Sub End Class
Employees.xml
102
Serializing an ADO.NET DataSet object

ADO.NET DataSet objects are serializable
Makes it easy to save and load from the local
hard disk

Public Class FullyTrustedDataManager Private
CustomerDS As New DataSet Private CustomerTable
As DataTable Public Sub FileSave() '
open file stream for write access Dim fs As
New FileStream("Customers.xml", FileMode.Create,
FileAccess.Write) ' create formatter
object and serialize DataSet object Dim fmt
As New SoapFormatter fmt.Serialize(fs,
CustomerDS) ' close stream when done
fs.Close() End Sub End Class
103
Deserializing a DataSet object

DataSet can by loaded from stream on local hard
drive

Public Class FullyTrustedDataManager Private
CustomerDS As New DataSet Private CustomerTable
As DataTable Public Function FileLoad() As
DataTable ' open file stream for write
access Dim fs As New FileStream("Customers.xml
", FileMode.Open, FileAccess.Read) '
create formatter object and serialize DataSet
object Dim fmt As New SoapFormatter
CustomerDS CType(fmt.Deserialize(fs),
DataSet) ' close file stream when done
fs.Close() ' return DataTable with
customers data Return CustomerDS.Tables("Custo
mersTable") End Function End Class
xxx
104
I/O and Partially Trusted Code

I/O requires special attention using no-touch
deployment
Partially trusted code doesn't have full access
to local hard drive
Partially trusted code cannot use CLR
serialization
Recommendations
Use isolated storage for storing data locally
Avoid CLR serialization
Use the XML serialization
Use DataSet object methods such as ReadXML and
WriteXML

105
Using Isolated Storage

Added to the CLR to support I/O for partially
trusted code
Allows for local storage
Doesnt require giving code full access to local
hard drive

106
Writing a DataSet to Isolated Storage
' open isolated store Dim store As
IsolatedStorageFile _ IsolatedStorageFile.Ge
tStore(IsolatedStorageScope.Assembly Or -
IsolatedStorageScope.Dom
ain Or _
IsolatedStorageScope.User, Nothing,
Nothing) ' create FileStreams within isolated
store Dim fs1 As New IsolatedStorageFileStream("Cu
stomers.xsd", _
FileMode.Create, _
FileAccess.Write, _
store) Dim fs2 As
New IsolatedStorageFileStream("Customers.xml", _

FileMode.Create, _
FileAccess.Write, _
store) ' persist
Dataset and Dataset schema with customer
data CustomerDS.WriteXmlSchema(fs1) CustomerDS.Wri
teXml(fs2) ' close everything
up fs1.Close() fs2.Close() store.Close()
107
Loading a DataSet from Isolated Storage
Dim store As IsolatedStorageFile _
IsolatedStorageFile.GetStore(IsolatedStorageScope.
Assembly Or _
IsolatedStorageScope.Domain Or _
IsolatedStorageScope.User,
Nothing, Nothing) ' open FileStreams from
within isolated store Dim fs1 As New
IsolatedStorageFileStream("Customers.xsd", _

FileMode.Open, _
FileAccess.Read, _
store) Dim fs2 As New
IsolatedStorageFileStream("Customers.xml", _

FileMode.Open, _
FileAccess.Read, _
store) ' create new
DataSet and load customer data from
disk CustomerDS New DataSet CustomerDS.ReadXmlSc
hema(fs1) CustomerDS.ReadXml(fs2) ' close
everything up fs1.Close() fs2.Close() store.Close(
)
xxx
108
Agenda

Developing Smart Client applications
What is a Smart Client Application?
Deploying and Testing Smart Client Applications
Code Access Security
Communicating With a Web Service
Storing Data Locally
Smart Client Features of the Microsoft Office
System

109
Software Demands

The way people work has changed
Many geographically dispersed groups collaborate
on a single solution/project
Groups are often within different organizations
Presence information needs to be easily conveyed
when working
Large amounts of data still collected via paper
forms
Data captured in electronic forms like Word or
Excel need to be easily submitted for processing
A Network file share simply doesnt cut it!

110
Microsoft Office 2003 Addresses the Demands

Support for Instant Messaging built in
Support for easy collaboration of Excel, Word,
PowerPoint and other documents via SharePoint
Support for easy data exchange via XML
Support for easy capture of form data
Ability to easily share lists
Security can be tied to documents

111
Smart Clients Together With Smart Servers
Smart Servers
Smart Clients
Custom Web Service
Custom Application
Research Library
SQL Server
Word
SharePoint Services
Excel
ASP.NET
Access
Live Communications Server
InfoPath
Windows Server 2003
Local Hard drive
112
Data Gathering With Word and Excel

Office documents are stored using XML
You can attach an XML schema to an Office doument
XML schema validation as you type

113
What Can You Do With Office Documents?
Word
Your XML
Save Data Only or Transform
Microsoft Corp.
Microsoft Corp.
2/21/2003
Strong Buy
Strong Buy
2/21/2003
Database
Transform
WordML
Open/Save
Microsoft Corp.
2/21/2003
Strong Buy
Trans-form
114
Smart Documents

A smart document is
XML data stored together with code containing
application logic
Custom-defined schema attached
Code mapped to schema elements
Support through XML Expansion Pack

Document or Workbook
XML Schema
XML-ized
Manifest
Compiled Logic
Namespace
Solution ID
Other Files
Solution URL
115
End User Experience
User opens document
Download/update/attach expansion pack files
Document Actions Task pane / Smart Doc DLL
initialization
User Interaction Loop/ Task pane refresh
116
Automatic Updating
117
Building Smart DocumentsMapping XML Elements to
Controls
http//msdn.streetmarket.com/hr
VacationRequest
ControlCount 5
101
ControlIndex 100
102
103
104
105
118
Research Library OverviewBuilt-in Services
119
Research Library OverviewSome Examples
120
Introduction to InfoPath

New Office product for information gathering
Share information across business process and
system
Forms-based user interface for data
Office and SharePoint integration

121
Designing Form TemplatesForm Templates
Schema (XSD)
Form Manifest (XSF)
URL or URN
.XML
Default Data (XML)
Business Logic (JS,VS)
InfoPath Form Template (XSN)
122
Retrieving and Submitting DataRetrieving
Secondary Data

Retrieve secondary data from
XML file
Web service
Database
Offline use
User enters all data
Fallback to file (resource in template or local
XML file)
Custom script to make snapshot

123
Retrieving and Submitting Data Submitting Data
124
Windows SharePoint Services

The next generation of collaboration software
Exposed via Web Services architecture
All Office 2003 products support XML data and
working with Web Services

Smart Clients
Custom Application
Smart Servers
SQL Server
Word
SharePoint Services
Excel
ASP.NET
Access
Live Communications Server
InfoPath
Windows Server 2003
Local Hard drive
125
Visual Studio Tools for Office