Application Security Testing: An Integral Part of DevOps
Whenever you hear about deployment of your application or component, you get scared of the traditional scripted setup programs. The main goal of this article is to help .NET programmers get used to this easy-to-setup program that allows you to deploy your application even if you don't know how to write the setup script. Microsoft Dot NET Setup Deployment will make the setup for you with a few simple clicks. It is also provided with self-taught, easy driven wizards. Many programmers who are using Microsoft Visual Studio Dot NET are not fully aware of this Windows installer that comes with Visual Studio; they are going for other setup programs that need hard scripting knowledge. Using Windows Installer is very easy.
About Microsoft Windows Installer
Windows Installer enables you to deploy your applications and components in an efficient manner. The installer provides new capabilities to advertise features without installing them, to install products on demand, and to add user customizations. Windows Installer is an installation and configuration service that reduces the total cost of ownership. The installer enables customers to better address corporate deployment and provide a standard format for component management.
Features of Windows Installer
- It is based on a data-driven model that provides all installation data and instructions in a single package, in contrast to traditional scripted setup programs.
- It also supports self-repair—the ability for an application to automatically reinstall.
- It provides the ability to roll back an installation.
The deployment tools in Visual Studio .NET build on the foundation of Windows Installer, providing you with rich capabilities for rapidly deploying and maintaining applications built with Visual Studio .NET.
Creating your first deployment project
Visual Studio provides templates for four types of deployment projects:
- Setup Project: Builds an installer for a Windows-based application.
- Merge Module Project (.msm): Packs components that might be shared by multiple applications.
- Web Setup Project: Builds an installer for a web application.
- Cab Project (.cab): Creates a cabinet file for downloading to a legacy Web Browser.
In addition, a Setup Wizard is provided to help step you through the process of creating deployment projects.
- For a Setup project, the installer will install files into a Program Files directory on a target computer.
- For a Web Setup project, the installer will install files into a Virtual Root directory on a web server.
Note: If you have created a standard deployment project and later decide to deploy it to a web, you will need to create a new project.
Five Easy Steps
Open the Visual Studio IDE and select File->New->Setup and Deployment Projects. Select the Setup Wizard. Give the file name and location where to store that project, as shown in the following figure.
The Welcome to Setup Project Wizard dialog box will appear. It is a simple four-step wizard. Click the Next Button. The second step will ask the type of the setup. Choose the appropriate reply; here I have chosen setup for Windows application. Click Next.
The third step of this wizard will ask you to add your developed application or component and other files that you need to place in the clients machine; for example, say, documentation files.
Now, it will display what you see in the following figure.
Step 4As you can see in the preceding figure, the application folder is the folder where your application and supported files will be installed. User's Desktop and Programs Menu are the client's desktop and programs menus, respectively. If you place the short files of your main application and Help files on the user's desktop and programs menu, during the installation the application supported files and the shortcuts will be placed automatically as you directed by placing the intended files in Application, User Desktop directories, and programs menu.
You can use the following editors during the deployment of your application.
You can find these editiors in the solution explorer, each as a button as shown below.
File system editor
Allows you to add project outputs, files, and other items to a deployment project and specify where they will be installed on the target computer.
Registry settings management editor
Allows you to specify Registry keys and values to be added to the Registry of the target computer.
File types management editor
Establishes file associations on the target computer.
Custom actions management editor
Allows you to specify additional actions to be performed on the target computer at the end of an installation.
Launch condition management editor
Allows you to specify conditions that must be met to successfully run an installation.
User interface management editor
As shown in the figure above, the User InterfaceManagement Editor is used to specify and set properties for predefined dialog boxes that are displayed duging the installation on the target system.
You can add the dialog boxes, such as end user license agreement dialog and serial key dialog, as shown.
The Customer Information Dialog is important to protect your software. For that first set the Show SerialNumber property to true (it is false by default). There will be a template for the serial key called SerialNumberTemplate:-Valid editable characters for the SerialNumberTemplate property are:
|#||Requires a digit that will not be included in the validation algorithm.|
|%||Requires a digit that will be included in the validation algorithm.|
|?||Requires an alphanumeric character that will not be included in the validation algorithm.|
|^||Requires an uppercase or lowercase character. Numeric digits are not valid here.|
|<||Any characters to the left of this character will not be visible in the dialog box.|
|>||Any characters to the right of this character will not be visible in the dialog box. Required as a terminator if the < character is used.|
Note that any other character is treated as a literal constant. The Default template is <###-%%%%%%%>, which creates two text boxes separated by a dash surrounded by spaces. The first has #, which means that the user must enter three numbers but those numbers will not participate in the validation algorithm. The second box had seven digits; % means that it will be involved in the validation. You apply modulo 7 to the sum of these required digits; if it equates to 0, the algorithm returns true and the user can proceed to next dialog box. Example: <###-%%%%%%%>, 124 - 7134501 is one of the keys by which the user can proceed to next dialog box.
The first three digits—1, 2, and 4—can be any digits because they will not participate in validation. The next seven digits, 7134501, sum to 21; if you apply 21%7, you will get 0, so this is okay. Likewise, you have to proceed. You can add the dialog boxes, such as the end user license agreement dialog and serial key dialog as shown.
When you build the application, you will find the install program for your software or component in the projects debug directory.
I hope that many of the .NET developers who use traditional setup script programs will find this an easy and simple way to deploy your software. More than that, if you got the licensed Visual Studio .NET with you, there is no need to purchase setup applications from other companies because Visual Studio .NET itself offers it to you. I think that I had given enough features of Windows Installer that comes with Visual Studio .NET. Now it's up to you.