Pitfalls/gotchas of ClickOnce/smart-client deployment in .NET [closed]

Asked 29/9, 2008 at 17:16 Answered 6/8, 2010 at 20:11

Solved .net winforms clickonce smartclient

I have several .NET Windows Forms applications that I'm preparing to convert into a ClickOnce/smart-client deployment scenario. I've read the isn't-this-great tutorials, but are there pitfalls or "gotchas" that I should be aware of?

There are several minor applications used off and on, but the main application is in C#, runs 24/7, is quite large, but only changes every few weeks. It also writes to a log file locallly and talks to local hardware devices.

Boneyard answered 29/9, 2008 at 17:16 Comment(2)

closed as 'not constructive' - yet the answers to this question were extremely helpful to me...in deciding not to use ClickOnce deployment ;) – Boneyard 4/12, 2013 at 19:27

I read many people complaining about clickonce, things have changed since then, dont let these answer intimidate you, it is easy to set up and has good advantages – Bremble 25/9, 2014 at 20:1

Here are a few that I am aware of.

~~Can't put an icon on the desktop.~~ You can now.
I can't install for all users.
I need to jump through hoops to move the deployment to a different server. It is not a problem if you are developing internally, and the users can see the server that you are publishing to or if you are deploying to the public web, but it is not great if you need to roll out to multiple customer sites independently.
Since .NET 3.5 SP1 you do not need to sign the deployment manifest anymore which makes it much easier to move deployments to new servers.
I can't install assemblies in the GAC. You can get around this by creating regular install packages that are pre-requisites of the ClickOnce application.

Fibrovascular answered 29/9, 2008 at 17:21 Comment(6)

Can't change expired signing key (without reinstall) unless you're on .NET 3.5 SP1. – Urban 13/1, 2010 at 19:56

Actually, you CAN move it to a different server just by publishing it with a new update URL (see robindotnet.wordpress.com/2010/01/17/…). And you can install assemblies in the GAC by putting them into a setup & deployment package and deploying them as a prerequisite. – Recurrent 7/8, 2010 at 6:59

@Recurrent It is not exactly easy to publish from our build environment directly to multiple customer's internal server. Anyway, .net3.5 sp1 fixed all my problems by removing the signing requirement. – Fibrovascular 7/8, 2010 at 14:30

@Recurrent Does a user need admin privileges to install the pre-requisites? – Fibrovascular 7/8, 2010 at 14:31

Yes, a user DOES need admin privileges to install the prerequisites – Recurrent 8/8, 2010 at 16:35

Removing the signing requirement removes one of the primary security checks. If you know what the installation URL is going to be, you could publish the application to a folder, but set the installation URL and sign the deployment. Then zip it up and send it to the customer. – Recurrent 8/8, 2010 at 16:37

When updates are deployed, the built-in dialog will make it appear as if the entire application is being re-downloaded. In fact, only the changed DLLs are being downloaded, and the progress bar displayed is misleading/wrong. Don't waste time trying to figure out why all the assemblies are being re-deployed only to discover that they actually aren't. Not that I did that or anything.
When the certificate that you used to sign the original deployment manifest expires and you are issued a new one, you're in for a world of hurt (clients will all need to uninstall and reinstall). Details are at the horse's mouth.

Ventriloquy answered 16/11, 2008 at 4:39 Comment(0)

Most issues have been addressed but several people mentioned not being able to create a desktop shortcut. In fact, you can create a desktop shortcut with Visual Studio 2008 SP1.

Also, if you aren't using the latest version of Visual Studio, you can always write code to create a shortcut to the installed start menu shortcut.

Daugavpils answered 30/9, 2008 at 14:11 Comment(1)

Though, sadly, it won't be uninstalled cleanly. – Urban 13/1, 2010 at 19:57

We had an app we were going to deploy as a ClickOnce app. We needed the user to be able to modify some settings in the installation (such as the deployment path - IT wants to serve the files from their network share, not known at build time). When you change any of the files in your deployment, you need to re-calculate all of the hashes, and re-sign everything. So, if this solution is internal, you may not have problems passing around a signing cert, but if this is for clients, you will need to architect a fancy solution to bypass this issue.

I have heard rumblings from somewhere within the bowels of the internets that a future version of ClickOnce will remove some of this headache.

Schematism answered 29/9, 2008 at 17:23 Comment(1)

I hope the rumblings you hear are correct...this is a huge issue for us! – Cammie 28/3, 2009 at 16:44

One of the pitfalls with ClickOnce is the fact that you can't install to the GAC. This is a problem if you want to install multiple applications that share DLL files. Each application will require a local copy of the DLL files. Also, multiple user installs are out. See the list comparing Window Installer to ClickOnce.

Postnatal answered 29/9, 2008 at 17:22 Comment(1)

If the dll's are strongly named, ClickOnce caches them. So if you have multiple applications that use the same dll (we have several, including log4net), ClickOnce will keep just one copy of it in the cache. – Recurrent 7/8, 2010 at 7:0

You can't silently uninstall ClickOnce deployed applications. Also I think it's impossible to add parameters to the startup shortcut.

Lawtun answered 28/11, 2008 at 8:25 Comment(0)

There are a whole lot of things you can't do with ClickOnce applications, like install a shortcut to the user's desktop or have any sayso in where the application gets installed. For some people these are dealbreakers.

Also it's been a while since I used it, but there's a special way you can use to figure out and display the ClickOnce version/build number, which is separate from the application's version/build number. You have to do a try/catch and if the ClickOnce version/build number throws an exception then the application is not running as a ClickOnce-deployed application (that is, it's running as a regularly compiled application or from Visual Studio).

For an application which is simple (that is, not Microsoft Word, but rather a quick-and-dirty application to do something) and needs a lot of regular deployment, ClickOnce is great. But you rather quickly hit the wall of "oh, this can't be done by ClickOnce, please choose MSI or something else).

Eastwards answered 29/9, 2008 at 17:23 Comment(1)

Rather than use Try/Catch while attempting to get the deployed version number, wrap it in an "If System.Deployment.Application.ApplicationDeployment.IsNetworkDeployed Then . . ." Much cleaner. If it's network deployed, you can get the version. If not, you can't. Easy-peasy :) – Wick 9/1, 2009 at 20:11

You'll have less system access than your normal .NET application.

That's because you'll get a lower trust level. More about that in .NET Framework Developer's Guide: ClickOnce Deployment and Security.

My biggest problem with that was that it's not possible to encrypt sections of your configuration file with the machine key, because you don't have the access to that key (when you think about it it makes sense to protect that key).

Mercuric answered 29/9, 2008 at 17:23 Comment(2)

Hmm, not sure ... you can request a higher trust level, the user may just get a warning dialog. You can encrypt the sections of the config file in code on the first run, but not during deployment, because that's the deployment machine's key, not the client's, which the client can't read. – Ventriloquy 16/11, 2008 at 4:36

Correct, but to decrypt it you'd always have to have a higher trust level.... – Mercuric 16/11, 2008 at 18:35

In case someone refers to this in a search, we have found many customers concerned with the lack of security 'distributing' their application. The application must be available in a public location - without any authentication - for it to be able to check for updates. The only exception is if you have Windows NT authentication. I think Securing ClickOnce Applications explains what I mean.

Desktop icons are fairly trivial to do via code, and as mentioned, with 3.5 SP1, baked in - so that is no longer an issue.

There is still an unfixed bug with the xmlSerializer - it doesn't get deployed properly in some cases. An easy workaround is to manually add this file to the deployment. PITA, but it is easy enough... It can be shocking when your deployment suddenly fails though...

Urbai answered 16/11, 2008 at 4:23 Comment(0)

I didn't know that SP1 allowed you to create the desktop icon.
Here's how we have been doing it (now known as "the hard way"):

try
{
    string company = string.Empty;
    string product = string.Empty;
    if (Attribute.IsDefined(asm, typeof(AssemblyCompanyAttribute)))
    {
        AssemblyCompanyAttribute asCompany = (AssemblyCompanyAttribute)Attribute.GetCustomAttribute(asm, typeof(AssemblyCompanyAttribute));
        company = asCompany.Company;
    }
    if (Attribute.IsDefined(asm, typeof(AssemblyProductAttribute)))
    {
        AssemblyProductAttribute asProduct = (AssemblyProductAttribute)Attribute.GetCustomAttribute(asm, typeof(AssemblyProductAttribute));
        product = asProduct.Product;
    }
    if (!string.IsNullOrEmpty(company) && !string.IsNullOrEmpty(product))
    {
        string desktopPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Desktop),
            product + ".appref-ms");
        string shortcutPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Programs),
            Path.Combine(company, product + ".appref-ms"));
        File.Copy(shortcutPath, desktopPath, true);
    }
}
catch 
{
    // Shortcut could not be created
}

Howarth answered 12/2, 2009 at 16:8 Comment(1)

SP1 of what? .NET 3.5? – Pithecanthropus 5/7, 2015 at 20:40

You can't install if the client is behind a proxy that requires authentication.

Instanter answered 6/8, 2010 at 20:11 Comment(2)

Yes you can. There's a workaround. Check out the end of this thread: social.msdn.microsoft.com/Forums/en/winformssetup/thread/… – Recurrent 7/8, 2010 at 7:1

Hi Robin, if you're refering to your own post there - that's limited to upgrading only is it not? My comment was regarding the initial install, which you said yourself you then have to do by USB/CD, etc. with this workaround. I actually stumbled across that post the other day while working on this issue, and was temporarily excited as a solution. But for an internet deployed app like ours (qiqqa.com) it doesn't really help unfortunately. – Instanter 9/8, 2010 at 9:30

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags