Sunday, February 19, 2006

Breaking Change in No-Touch Deployment (2.0 Framework)

A peer of mine (Murph) brought this breaking change to my attention:

In prior version of the .NET Framework (v1.0 and v1.1), you had an option to distribute executables by hosting all of the files (EXE, config, and other necessary assemblies) on a web server, and then opening the EXE file by means of a URL. This is actually a precursor to ClickOnce, and was referred to as No-Touch Deployment (or HREF EXEs).

Well, it seems that by simply installing the 2.0 Framework onto a machine, you break the ability to continue using HREF EXEs.... when the server is in the Internet zone. The web server will log the GET request for the EXE, but you will not see any requests logged for the config file, and the user will get an OPEN or SAVE AS dialog, which in turn does absolutely nothing.

Credit to another member of my organization (Jones) for pointing out the following MSDN Product Feedback record, which discusses that this is by design:

http://lab.msdn.microsoft.com/ProductFeedback/viewfeedback.aspx?feedbackid=ef4ae9a2-1d40-4241-aca4-61d579929793

The workaround is to get the site out of the Internet zone. If it's a trusted server, then you can trust the site, and that will change the zone. Otherwise, you're left creating a new CAS policy. Either way, this does not sound like fun if the application was deployed to hundreds of client machines using HREF EXEs.