I know there are several ways to deploy a .net windows client application:
There's Windows Installer, Click Once, a simple download & run, and loading the windows forms / WCF application in Internet Explorer (no to confuse the latter with WCF/E - Silverlight RIA applications)
So... thinking about the true windows client applications --just to make it really clear: those consisting of an .exe in your filesystem,-- can loading some or all of its dependencies from the internet be a good idea?
<assemblyIdentity
name="MyAssembly"
publicKeyToken="89a956accc8f98e98a9e954a"
culture="en-US" />
<codeBase
version="2.0.0.0"
href="http://www.contoso.com/MyAssembly.dll" /> <!-- look here -->
There are obviously some serious drawbacks: Have to be allways connected, CAS configuration in the client (the internet dependencies would be in Internet_Zone code group), not to mention the loading time.
But I can think of several advantages, too.
What are the issues? Has someone used this in a real project?
-
I could see doing what you suggest within a corporate intranet environment, where the custom application can talk to a custom server and each understands the other well. Granted there would be possible connectivity and synchronization issues, but those could get worked on over time to some extent. I have done this in one case where the application was doing basic CRUD tasks to a back-end set of servers that ran the commands against the database. Granted that it wasn't given a lot of importance and was someone's pet project for a while, it did do some things OK in the end.
In an internet environment, I think the security concerns would be my biggest worry about doing what you suggest as another factor is that if that assembly gets upgraded it may crash the application. For an internet situation, I think something like Click Once would be my suggestion.
-
If the assemblies you're loading are digitally signed from a trusted provider, it shouldn't be so bad from a security standpoint. IF you really trust them... For example, if you go downloading an assembly from some third-rate third party vendor who might not keep good tabs on their secret key, then yes, I would be wary of doing this.
0 comments:
Post a Comment