Take the Pain Out of Deployments with ClickOnce

Take the Pain Out of Deployments with ClickOnce

ne of the most challenging tasks faced by Windows application developers is the deployment of their applications on the client machines. Once an application is deployed, any changes or maintenance to the application require redeployment. Worse, with so many different client configurations, updating a Windows application is always fraught with unknowns.

In Visual Studio 2005, a new deployment technology known as ClickOnce makes such deployments and even updates extremely easy and painless. ClickOnce is the perfect technology to ease the deployment of smart clients.

A smart client, of course, is basically a Windows application that leverages the system’s local resources and is able to intelligently connect to distributed data sources (such as Web services) as needed.

Ubiquitous access was the key advantage that helped propel the popularity of Web-based applications in the enterprise. And while today a lot of companies are still using Web-based apps, network latencies and server delays are some of the issues that companies struggle with. Common frustrations include slow response time from Web sites and limited functionality (due to the stateless nature of the HTTP protocol). A smart client aims to reap the benefit of the rich functionality of the client (Windows) while utilizing the power of Web services to provide ubiquitous data access on the back end. ClickOnce provides a critical piece of enabling infrastructure for a smart client: It allows you to deploy applications onto users’ computers with the same ease that Web-based applications are accessed.

To illustrate how ClickOnce works, I will build a simple Windows application and then publish and deploy the application using a Web server. Furthermore, because ClickOnce has the added benefit of automatically checking for the latest update of the application (you can configure the application to check every time before it runs or to check at regular time intervals), I will also show you how to configure the application with the minimum set of permissions needed for it to perform these checks properly and safely.

Creating the UI
The sample application is a simple text editor. Using this text editor, you can open a file for editing, save a file to disk, as well as perform a simple spell-check using a spell-check Web service.

To build the sample app, launch Visual Studio 2005 and create a new Windows application. Name it C:MyEditor. Populate the default Form1 with the controls as shown in Figure 1.

Figure 1. Buiding the UI: Populate the default Form1 with the various controls shown.
Figure 2. Add a Menu: Add and populate a ContextMenuStrip control on Form1.

Next, add a ContextMenuStrip control from the Toolbox and add a menu item into the control, as shown in Figure 2.

Set the ContextMenuStrip property of RichTextBox1 to “ContextMenuStrip1” so that when the user right-clicks on the RichTextBox control, a context menu is displayed.

Adding a Web Service
In this section I will add a Web service to the project. The text editor will connect to this Web service for the spell-check functionality. Go to File?>Add?>New Web Site?. Select the ASP.NET Web Service template and name the project http://localhost/SpellCheckWS (see Figure 3).

Figure 3. Spell Check: Create a new Web service project to provide the spell-check functionality for the smart client text editor.

In the Service1.vb file, code the following:

     _    Public Function CheckWord(ByVal word As String) As String()        Dim result(0) As String        result(0) = ""        Select Case word            Case "teh" : ReDim result(0)                result(0) = "the"            Case "comuter" : ReDim result(2)                result(0) = "commuter"                result(1) = "computer"                result(2) = "commuters"        End Select        Return result    End Function

Essentially, the CheckWord() function takes a string parameter and returns an array of strings. For simplicity I have hard-coded the words to spell-check.

Consuming the Web Service
To consume the Web service, right-click on the MyEditor project in Solution Explorer and select Add Web Reference?. In the Add Web Reference dialog, enter the URL as shown in Figure 4 and then click Go. Finally, click Add Reference and then OK.

Figure 4. Web Service URL: Add a Web reference to the Web service.

Double-click on the Spell Check item in the ContextMenuStrip control and code the following:

    Private Sub SpellCheckToolStripMenuItem_Click( _       ByVal sender As System.Object, _       ByVal e As System.EventArgs) _       Handles SpellCheckToolStripMenuItem.Click        '---use the web service to spell-check a word        Dim ws As New SpellCheckWS.Service        Dim result() As String        result = ws.CheckWord(RichTextBox1.SelectedText)        Dim str As String = ""        For i As Integer = 0 To result.Length - 1            str += result(i) & ", "        Next        '---display the list of possible words        MsgBox(str)    End Sub

The above block of code will connect to the spell-check Web service and display the result returned by it.

Likewise for the Open button, code the following:

Private Sub btnOpen_Click( _   ByVal sender As System.Object, _   ByVal e As System.EventArgs) _   Handles btnOpen.Click        ' Create an OpenFileDialog to request a file to open.        Dim openFile1 As New OpenFileDialog()        ' Initialize the OpenFileDialog to look for RTF files.        openFile1.DefaultExt = "*.rtf"        openFile1.Filter = "RTF Files|*.rtf"        ' Determine whether the user selected a file from the         ' OpenFileDialog.        If (openFile1.ShowDialog() = _            System.Windows.Forms.DialogResult.OK) _            And (openFile1.FileName.Length > 0) Then            ' Load the contents of the file into the RichTextBox.            RichTextBox1.LoadFile(openFile1.FileName, _                RichTextBoxStreamType.PlainText)        End If    End Sub

The above block of code will display the Open File dialog to let the user choose a filename. The chosen file is then loaded onto the RichTextBox control.

For the Save button, code the following. This will open the Save File dialog and save the content of the RichTextBox control onto the selected file.

Private Sub btnSave_Click( _   ByVal sender As System.Object, _   ByVal e As System.EventArgs) _   Handles btnSave.Click        ' Create a SaveFileDialog to request a path and file name        ' to save to.        Dim saveFile1 As New SaveFileDialog()        ' Initialize the SaveFileDialog to specify the RTF extension         ' for the file.        saveFile1.DefaultExt = "*.rtf"        saveFile1.Filter = "RTF Files|*.rtf"        ' Determine if the user selected a file name from the         ' saveFileDialog.        If (saveFile1.ShowDialog() = _            System.Windows.Forms.DialogResult.OK) _            And (saveFile1.FileName.Length) > 0 Then            ' Save the contents of the RichTextBox into the file.            RichTextBox1.SaveFile(saveFile1.FileName, _                RichTextBoxStreamType.PlainText)        End If    End Sub

That’s it! To test the application, press F5. Type something into the RichTextBox control, right-click on a word and then select Spell Check. The result returned by the Web service will be displayed in dialog that offers suggestions for the misspelled word.

When you click the Save? button, a Save As dialog box will appear. Likewise, when you click the Open? button, the Open dialog box will appear. Try loading a file from disk and make some changes to it. Then, save the file. You should now have a functional simple text editor.

Deploying the Application
To deploy the application using ClickOnce, first build the MyEditor project (Build?>Build MyEditor) and then publish it (Build?>Publish MyEditor).

The Publish Wizard will appear (see Figure 5). You can publish (deploy) a Windows application through a disk, shared folder, FTP server, or Web server. Use the default HTTP method and click Next.

Figure 5. Preparing for Deployment: Specify the location to publish the application.
Figure 6. Installer: This installation page is created for you automatically. From here, users can download and install the application on their client.

Next, decide if the application will run online only, or both online and offline using the simple radio button on the next page of the dialog. For this example, select the first option for both online and offline (smart client) and click Next.

Click Next and then Finish to complete the publish process. Internet Explorer should now display a page similar to that shown in Figure 6. The URL shown is the URL that you will advertise to your users if you want them to install the application using ClickOnce. Users can merely click the Install button to install the application.

Because we have not verified the publisher of this application, users who attempt to download this sample will get a security warning (see Figure 7). Click Install on the dialog to continue.

To prevent your users from being getting the security prompt, a System Administrator can specify a ClickOnce deployment policy that defines a specific application publisher as a trusted source. On computers where this policy is deployed, permissions will automatically be granted and the user will not be prompted.

Figure 7. Security Warning: If you haven’t defined your application publisher as a trusted source, your end users will get the security prompt shown.

If the application installs successfully, it will launch automatically. You can also launch the application by going to Start?>Programs?>?>MyEditor.

Configuring ClickOnce Security Settings using Code Access Security
By default, an application deployed by ClickOnce runs under Full Trust. You can verify the trust level for your applications by going to the Security tab of the project Properties window (see Figure 8).

Figure 8. Full Trust: The default for ClickOnce applications is full trust.

Under Full Trust, the application has unrestricted access to resources such as files, registry, as well as network. This can be potentially dangerous as it opens the possibility of your code being exploited by malicious code. To prevent this, a good solution is to limit the permissions for your application to only what is necessary.

I’ll now modify the ClickOnce Security Permissions for the sample application to make it more secure. From the Security tab of the Properties window, check the option for “This is a partial trust application” and select the Local Intranet zone. Take note of the various permissions recommended. In particular, look out for the following permissions:

Table 1. Important Permission to Limit for Security

PermissionRequired for ?
FileDialogPermissionDisplaying the Open and Save As dialog windows
FileIOPermissionPerforming file I/O (read/write)
WebPermissionConnecting to the Internet. E.g. Accessing Web services

Author’s Note: The Internet Zone contains much more restrictive permissions than the Local Intranet Zone.

Notice that for the FileDialogPermission, under the “Included” column, there is a green check icon (see Figure 9). This indicates that this permission is implicitly granted and the application can invoke the Open and Save As dialog windows under this security setting. However, for both the FileIOPermission and the WebPermission permissions, there is no check icon and the permission defaults to the Zone Default (which is Exclude).

Figure 9. Permission: You’ll need to manually set the permissions in order to make your application more secure.
Figure 10. Take 2: Here’s the publish page again, this time with a new version number.

The next thing I want to do is publish this application and test the behavior as if a user tried to run it. To do that I’ll save the project and republish it (Build?>Publish MyEditor). You will be taken through the same steps again. The sample publish Web page will appear. Note that this time, the version number is (see Figure 10; you will see how to customize this later in this article). The version number has changed because I modified the permissions for this application. Thus, for any clients with the application already installed, an update to the application is now required.

You need not click on the Install button to re-install the application. By default, ClickOnce will check for updates every time an application is launched. So, launch the MyEditor application by going to Start?>Programs?> ?>MyEditor.

You will be alerted that there is a new version of the application available (see Figure 11). Click OK to upgrade the application.

Figure 11. Time to Upgrade: Upon launching the application a second time, ClickOnce prompts you to upgrade to the new version.
Figure 12. Not Allowed: This security exception displays when the user tries to Open or Save As, thanks to the stricter security permissions I created in the new version of the app.

When the application launches, type some text into the editor. Select a word, right-click on it and select Spell Check. You will notice that the Web service can be invoked without any problems. Now, click on the Open or Save As button and try to either load or save a file. The Open and Save As dialog windows will display, but thanks to the stricter security permission I created, it now prompts me with a security exception dialog (see Figure 12). This is because, by default, in the Intranet Zone, file I/O operations are not allowed. They must be explicitly included in the permission to run without a warning.

Back in Visual Studio 2005, if you set the FileIOPermission’s Settings to Include (see Figure 13) and republish the application, you will now be able to perform file I/O operations. Notice that the icon now changes to an exclamation mark inside a yellow triangle, signifying that this operation requires elevated permission to execute.

Figure 13. Allowance: File I/O has now been explicitly permitted.
Figure 14. Advanced: Click the Advanced button to see the advanced security settings for your application.

If you scroll down the list of permissions, you will notice that by default the WebPermission is “(Zone Default)” (permission is denied). However, if you deploy the application and try to use the spell-check Web service, you will notice that the spell check service still works. This is because in the Advanced Security Settings (click on the Advanced button; see Figure 14) of the application, permission is granted to the application to access its site of origin (the spell-check Web service is hosted on the same server as the deployment server).

Figure 15. Finely Tuned Security: You can fine-tuning the permission settings.

However, if the application tries to access a Web service hosted on another server, a security exception will be raised. To prevent this, just set the WebPermission permission to Include.

For some permissions, you can fine-tune the permissions assigned. For example, when you select the FileDialogPermission permission and click on Properties?, you can grant permission to the specific type of dialog boxes (see Figure 15).

Managing Updates
Earlier in this article I showed that when you republish a modified application, the client will automatically detect the upgrade when the application launches. This is set in the Publish tab in the project properties window via the Updates? button (see Figure 16).

Figure 16. Configuring updates: This dialog is where you manage ClickOnce’s behavior regarding updates.
Figure 17. Update Parameters: This is where you can tell ClickOnce how often the client should check in with the server to inquire about updates.

In the Application Updates dialog window (see Figure 17), you can configure when the application should check for updates?before or after the application starts. If you select the option to check for updates after the application has started, you can specify how often the check is performed?every x hour(s), x day(s) or x week(s). You also have the options to specify the minimum required version needed for the application. Finally, if the update location is different from the publish location, you can specify the update URL in this dialog.

By default, every time you publish the application the Revision number increments by one (see Figure 18). For Major, Minor, or Build number, you need to set them explicitly.

Clicking on the Application Files? button (see Figure 19) will display a list of files that will be deployed to the client’s computer. If you are deploying databases using ClickOnce, be sure to set the correct value for the Copy to Output Directory property for the database. For example, consider the case where a user installs revision 1 of your application and populates the database with data. When you make changes to the application and republish the application, by default the database on the client would be overwritten by the original database. This is because the default value of the Copy to Output Directory property of the database is set to “Copy always”, resulting in the deployment of the original database every time the application is republished. A much safer way would be to set it to “Copy if newer” so that the database on the client computer is only overwritten if it is older than the republished database.

Figure 18. Versioning: ClickOnce allows you to set the version numbers for your updates manually.
Figure 19. Files to Deploy: ClickOnce gives you a succinct list telling exactly what it intends to install.

The Prerequisites? button will show a list of prerequisites needed by your application (see Figure 20). By default, ClickOnce will automatically install the necessary prerequisites on the client’s machine. This is a useful feature, especially the ability for ClickOnce to install .NET Framework 2.0 on machines that do not have it already.

Figure 20. List of Prerequisites: You don’t have to spend time worrying whether client environments are primed with the proper prerequisites. ClickOnce does it for you.
Figure 21. Publish Options: You can decide what information should appear on the publish page.

The Options? button (see Figure 21) allows you to set the information displayed on the publish page, as well as some other options.

ClickOnce and Ready to Go
In this article, you have learned how to deploy a Windows application easily using the new ClickOnce deployment technology. Not only that, you have also seen how applications can be configured to update automatically. And in the last part of this article, I gave you a hearty look at how to configure the security settings of ClickOnce applications using Code Access Security.


About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist