Building, Deploying and Versioning Assemblies

1
Building, Deploying and Versioning Assemblies

• Ted Pattison
• info http//SubliminalSystems.com
• email tedp_at_SubliminalSystems.com

2
Who am I?

• Ted Pattison
• Software developer, Educator and Published Author
• More info at http//SubliminalSystems.com
• Publications
• "Basic Instincts" column in MSDN Magazine
• Programming Distributed Applications With COM and
  VB6Microsoft Press - second edition published in
  2000
• Building Applications and Components With Visual
  Basic .NETAddison Wesley Professional Series -
  available October 2003

3
Tonight's Agenda

• Historic Problems With Deployment
• Configuring Applications
• Building Assemblies
• Deploying Assemblies
• Versioning Assemblies

4
What's gone wrong in the past?

• Storing configuration data in the Windows
  Registry is bad
• DLLs are vulnerable to file name conflicts
• DLL tampering and replacement creates security
  hole
• Installing new version of DLL effectively
  replaces any earlier version
• Newer DLL versions break older applications
• DLLs said to be backward compatible dont
  always work as advertised
• The most predictable deployment scenario is to
  run an application that loads the exact version
  of a DLL that was present during the
  applications original testing and debugging.

5
Configuring applications
lt!-- MyApp.exe.config --gt ltconfigurationgt
ltstartupgt lt!-- application start-up settings
go here --gt lt/startupgt ltappSettingsgt
lt!-- custom appSettings go here --gt
lt/appSettingsgt ltruntimegt lt!-- custom
assembly settings go here --gt
lt/runtimegt lt/configurationgt
6
The machine.config File
ltconfigurationgt ltconfigSectionsgt lt!--
machine-wide configuration settings --gt
lt/configSectionsgt ltappSettingsgt lt!--
machine-wide application settings --gt
lt/appSettingsgt ltsystem.diagnosticsgt lt!--
machine-wide diagnostic settings --gt
lt/system.diagnosticsgt ltsystem.netgt lt!--
machine-wide client-side HTTP settings --gt
lt/system.netgt ltsystem.webgt lt!--
machine-wide ASP.NET settings --gt
lt/system.webgt ltsystem.runtime.remotinggt
lt!-- machine-wide .NET Remoting settings --gt
lt/system.runtime.remotinggt ltsystem.windows.form
s jitDebugging"false"gt lt!-- machine-wide
settings for Windows Forms framework --gt
lt/system.windows.formsgt lt/configurationgt
7
Overview Of Building Assemblies

• Assembly Names
• Compilation Mechanics
• Strong Names

8
What's in a Name?

• Each assembly has a 4-part name
• Friendly name
• Version number
• Culture setting
• Public key (or public key token)
• Assembly names are tracked using format strings

MyLibrary, Version1.0.24.0, Cultureneutral,
PublicKeyToken29989D7A39ACF230
BobsLibrary, Version2.0.0.0, Cultureneutral,
PublicKeyTokennull
9
Generating A Format String
MyLibrary, Version1.0.24.0, Cultureneutral,
PublicKeyToken29989D7A39ACF230
using System using System.Reflection class
MyApp static void Main() string
AssemblyPath _at_"C\Apps\bin\MyLibrary.dll"
Assembly asm Assembly.LoadFrom(AssemblyPath)
System.Console.WriteLine(asm.FullName)
Imports System.Reflection Class MyApp Shared
Sub Main() Dim AssemblyPath As String
"C\Apps\bin\MyLibrary.dll" Dim asm As
Assembly Assembly.LoadFrom(AssemblyPath)
System.Console.WriteLine(asm.FullName) End
Sub End Class
10
Building An Assembly
' AssemblyInfo.cs using System using
System.Reflection // important attributes that
affect assembly name assembly
AssemblyVersion("1.0.24.0") assembly
AssemblyKeyFile(_at_"..\..\AcmeCorp.snk") // less
important attributes that do not affect assembly
name assembly AssemblyCompany("AcmeCorp,
Inc.") assembly AssemblyProduct("Widget-Meister
v1.2") assembly AssemblyDescription("Widget-Me
ister Data Access Code")
' AssemblyInfo.vb Imports System Imports
System.Reflection ' important attributes that
affect assembly name ltAssembly
AssemblyVersion("1.0.24.0")gt ltAssembly
AssemblyKeyFile("..\..\AcmeCorp.snk")gt '
less important attributes that do not affect
assembly name ltAssembly AssemblyCompany("AcmeCorp
, Inc.")gt ltAssembly AssemblyProduct("Widget-Meis
ter v1.2")gt ltAssembly AssemblyDescription("Widge
t-Meister Data Access Code")gt
11
Strong Names
' AssemblyInfo.cs using System.Reflection as
sembly AssemblyKeyFile(_at_"..\..\AcmeCorp.snk")
12
Assembly Signing and Tampering Protection

• Assembly signing involves generating digital
  signature
• Digital signature built from private key and
  assembly file hash
• CLR authenticates digital signature with strong
  name verification
• Strong name verification detects traces or
  tampering

13
Assembly Deployment Options

• Deploy it as a private assembly
• Install it into the Global Assembly Cache (GAC)
• Deploy it by configuring a ltcodeBasegt element

14
Private assemblies

• Private assembly deployed along side host
  application
• Allow for XCOPY deployment
• Must be deployed inside AppBase directory (or
  subdirectory)
• Private assemblies may requires ltprivatePathgt
  element

lt?xml version"1.0" encoding"utf-8" ?gt lt!--
MyApp.exe.config --gt ltconfigurationgt
ltruntimegt ltassemblyBinding
xmlns"urnschemas-microsoft-comasm.v1"gt
ltprobing privatePath"MyAssemblies"/gt
lt/assemblyBindinggt lt/runtimegt lt/configurationgt
15
The .NET Configuration Tool
16
The Global Assembly Cache

• GAC serves as machine-wide assembly repository
• Only allows for strongly-named assemblies
• Allows for side-by-side deployment
• GAC Administrative Tools
• GACUTIL.EXE
• Assembly Cache Viewer

17
Configuring an assembly with a codeBase

• Assembly can be deployed anywhere using codeBase
• Primarily used with strongly-named assemblies
• codeBase element can point to file or HTTP
  address
• remote assemblies copied to CLR download cache
• downloaded assemblies have notable security
  restrictions

ltconfigurationgt ltruntimegt ltassemblyBinding
xmlns"urnschemas-microsoft-comasm.v1"gt
ltdependentAssemblygt ltassemblyIdentity
name"MyLibrary"
publicKeyToken"1234567890abcdef" /gt
ltcodeBase version"1.0.24.0"
href"http//AcmeCorp.com/downloads/MyLibrary.dll"
/gt lt/dependentAssemblygt
lt/assemblyBindinggt lt/runtimegt lt/configurationgt
18
The assembly loader

• Assembly resolver looks for assembly in this
  order
• in the GAC
• at location specified by codeBase
• in AppBase directory
• in subdirectories as specified in private probe
  path
• What can you do if things are going wrong?
• use the Assembly Binding Log Viewer (Fuslogvw.exe)

19
Native Image Cache

• Assemblies can be preJITed
• done to avoid JIT compilation at run time
• can be done with command-line utility NGEN.EXE

NGEN.EXE MyLibrary.dll
20
Versioning policy

• the CLR enforces a set of versioning policy rules
• used to ensure client gets the appropriate
  version
• assembly load fails if versioning policy rules
  are not met
• versioning policy is not enforced for all
  assemblies
• assemblies without strong names are not affected
  by policy
• assemblies with version number 0.0.0.0 not
  affected by policy

21
Version numbers

• Version number has four parts (e.g. 1.0.24.0)
• Major number
• Minor number
• Build number
• Revision number

' AssemblyInfo.cs using System.Reflection as
sembly AssemblyVersion("1.0.24.0")
' AssemblyInfo.vb Imports System.Reflection ltA
ssembly AssemblyVersion("1.0.24.0")gt
22
Versioning policy

• Assembly version number tracked at compile time
• Client-side manifest contains compile-time
  version number
• CLR runs checks when attempting to load an
  assembly
• CLR inspects version number of assembly loaded at
  run time and matches it the compile-time version
  number
• by default, these numbers must match or the load
  fails
• loading different version number requires custom
  configuration

23
Redirecting a client to a different version

• You can redirect client to use a different
  version
• done using binding redirect element

ltconfigurationgt ltruntimegt ltassemblyBinding
xmlns"urnschemas-microsoft-comasm.v1"gt
ltdependentAssemblygt ltassemblyIdentity
name"MyLibrary"
publicKeyToken"1234567890abcdef" /gt
ltbindingRedirect oldVersion"1.0.24.0"
newVersion"1.0.98.0" /gt
lt/dependentAssemblygt lt/assemblyBindinggt
lt/runtimegt lt/configurationgt
24
Redirection details

• Assembly redirection can be configured at three
  levels
• application-specific redirection
• assembly-specific redirection
• machine-wide redirection
• CLR gathers redirection information in three
  steps
• application configuration file MyApp.exe.config
• publisher policy file policy.1.0.MyLibrary.dll
• machine-wide configuration file machine.config
• Each step sees redirection output of previous
  step as input

25
Publisher policy files

• Publisher policy files created by assembly
  publisher
• publisher policy file is itself a strongly-named
  assembly
• must be named using convention policy.1.0.MyLibrar
  y.dll
• one publisher policy file required for each
  major/minor number
• publisher policy file created using XML file and
  AL.EXE utility
• publisher policy can be disabled by going into
  safe mode

ltconfigurationgt ltruntimegt ltassemblyBinding
xmlns"urnschemas-microsoft-comasm.v1"gt
ltdependentAssemblygt ltassemblyIdentity
name"MyLibrary"
publicKeyToken"1234567890abcdef" /gt
ltpublisherPolicy apply"no"/gt
lt/dependentAssemblygt lt/assemblyBindinggt
lt/runtimegt lt/configurationgt
safe mode - CLR ignores any publisher policy file
26
Summary

• Assemblies are your product
• Know how to build them
• Know how to deploy them
• Know how to safely and effectively revision them
  over time
• Download the slides, sample code and sample
  chapter
• http//SubliminalSystems.com/Downloads.aspx
• Contact Info
• tedp_at_SubliminalSystems.com