1. Security Considerations
Depending on how an application is deployed or what
system resources it needs to have access to, it will be considered under
the Full Trust or the Partial Trust rules of .NET Framework Code Access
Security. For example, an application that needs to access the Registry
or other system resources needs to be full-trusted, but this is not a
good idea if your application will be deployed via the Internet, which
should instead be partial-trusted. You set the trust level for your
ClickOnce deployments in the My Project, Security tab (see Figure 1).
The
ClickOnce manifest can be signed with Full Trust or Partial Trust. This
second option is divided into the Internet and intranet zones. You can
choose the most appropriate for you or even create a custom
configuration by editing the application manifest file (Edit Permissions
XML button).
Providing Certificates
To make ClickOnce deployments the most trustable
possible, you should use a certificate. If you take a look at Solution
Explorer after you publish the application, you notice that Visual
Studio has signed the assembly with a .pfx strong name. This is good in
local test scenarios, but the most convenient way (although not
mandatory) for providing security information to customers is adding an
Authenticode certificate, especially if your application is deployed via
the Internet. Visual Studio adds a test certificate, as demonstrated in
Figure 2, which shows the Signing tab in My Project.
The test certificate is intended for local testing
purposes only and should never be used in real-life deployment, in which
you will instead prefer an Authenticode certificate that you can
purchase from the specific authorities. After you add a valid
certificate, to sign the ClickOnce manifest, full and trusted
information will be shown to your customers when they download and
install the application.
2. Programmatically Accessing ClickOnce
ClickOnce is handled by
the .NET Framework, but more precisely it is part of the .NET Framework.
This means that it can be accessed via managed code. The .NET Framework
exposes the System.Deployment namespace that offers a managed way for interacting with ClickOnce; particularly the subnamespace System.Deployment.Application and the System.Deployment.Application.ApplicationDeployment
class are the most useful items because they offer objects that enable
developers to programmatically access ClickOnce information from an
application. The ApplicationDeployment class exposes a shared CurrentDeployment
property that enables access to interesting information on the current
application deployment. The following code demonstrates how you can use
the property to retrieve information on the current deployment:
Private Sub GetClickOnceInformation()
'Checks if the application has been deployed with ClickOnce
If ApplicationDeployment.IsNetworkDeployed = True Then
'Retrieves the data folder for this application
Dim dataFolder As String = ApplicationDeployment.
CurrentDeployment.DataDirectory
'Retrieves the path where updates will be
'downloaded from
Dim updatesPath As Uri = ApplicationDeployment.
CurrentDeployment.UpdateLocation
'Gets the version number for updates
Dim updateVersion = ApplicationDeployment.
CurrentDeployment.UpdatedVersion
'Determines the last time that updates where checked for
Dim lastUpdate As Date = ApplicationDeployment.
CurrentDeployment.TimeOfLastUpdateCheck
End If
End Sub
You
can also programmatically check and download updates; this can be
useful if you do not want the application to be automatically updated
but you still want to provide the user the ability of updating the
application manually. The following code demonstrates this:
Private Sub ApplicationUpdate()
Dim isUpdateAvailable As Boolean = _
ApplicationDeployment.CurrentDeployment.CheckForUpdate
If isUpdateAvailable = True Then
ApplicationDeployment.CurrentDeployment.Update()
End If
End Sub
Both methods offer an asynchronous counterpart (CheckForUpdateAsync and UpdateAsync) that can be used as well.
