Best practice with ClickOnce Deployment application settings - connection-string

I have a question regarding a WinForm application and ClickOnce Deployment.
Currently, I use the Visual Studio Installer for creating my installer. One of the things that I do is I have created a custom installer class that I use for entering in certain information (servername, database name, username, password, port number - which is needing for my connection string to the DB). This information gets written to my app config file. However, this makes updates a pain, so I am looking into ClickOnce Deployment instead.
For those of you that do something similar, what's the best way to go about handling this? Is it possible for me to include a config file with my ClickOnce Deployment project that will just copy the settings from that file during the installation? Or, what is the recommend best practice for handling this?
Thanks everyone.

My ClickOnce application also accesses a database. I created a separate program that asks for the database information and encrypts it into a .DAT file. The .DAT file is added to the main program. You must change a setting on the file to Content so that it is included in deployment. The main program opens the .DAT file and decrypts it for the information. This way no one that uses the program knows any of the database information.

Related

WPF install : creating and saving database location

I have a WPF C# app which I have created which uses an Access Database (accdb).
I am using Inno for an installer.
I currently have a static path the database in my app.config connectionString section, however what I need is to:
run INNO
ask if this is the Master
YES: install the DB file in C:/MyApp
NO: do not install the DB file, but messageBox asking for the database location (BROWSE and verify Name) - as they will have to look on network.
This browse location answer would then replace the C:/MyApp with //192.168.1.2/C/MyApp for example in the AppConfig connection string section...
Does that sound reasonable or possible (or even 'correct' to do?)
I'm new to C# and this is my first install/deploy I've done so I am very fresh on this.
The other option I was looking at would be to ask to install the database.
If they say NO then just carry on with install.
When the wpf starts up and cant locate the database then I can code in a browse feature in the app which then writes to the appconfig file.
Which is the more Correct way to proceed or is there another option which I am oblivious to which is how it should be done?
Aside from correctness, one advantage to picking the DB location in the app is if the location ever changes. If you do it in the installer, they would have to reinstall.
I would probably go with installing the app as "master" by default, but also provide an option for the user to change this. Then the installer is simplified and doesn't really have to contain any application logic.

Deploy a MDE - auto update & Trusted Source enquiry

My backend is on a cloud server and my frontend will be a MDE file. My company now uses Access2013 but when the database was being designed and coded, we were still on XP.
I am hoping to be able to email all the users a file which will enable auto-updating of the MDE. The examples I have seen require access to the backend. While I do not wish to reinvent the wheel, especially as my only programming knowledge is some VBA, I am hoping to create a file that will:
Check if the path C:\Program Files\myDatabaseFolder exists
If not then create it and copy the MDE from my department server (not the
cloud).
(Possibly also copy a self-certificate to get past the
Trusted Source warning)
If Path exists then check the date modified of the current version
against the version on the department server and retain the latest.
Then Open the Database
There are a few things I'm not too clear on - this file I would email to users and get them to put it on their desktop. When they wanted to access the database, they would just run this - but should this be a batch file or some other form of executable?
Also, when I created the MDE and tried to open it, I got a warning:- "not possible to determine that this content came from a trustworthy source". I do not want the users to see that on opening the file/database, so would a self-certificate be adequate or is there a way to create a trusted location? I am hoping for as little user interaction as possible - not all are able to follow simple instructions.
Any advice or comments welcomed.
I have set this up in a Citrix environment but it should work with normal desktops as well. It is described in detail here:
FE Deploy Method
The script, I used, happened to be VB Script and can be found here:
FE Deploy Script
I didn't have to charge a consulting fee for this.
PS: If you meet a request for signing up at EE, you should be able to just browse past it.
Link to script:
Download script

Machine config instead of app.config files for console apps

Is it possible to use connection strings in a Console app's app.config file in a single machine config file instead? So all console apps on the server can use the same file?
You could, but that would mean that any .NET application could gain access to your database.
I would advise against it, for several reaons:
A possible security hole.
Most developers would look for this information in app.config not machine.config.
You may end up sharing connection strings that only one or two applications need with all applications.
You can't limit what applications will be able to use the connection strings.
You will not be able to simply move the application to another machine, with the app.config file and have everything just work (you will also need to import the connection string information to the new machine.config).
You really should keep the configuration with the application that uses it.

SQLite vs.SQLCE Deployment

I am in the process of writing an offline-capable smartclient that will have syncing capability back to the main backend when a connection can be made. As a side note, I considered the Microsoft Sync Framework but since I'm really only going one-way I didn't feel it would buy me enough to justify it.
The question I have is related to SQLite vs. SQLCE and ClickOnce deployments. I've dealt with SQLite before (impressive little tool) and I've dealt with ClickOnce, but never together. If I setup an installer for my app via ClickOnce, how do I ensure during upgrades the local database doesn't get wiped out? Is it possible to upgrade the database (table structure, etc. if necessary) as part of the installer? Or is it better to use SQLCE for something like this? I definitely don't want to go the route of installing SQL Express or anything as the overhead would be far too high for what I am doing.
I can't speak about SQLLite, having never deployed it, but I do have some info about SQLCE.
First, you don't have to deploy it as a prerequisite. You can just include the dll's in your project. You can check this article which explains how. This gives you finite control over what version is being used, and you don't have to deal with installing it per se.
Second, I don't recommend that you deploy the database as a data file and let ClickOnce manage it. When you change that file, ClickOnce will publish it again and put it in the data directory. Then it will take the previous one and put it in the \pre subfolder, and if you have no code to handle that, your user will lose his data. So if you open the database file to look at the table structure, you might be unpleasantly surprised to get a phone call from your user about the data being gone.
If you need to retain the data between updates, I recommend you move the database to the [LocalApplicationData] folder the first time the application runs, and reference it there. Then if you need to do any updates to the structure, you can do them programmatically and control when they happen. This article explains how to do this and why.
The other advantage to putting the data in LocalApplicationData is that if the user has a problem and has to uninstall and reinstall the application, his data is retained.
Regardless of the embedded database you choose your database file (.sqlite or .sdf) will be a part of your project so you will be able to use "Build Action" and "Copy to Output Directory" properties of that file to control what happens with the file during the install/update.
If you choose "Do not copy" it will not copy the database file and if you choose "Copy if newer" it will only copy if you have a new version of your database file.
You will need to experiment a little but by using these two properties you can have full control of how and when your database file is deployed/updated...

What is the best deployment approach for WPF applications with local database?

I want to make a WPF application that exists in one directory including all files that it needs: .exe, .mdf database, .xml config files, etc.
the application should work no matter what directory it is in so that it supports this scenario:
person 1 executes the application in c:\temp\wpftool.exe
the application reads and writes to the c:\temp\wpftool.mdf database
person 1 zips up that directory and sends it to person 2 via e-mail
person 2 unzips it to c:\Users\jim\documents\checkout\wpftool.exe, the application reads and writes to the same database in that directory (c:\Users\jim\documents\checkout\wpftool.mdf)
person 2 zips the directory up again and sends it back to person 1 to continue making changes on it
What is the best way to create a WPF application that supports the above scenario?, considering:
there should be no hard-coded database connection strings
what is the best deployment method, click once? or just copy the .exe file out of the /release directory?
reasonable security so that users have to log in based on passwords in the database, and if a third person happens to intercept the e-mail, he could not easily look at the data in the database
Some points on the database side:
Assuming the "New user" already has SQL installed, they'd need to attach the (newly copied) database. Besides having sufficient access rights to attach a database, your application would need to configure the call to include the drive\folder containing the database files. If your .exe can identify it's "new home folder" on the fly, you should be able to work that out.
Define "reasonable security". Any database file I get, I can open, review, and ultimately figure out (depends on how obscure the contents are). Can you obfuscate your data, such as using table "A" instead of "Customer"? Would you really want to? The best possible security involves data encryption, and managing that--and in particular, the encryption keys--can be a pretty advanced subject, depending on just how "secure" you want your data to be.
For the database, I would look into using the "user instance" feature in SQL Express. Combined with the |DataDirectory| substitution string support it makes it very easy for your application to get hooked up.
In all honesty I have not deployed a ClickOnce app leveraging this approach myself yet, but I just thought I would bring it to your attention because it's what I would look into myself if I was building something like you described.

Resources