Programming Development Process Overview

A process is a continuous series of activities that convey you to an end.Main activities in a software development process are

1. analysis— which focuses on understanding the problem and defining the requirements for the software portions of a system

2. design— which focuses on solving the problem in software

3. implementation— which focuses on translating the design into executable code

4. testing— which focuses on ensuring that inputs produce the desired results as specified by the requirements

Maintenance begins after deployment with a focus on bug repairs and enhancements. Maintenance usually involves further analysis, design, implementation, and testing. Among the testing activities during maintenance is regression testing, which ensures that successful test results after changes are the same as those before changes.

Under an incremental development process, a system is developed as a sequence of increments. An increment is a deliverable, including models, documentation, and code, which provides some of the functionality required for the system.

The products developed in one increment feed into the development of the next increment. Successive increments add (and sometimes change) system functionality. The final increment delivers a deployable system that meets all requirements. Increments can be developed in sequence or one or more can be developed concurrently.

To build each increment, developers analyze, design, code, and test as needed. They typically have to perform these activities repeatedly in building an increment because they find errors in previous work. As development progresses, they gain new insights into the problem and the solution. We prefer to acknowledge this iterative aspect of incremental development and make it part of the process.

In planning each increment, we include explicit steps for repeating various activities. Among these are steps for systematically reviewing current models, identifying errors based on experiences in later tasks, and modifying the models (or code) that have already been produced—not just those that will be produced in the future.

Object-oriented development is particularly well suited to evolutionary development because object-oriented analysis, design, and implementation entail the successive refinement of a single model. This is the case both within an increment and among increments.

In object-oriented analysis, we understand a problem by modeling it in terms of objects and classes of objects, their relationships and responsibilities. In object-oriented design, we solve the problem by manipulating those same objects and relationships identified in analysis and introducing solution-specific classes, objects, relationships, and responsibilities.

Implementation is straightforward from a well-specified set of design products. Thus, the entire development process involves a refinement of a model. Design products are primarily an extension of analysis products and implementation products are coded expressions of design products. The products of one increment are extended and refined in the next increment.

The incremental development of products requires the incremental testing of those products. Products can change from increment to increment in both planned and unplanned ways. Test suites must change in concert. Regression tests must be run between increments and within iterations to ensure that changes do not adversely affect correctly working code.

A process in which work on one increment overlaps work on another adds to the complexity of development and testing. Coordination is required to sequence the development of interacting increments so that objects that are associated with, but assigned to different increments, can be tested in a timely fashion.

Software testing other interesting topics:

Programming c language introduction
CLASSES AND OBJECTS IN JAVA

JAVA PROGRAMMING ENVIRONMENT

JAVA EXECUTION

JAVA CONSTRUCTORS

FIELD DECLARATIONS IN CLASS OF JAVA

EXCEPTIONS IN JAVA

EXCEPTIONS IN JAVA PART TWO

VARIABLE PARAMETERS IN JAVA

COMMENTS TYPES AND VARIABLES

JAVA JDBC AND ODBC

INTERFACE IN JAVA

OPERATORS IN JAVA

Walkthroughs in software testing

The code walkthrough, like the inspection, is a set of procedures and error-detection techniques for group code reading. It shares much in common with the inspection process, but the procedures are slightly different, and a different error-detection technique is employed.

The walkthrough is an uninterrupted meeting of one to two hours in duration. The walkthrough team consists of three to five people to play the role of moderator, secretary (a person who records all errors found), tester and programmer. It is suggested to have other participants like:

1. A highly experienced programmer,
2. A programming-language expert,
3. A new programmer (to give a fresh, unbiased outlook)
4. The person who will eventually maintain the program,
5. Someone from different project and
6. Someone from the same programming team as the programmer.

The initial procedure is identical to that of the inspection process: the participants are given the materials several days in advance to allow them to study the program. However, the procedure in the meeting is different. Rather than simply reading the program or using error checklists, the participants “play computer”.

The person designated as the tester comes to the meeting armed with a small set of paper test cases-representative sets of inputs (and expected outputs) for the program or module. During the meeting, each test case is mentally executed. That is, the test data are walked through the logic of the program. The state of the program (i.e. the values of the variables) is monitored on paper or a blackboard.

The test case must be simple and few in number, because people execute programs at a rate that is very slow compared to machines. In most walkthroughs, more errors are found during the process of questioning the programmer than are found directly by the test cases themselves.

RELATED POST

INTEGRATION TESTING PART ONE

INTEGRATION TESTING PART TWO

INTEGRATION TESTING PART THREE

INTEGRATION TESTING PART FOUR

INTEGRATION TESTING PART FIVE

INTEGRATION TEST STANDARDS

INTEGRATION TEST STANDARDS PART TWO

QUALITY TESTING

QUALITY ASSURANCE

QUALITY ASSURANCE PART TWO

QUALITY ASSURANCE SQA

QUALITY OF DESIGN OF TEST CASE

QUALITY MANAGEMENT IN SOFTWARE TESTING

TOOLS FOR QUALITY MANAGEMENT

STATICAL QUALITY ASSURANCE

ISO APPROACH TO QUALITY TESTING

Project Mangement and software testing

Project Management is nothing but Organizing, planning and scheduling software projects. It Concerned with activities involved in ensuring that software is delivered on time and on schedule and in accordance with the requirements of the organizations developing and procuring the software.

Project management is needed because software development is always subject to budget and schedule constraints that are set by the organization developing the software.

Project management activities includes Proposal writing, Project planning and scheduling, Project costing, Project monitoring and reviews, Personnel selection and evaluation, Report writing and presentations.

Configuration management :

Configuration management covers the processes used to control, coordinate, and track: code, requirements, documentation, problems, change requests, designs, tools/compilers/libraries/patches, changes made to them, and who makes the changes. What if the software is so buggy it can't really be tested at all?

The best bet in this situation is for the testers to go through the process of reporting whatever bugs or blocking-type problems initially show up, with the focus being on critical bugs.

Since this type of problem can severely affect schedules, and indicates deeper problems in the software development process (such as insufficient unit testing or insufficient integration testing, poor design, improper build or release procedures, etc.) managers should be notified, and provided with some documentation as evidence of the problem.

Software Configuration management is an umbrella activity that is applied throughout the software process. SCM identifies controls, audits and reports modifications that invariably occur while software is being developed and after it has been released to a customer.

All information produced as part of software engineering becomes of software configuration. The configuration is organized in a manner that enables orderly control of change.

The following is a sample list of Software Configuration Items:

1. Management plans (Project Plan, Test Plan, etc.)

Specifications (Requirements, Design, Test Case, etc.)

Customer Documentation (Implementation Manuals, User Manuals, Operations manuals, On-line help Files)

Source Code (PL/1 Fortran, COBOL, Visual Basic, Visual C, etc.)

Executable Code (Machine readable object code, exe's, etc.)

Libraries (Runtime Libraries, Procedures, %include Files, API's, DLL's, etc.)

Databases (Data being Processed, Data a program requires, test data, Regression test data, etc.)

Production Documentation

related post

SOFTWARE QUALITY ASSURANCE AND CONTROL

SOFTWARE QUALITY AND COST ASPECT

STABLE PROCESS OF SOFTWARE TESTING

STABLE PROCESS OF SOFTWARE TESTING PART TWO

DEFECTS IN SOFTWARE TESTING

REDUCTION OF DEFECTS IN SOFTWARE TESTING

SOFTWARE TESTING AND EFFECTING FACTORS

SCOPE OF SOFTWARE TESTING

TESTING LIFE CYCLE PART ONE

TESTING LIFE CYCLE PART TWO

TESTING LIFE CYCLE PART THREE

SOFTWARE TESTING AND CONSTRAINTS WITH IN IT

TESTING CONSTRAINTS PART TWO

LIFE CYCLE TESTING

TEST METRICS

Independent Software Testing

Test Process

Testing verification and validation

Functional and structural testing

Static and dynamic testing

V model testing

Eleven steps of V model testing

Structural testing

Execution testing technique

Recovery Testing technique

Operation testing technique

Compliance software testing technique

Security testing technique

Deploying ASP.NET Applications

After a Web application is developed, it needs to be deployed to make it available as a Web site. A Web application may be made up of a number of files and components. These components may be developed by the application developer or by a third party. Therefore, while deploying a Web application, you must determine the files to be included in the deployment. In addition, you must determine the method to be used for deploying an application.

Deployment is the process of packaging all files that make up an application and distributing them for the purpose of installation on other computers. Deploying an ASP.NET application can be as easy as copying the application files to the machine on which the application needs to be deployed. When you deploy an application by copying files, no Registry entries are made. To deploy more complex applications, which may comprise various components, you may create deployment projects in Visual Studio .NET.

A deployment project enables you to specify the files to be included in the deployment, the method by which the application files will be deployed, and the location where the application is to be deployed. In this section, you will look at the different types of deployment projects, the process of creating a deployment project, adding files to the deployment project, and building the deployment project.

Choosing the type of deployment projects

Visual Studio .NET provides different types of deployment projects. The choice of a particular type of deployment project depends upon the application or the component that you want to deploy and the mode of deployment. For example, you may want to deploy an application in the form of a collection of cabinet (CAB) files for downloading the application.

The different types of deployment projects provided in Vi sual Studio .NET are as follows:

Merge module project: Creates a single package that contains all files, resources, Registry entries, and the setup logic necessary for deploying the package. A merge module is similar to a dynamic link library (DLL), which allows multiple applications to share code. The only difference in this case is that a merge module allows sharing of the setup code. A merge module project file has the extension .msm. You cannot use a merge module file by itself. You must merge the resulting .msm file with another deployment project, which creates a Windows Installer (MSI) file.

You can use a merge module project when you want to deploy a component that will be shared by multiple applications, because a merge module project identifies all the dependencies for a component and ensures that the correct versions of the components are installed. Thus, problems relating to versioning can be avoided with merge module projects. When a new version of a component needs to be deployed, you simply create a new merge module project that contains the dependencies for the new version of the component.

Setup project: Enables you to create a Windows Installer (MSI) file for deploying an application. The resulting MSI file contains the application, dependencies, information about the Registry entries to be made, and installation instructions. A setup project can be used for deploying standard Windows-based applications. When you execute the resulting MSI file, all files related to the application are copied to the Program Files directory on the target computer.

While selecting between a merge module project and a setup project, you must consider the target audience. If the application is intended for use by an end user, you should package all the files for the application in an MSI file. On the other hand, DLLs, controls, and resources that are intended for use by developers should be packaged in a merge module, which can then be packaged by the developer in an MSI file for distribution to the end user.

Web setup project: Is similar to a setup project. This type of project also results in the creation of an MSI file, which can be used for deploying an application. When you execute the MSI file, all files that make up the application are copied to the virtual root directory on the Web server.

This type of project should be used for installing a Web application on a Web server.

Cab project: Enables you to generate CAB files of a specific size. These CAB files can be used to download components to a Web browser. You can create a cabinet project if you want your component to run on the client instead of the Web server.

In addition to these types of projects, Visual Studio .NET also provides the Setup Wizard, which creates a basic setup project. It guides you through the steps of creating a deployment project. During each step, the wizard collects information, such as the files to be included in the deployment project.

User Interface Editor

When you create a deployment project, it automatically creates some dialog boxes that are displayed during the installation of the application on the target computer. The User Interface Editor displays the dialog box names and enables you to specify the properties of the dialog boxes, such as the message to be displayed in a dialog box and the name of the dialog box. In addition, the User Interface Editor enables you to add your own dialog boxes.

The User Interface Editor is divided into two sections, Install and Administrative Install. The Install section contains the dialog boxes that are displayed to the users when they start installation. The Administrative Install section contains the dialog boxes that are displayed when a network administrator moves the installer to a network location, to make it available for installation over a network.

Each section has some predefined dialog boxes, which are categorized as follows:

Start dialog boxes: Displayed to the user before the actual installation process begins. Examples of dialog boxes in this category are the Welcome screen, the dialog box that accepts customer information such as the username and company name, and the dialog box that enables a user to specify the directory in which the files are to be copied.

Progress dialog boxes: Used as a means of providing visual feedback to the user about the progress of the installation process. It typically depicts the progress in terms of the percentage of completion of the process.

End dialog boxes: Used to inform the user about the success or failure of the installation process. They also include the dialog boxes that enable you to launch the newly installed application or to restart the computer.

RELATED POST

CREATING ASSEMBLIES WITH ASP.NET

BUILDING HANDLERS IN ASP.NET

INTERFACES AND CLASSES CREATION IN ASP.NET

CACHING IN ASP.NET

CACHING IN ASP.NET PART TWO

WIRE LESS APPLICATION WITH ASP.NET

SECURITY IN ASP.NET PART ONE

SECURITY IN ASP.NET PART TWO

LOCALIZING ASP.NET APPLICATIONS

DEPLOYING ASP.NET APPLICATIONS

ASP.NET CONFIGURATION SYSTEM

WEB SERVICES IN ASP.NET

WEB SERVICES PART TWO

WEB SERVICE INFRASTRUCTURE

WEB SERVICE INFRASTRUCTURE PART TWO

EXCHANGING MESSAGES IN ASP.NET

MICROSOFT HAIL STORM

SOAP AND DOT NET PART ONE

SOAP AND DOT NET PART TWO

Configuring Your Setup Project

1. Setup applications are highly configurable.
2. You can set setup properties that provide information about the origin of your application and behavior of your application at design time in the Properties window.
3. Use the Register property to register a COM component or Font at install time.
4. Use the File System Editor to edit the file system on the target computer.
5. Use the Registry Editor to write registry entries to the target computer.
6. Use the File Types Editor to create file associations on the target computer.
7. Use the User Interface Editor to customize the installation user interface.
8. Use the Custom Actions Editor to add a custom action.
9. Use the Launch Conditions Editor to add a search and a launch condition.
10. Use Ngen.exe to create a native code image of your application or assembly.
11. Use Permview.exe to view the permissions granted to an assembly.

RELATED POST

DAY 11 OOPS INTRODUCTION

DAY 12 POLYMORPHISM

DAY 13 INHERITANCE AND POLYMORPHISM

DAY 14 EBUGGING TOOLS IN DOT NET

DAY 15 DEBUG AND TRACE IN CLASSES

DAY 16 UNIT TEST PLAN

DAY 17 EXCEPTIONS IN VISUAL STUDIO

DAY 19 ADO.NET INTRODUCTION

DAY 20 DATA ACCESSING IN DOT NET

DAY 21 DATA BASE OBJECTS

Planning the Deployment of Project

XCOPY Deployment

XCOPY deployment is a simple and straightforward deployment scenario. The name is derived from the DOS XCOPY command, which copies the contents of a directory (including subdirectories) to a target directory. In certain circumstances, you can use this very simple method to deploy your applications.

XCOPY deployment is accomplished from the command prompt. You use the XCOPY command to specify the source directory and the target directory. The /s flag is used to indicate that subdirectories are to be copied as well. For example, to copy the MyApplication directory (including all subdirectories) from drive D: to drive C:, the following command-line command is used:

XCOPY D:\MyApplication C:\MyApplication /s

Information about additional command-line flags that can be used with XCOPY can be obtained by typing HELP XCOPY at the command prompt.

XCOPY deployment requires that all of the files required by the application be located in the application directory. This includes the compiled EXE files, any required DLL files representing components or controls, any required resource files, and any other files that the application requires. A second requirement for XCOPY deployment is that the .NET Framework must be installed on the target machine.

Additionally, an application to be deployed in this manner cannot require any additional files or resources (such as databases or shared components) that are not known to already be installed on each and every client machine on which your program will be installed. Clearly then, the limitations for XCOPY deployment are severe. As a rule, you should only use XCOPY deployment for applications that have no external dependencies outside of the .NET Framework and only if the .NET Framework is guaranteed to be installed on every target machine.

To deploy your application using XCOPY

Verify that your application meets the requirements for XCOPY deployment.
Open the command window. To locate the command window in Microsoft Windows XP, click Start, All Programs, Accessories.

Run XCOPY from the command prompt, specifying the source and destination directories, and include any command-line flags. For example:

XCOPY D:\MyApplication C:\MyApplication /s

Creating Setup Projects

For applications that cannot be deployed by XCOPY, you can use Visual Studio .NET to create Windows Installer setup projects. Windows Installer projects are fully configurable and can be configured for a variety of deployment plans. You can create a setup project for your application by adding a setup project to an existing solution.

There are two basic kinds of setup projects as they relate to Windows Forms: setup projects and merge module projects. Setup projects are used for deploying executable applications.

A compiled setup project will contain a setup application capable of installing your program to a target computer. A merge module, on the other hand, is used to deploy controls or components that do not exist as stand-alone applications and cannot be deployed directly. It is a redistributable package that can be merged with an existing setup project. It contains all of the appropriate information concerning how and where to install the assembly, but must be installed along with an application.

Using the Setup Project Wizard

To choose the appropriate type of setup application for your project, Visual Studio .NET provides the Setup Project wizard. The Setup Project wizard walks you through the task of creating your setup project and quickly creates the base setup project, which can then be further configured in the Integrated Development Environment (IDE).

To add a setup project to your solution, click File, Add Project, New Project to display the Add New Project dialog box. To access the Setup Project wizard, choose Setup and Deployment Projects in the Project Types pane and Setup Wizard in the Templates window.

To create a setup project for your application with the Setup Project wizard
From the File menu, choose Add Project, New Project.
The Add New Project dialog box opens.

In the Project Types pane, choose Setup and Deployment Projects. In the Templates pane, choose Setup Wizard.

After the title pane, choose the type of setup project. Choose Merge Module for a DLL, or Setup For A Windows Application for an application.

Use the next two screens to specify the project output and any additional files that you want to be included in your setup project.

On the Summary screen, click Finish to create your setup project.

Once you create your setup project, it is added to your solution and can be viewed in Solution Explorer. In addition to the files you specified for inclusion, Visual Studio .NET automatically detects any dependencies the setup project might have and adds them to the Detected Dependencies folder.

Dependencies that are not explicitly included in the setup project are excluded from the build process by default. You can include an excluded dependency file by right-clicking the file in Solution Explorer and clearing the check mark from Exclude in the pop-up menu. Note that including the .NET Framework redistributable files will dramatically increase the size of your application.

You should only do so if the target machine for your application does not have the .NET Framework already installed.

Configuring Build Properties of Your Setup Project

Once your setup project has been added to your solution, you can configure the output it produces by setting the Build properties. Normally, a setup project produces at least one file: the Windows Installer file (with an .msi extension), which contains all of the information and content needed to install your application to a target computer.

Depending on how the Build properties are configured, however, you can create additional files to package content or to install Windows Installer on target machines that do not have Windows Installer already installed. You can access the Build properties of your project by right-clicking your project in Solution Explorer and choosing Properties.

Output File Name

The Output File Name option represents the location where the Windows Installer file will be placed when built and the name it will have. The default value for this property is \., where is a subdirectory for the selected configuration located in the project directory. defaults to the name of the project, and is .msi for Windows Installer applications and .msm for Windows Installer merge modules. You can alter the build path by clicking the Browse button and choosing a new build directory.

Package Files

The Package Files option determines how the output files for your solution will be packaged into the setup project. The default setting is to package output files in the setup file itself. This allows for the greatest level of compression and the lowest level of complexity, as all of the information needed to deploy your application is contained within a single file.

In some cases, however, you might want to package your application in Cabinet (CAB) files. When you package your output into CAB files, you can choose the size of the CAB files you produce. This can be useful if you have a size limitation for your output files. For example, if you plan to distribute your application on floppy disks, you would want to package your output files into CAB files and set the CAB file size (see the next section) to 1440 KB. You could then copy the resulting CAB files to floppy disks.

Another option for this property is to package your output in loose, uncompressed files. If this option is chosen, no compression is applied, and the project output files are simply copied to the same directory as the MSI file.

CAB Size

If you choose to package your files in CAB files, the CAB Size property becomes enabled. You can choose between two options for this property. Choosing Unlimited causes the setup project to create a single CAB file that contains all of your project output. If you choose Custom, you can specify the maximum size of your CAB files. This is particularly useful if you are planning to distribute your application on floppy disks or other removable media.

Bootstrapper

The Bootstrapper option allows you to specify whether or not to generate a boot-strapping application along with your setup project. A bootstrapping application is used to install Windows Installer 1.5 to the target machine before your application is installed. Windows Installer 1.5 is the default version of Installer for Windows XP. If you choose to create a bootstrapping application, your setup project will generate additional files that will be used by your setup application to install Windows Installer 1.5 when necessary.

Any deployment to Windows XP will not require the use of a bootstrapping application. If you are deploying to a prior version of Windows, you will need to run the bootstrapping application the first time a Windows Installer project is used.

If you are only planning to deploy your application to machines running Windows XP or machines that have already had Windows Installer 1.5 installed, you can choose None to generate no bootstrapping application.

Otherwise, you would choose Windows Installer Bootstrapper for most distribution plans. Choosing Windows Installer causes four additional files to be generated and placed in the Build directory.

If you are planning to make your application downloadable from the Web, however, you should choose the Web Bootstrapper option. Choosing Web Bootstrapper will cause three additional files to be generated and placed in your output folder.

The InstMsiA.exe and InstMsiW.exe files function in the same manner as was described for the Windows Installer Bootstrapper option: they install Windows Installer to the machine as appropriate. The third file is also called Setup.exe, but has slightly different functionality than the Setup.exe produced when the Windows Installer Bootstrapper option is chosen. The Setup.exe file determines if Windows Installer is already installed on the target machine, and if not, downloads the appropriate executable to install it. Then it downloads and executes the MSI file containing your application.

Choosing the Web Bootstrapper option opens the Web Bootstrapper Settings dialog box, which allows you to set two additional properties. The Setup folder URL specifies the Web folder that contains the setup installer program and any files associated with that program. You can specify a different URL for the Web Bootstrapper files (InstMsiA.exe and InstMsiW.exe) by setting the Windows Installer upgrade folder URL. This allows you to put the bootstrapping application in a different Web folder than the setup application. If you do not specify a different folder, the Web Bootstrapper executable files should be installed to the same Web folder as the setup files.

Compression

The Compression property determines which compression scheme will be applied to the setup project. If you chose to package your files as loose, uncompressed files, this option is not available to you. Otherwise, you can choose between three settings. None indicates that no compression will be applied to the files. This generally results in the fastest install time, but can dramatically increase the size of your setup project. Choosing Optimized For Speed will apply compression to your project, but will optimize for a fast install, resulting in a larger setup project as well. If you choose Optimized For Size, the setup project will be the smallest possible size, but might require more time to install.

Authenticode Signature

If you want to use Authenticode signing to sign your setup project, select the check box next to Authenticode Signature. This enables three properties relating to your Authenticode Signature that can be set. You can specify the folder for an Authenticode certificate that you can use to sign your files in the Certificate File box.

The Browse button allows you to browse to the folder containing the certificate. Similarly, in the Private Key file box, you can specify the folder that contains the private key for digital encryption of the signed files, and you can use the Browse button to browse to the appropriate folder. Additionally, the Timestamp Server URL box lets you specify the Web location for a timestamp server used to sign the files. If you specify Authenticode Signature you must specify a folder for your certificate file and your private key. Specifying a Timestamp Server URL is optional.

Building, Distributing, and Deploying a Setup Project

Once you have specified the output to be included in your setup project and have set the relevant properties, you can build and distribute it. Once distributed, your setup project can be deployed to client machines.

Building the Project

To build the setup project, select the project in Solution Explorer, and choose Build from the Build menu. This invokes the build process for your setup project. The resultant files from the setup build are located in the folder specified by Output File Name in the Setup Property Pages. These files can then be copied to the distribution platform you have chosen.

Distributing the Setup Project

A distribution plan should ensure that your application is capable of deploying to the target computers. There are many options available when choosing a distribution plan for your application including distributing with removable media, distributing via a network share, or distributing by download from the Web.

Distribution via Removable Media

Removable media has been the traditional way of distributing applications. When planning a distribution with removable media, it is important to keep the capacity of the chosen medium in mind. Floppy disks have a maximum capacity of 1.44 MB and thus might not have enough capacity for many of the setup projects you might create. The capacity of CD-ROMs is considerably larger, but might still fall short for very large setup projects. If your setup application needs to be larger than the capacity of your chosen medium, package your output files in CAB files and copy the resultant CAB files to multiple disks.

To distribute your application via removable media

Analyze the size requirements for your setup project, and choose how the files will be packaged on the Property Pages for your application. If you are planning a distribution via floppy disks, choose CAB files, and set the CAB file maximum size to 1440 KB.

Build your setup project

Copy the setup project output files from the Build folder to the removable media. If you are distributing via floppy disks and have created multiple CAB files, copy the MSI file to the first disk, and then copy each CAB file to a separate disk.

Distribution via a Network Share

If your application is designed for use by a group of users on a common network, you can distribute your application by placing it on a network share. In general, this is the simplest method of distribution for your application. All you need to do to distribute your application via a network share is share a folder on the network server and copy the output files to the shared folder. You can then publish the address of the network share to your intended users where they can download the installation files to the target machines.

Additionally, the network administrator can set security properties for the network share folder so that only the intended recipients of the application can download the installer files. If a bootstrapper application is to be included with the setup project, choose a Windows Installer Bootstrapper on the Property Pages.

To distribute your application via a network share

If you are including a bootstrapper application with your setup project, choose Windows Installer Bootstrapper on the Property Pages for your setup project.
Build your setup project.

Share a folder on the network server, and set any appropriate access restrictions.
Copy the project setup output files from the Build folder to the network share folder.

Publish the network address of the setup files to the end users.

Distribution via a Network Share Using Administrative Installation

You can also deploy your application to a network share via administrative installation. This allows you to create an image of the application and the setup file in a shared folder. End users can then download the setup file from the share and install it on their own machines. Administrative installation allows you greater flexibility in configuring the installation properties for the application on the target computers.

To distribute your application via a network share using administrative installation

If you are including a bootstrapper application with your setup project, choose Windows Installer Bootstrapper on the Property Pages for your setup project.
Build your setup project.

Share a folder on the network server, and set any appropriate access restrictions.
Open the command window.

Change the directory in the command window to the directory that contains the setup project.

Invoke administrative installation by using the following command:

msiexec.exe /A .msi

where is the name of your setup program.

Follow the instructions given by the Setup Project wizard. Choose the shared folder as the target folder for installation.

Publish the network address of the setup files to the end users.

Distribution via the World Wide Web

For a project with a wide distribution audience, you might want to distribute your application via an Internet download. The procedure for making your application accessible over the Internet is fundamentally the same as distributing via a network share. Rather than copying your installer files to a shared directory, however, you copy them to a virtual Web directory.

If you are including a bootstrapper application with your setup project, you can copy the bootstrapper application to another directory, as specified by the Windows Installer upgrade folder URL setting on the Property Pages. If you are including a bootstrapper, set the Bootstrapper property to Web Bootstrapper because Web Bootstrappers have built-in authentication.

To distribute your application via the Web

If you are including a bootstrapper application with your setup project, choose Web Bootstrapper on the Property Pages for your setup project. Set the Setup Folder URL property to the URL you plan to copy your setup application to. If desired, you can specify an additional URL for the bootstrapper program in the Windows Installer Upgrade Program URL property.

Build your setup project.

Copy the project setup output files from the Build folder to the virtual folder that will host your application.

Publish the URL to your intended audience.

RELATED POST

DAY 11 OOPS INTRODUCTION

DAY 12 POLYMORPHISM

DAY 13 INHERITANCE AND POLYMORPHISM

DAY 14 EBUGGING TOOLS IN DOT NET

DAY 15 DEBUG AND TRACE IN CLASSES

DAY 16 UNIT TEST PLAN

DAY 17 EXCEPTIONS IN VISUAL STUDIO

DAY 19 ADO.NET INTRODUCTION

DAY 20 DATA ACCESSING IN DOT NET

DAY 21 DATA BASE OBJECTS

Security in Application

Security is about protection. You can use the security features provided by the .NET Framework to protect your code from unauthorized users and to protect the system from unauthorized use of your code.

Overall system security policy is set by the system administrator. The administrator decides what kind of code the machine will be allowed to execute, whether or not a particular assembly is trusted, and if so, what kind of trust is extended to the assembly. The security policy set by the system administrator cannot be overridden by your code: it is the highest level of security on a given machine.

You use security to further protect your application within the bounds set by the system administrator. You can use role-based security to authorize users and code access security to protect your code from being misused by unauthorized callers. Security authorizations can be either imperative or declarative.

In imperative security, permission to execute is demanded at run time. Declarative security, on the other hand, specifies permissions required by the assembly in the assembly manifest. If the required permissions are in conflict with the security policy, the assembly will not be allowed to execute. Permission objects are the central objects in code security.

Permissions

Permissions are the primary objects in security. A permission is a code object that represents a user, an identity, or a code resource. You use Permission objects for a variety of security-related functions. Permission objects are used to represent security clearances as well as to enforce security policy.

The IPermission Interface

All permissions implement the IPermission interface. Although you will very rarely, if ever, need to implement this interface, an examination of the methods described by the IPermission interface will give insight into how the objects that implement this interface work.

All security permissions in the .NET Framework must implement the IPermission interface, which provides a common level of functionality for all security objects. Permissions can use the Demand method to enforce security. The method requires that callers must have been granted the appropriate permission to access the protected code. If the appropriate permission has not been granted, a SecurityException is thrown.

The Copy method creates an identical copy of the permission, and the IsSubsetOf method determines whether the current permission is a subset of a specified permission. The Union and Intersect methods are used to create a new permission from two specified permissions of the same type. The permission returned by a Union method represents the sum of the two permissions specified, and the permission returned by the Intersect method represents only those resources that both permissions have in common. In the following sections, you will learn how to use these methods as implemented in the Permission objects provided by the .NET Framework.

Configuring Role-Based Authorization

Role-based security is security that grants or denies access to an application or resource based on the identity and role of the user. For example, suppose you have an application that is used by both managers and clerks. You might want to allow everyone to access some parts of the application, but make sensitive parts of the application, such as payroll or personal information, available to managers only. You would use role-based authorization to implement this kind of security.

The Principal


In the .NET Framework, authenticated users are represented by a Principal object. The Principal object contains information about a user's identity and role, and can be used to validate identity against a PrincipalPermission object, which is used to protect sensitive parts of an application from unauthenticated users.

Declarative Role-Based Security

Every Permission object has a corresponding attribute. These attributes can be attached to classes and members and used to control access to that class or member. Attributes play a key role in declarative security. In the declarative security model, permission attributes are attached to the members they protect to specify the level of access. Additionally, they are emitted into the type metadata so that the metadata for the assembly can be examined, and the administrator can make a decision as to whether to allow the assembly to execute or not based on that metadata.

Each permission attribute requires a SecurityAction in the constructor that indicates the action the permission attribute should take. In role-based security, this is usually a Demand action. You can set properties for permission attributes upon creation by using the := operator (Visual Basic .NET) or the = operator (Visual C#).

Configuring Code Access Security

Code access security is used to prevent your code from being misused by unauthorized callers. You can also use code access security to communicate security requirements to the system administrator, so he or she can make a decision as to whether or not to allow the assembly to execute on the system.

Like role-based security, code access security is based on permissions. In role-based security, a permission represents the identity or role of the user. In code access security, however, the permissions represent system resources and control access to those resources. A good example is the file system.

If you have an application that writes to files, you should ensure that unauthorized callers are unable to use that resource, so as to prevent maliciously inflicted damage to your file structure. You could protect any code that accesses the file system with a FileIOPermission object, which would ensure that all callers had the appropriate level of permission.

Creating Code Access Permissions

Every code access permission exposes a different set of overloaded constructors that allow you to specifically configure the resources that it protects. You can create a permission that represents access to all of the resources it protects or a subset based on the parameters supplied at instantiation.

You can create a permission that provides unrestricted access to the resource it represents by using the PermissionState.Unrestricted flag.


Imperative Code Access Security

Like role-based security, code access security can either be used imperatively or declaratively. When using imperative code access security, you enforce security at run time.

The primary method for enforcing code access security is the Demand method. Permission to access protected resources is granted by the common language runtime by checking the security policy for the assembly set by the system administrator. When the Demand method of a permission object is called, it walks the stack to verify that each and every caller higher in the call stack has been granted permission to access the resource represented by the permission.

Thus, a trusted assembly might have a method that calls another method that is protected by a code access permission. If the call to this method originates in a trusted assembly, the call will succeed, and the protected resource can be used. However, if an untrusted assembly calls the method in the trusted assembly, which then calls the protected method, the Permission object will walk the stack to verify that every caller has permission to access this resource. Because the untrusted assembly does not have the appropriate permission, the call will fail.

You can use the Assert method to declare that a method has permission to access the specified resource. This causes any Demand stack walks to cease checking for permission from callers higher in the stack. Thus, if an untrusted assembly calls a method containing an Assert call, which then attempts to call a method protected by a Demand, the Demand will be satisfied by the Assert and allow the call to proceed, even though the call originated in an untrusted assembly.

Using Assert calls can be dangerous because they can potentially allow untrusted code to access protected resources. Thus, you should be very careful when making Assert calls. You should also note that you cannot use an Assert call to bypass the system security policy. An assembly must be given the appropriate permission to make Assert calls for them to be valid.

Declarative Code Access Security

You can use declarative code access security instead of imperative code access security to configure access to system resources. As in role-based security, each code access permission has a corresponding attribute that can be attached to methods or classes to specify security actions. Additionally, you can use declarative code access security to request permissions for the entire assembly.

You can attach a code access permission attribute to a class or method in the same way in which you would specify a role-based security attribute. However, instead of specifying a role, you must specify the SecurityAction represented by the attribute.

The SecurityAction.Demand, SecurityAction.Deny, SecurityAction.Assert, and SecurityAction.PermitOnly flags correspond to the Demand, Deny, Assert, and PermitOnly methods of the relevant permission, respectively.

There are additional security actions that can be applied to classes and methods with declarative security. If you specify SecurityAction.LinkDemand, you only require the immediate caller to this class or method to have been granted the appropriate permission. Specifying SecurityAction.InheritanceDemand requires that any derived class inheriting this class or overriding this method must have the appropriate permission.

You can also use permission attributes to make security requests for the entire assembly. There are three SecurityAction flags that can be specified in an assembly-wide directive.

When SecurityAction.RequestMinimum is specified, it makes a request to the common language runtime to be granted the requested permission. If the requested permission is not granted by the security policy, the assembly will not execute. A SecurityAction.RequestOptional is similar, but the assembly will still run even if the requested permission is not granted. Specifying SecurityAction.RequestRefuse requests that the assembly be denied the specified permission.

Using Exception Handling with Imperative Security

Your applications should anticipate possible error conditions and appropriately handle any exceptions that might be thrown. Because a security failure will throw a SecurityException, any imperative security demands should be wrapped in appropriate exception handling that allows your application to degrade gracefully if security permissions are not granted.

You must decide on the appropriate course of action when a requested permission is not granted, whether that action is to allow the user to save data and then end the program or to proceed with program execution, bypassing the protected resource. Whatever course of action you decide for your application, good programming practice directs that foreseeable exceptions should never go unhandled.


RELATED POST

DAY 11 OOPS INTRODUCTION

DAY 12 POLYMORPHISM

DAY 13 INHERITANCE AND POLYMORPHISM

DAY 14 EBUGGING TOOLS IN DOT NET

DAY 15 DEBUG AND TRACE IN CLASSES

DAY 16 UNIT TEST PLAN

DAY 17 EXCEPTIONS IN VISUAL STUDIO

DAY 19 ADO.NET INTRODUCTION

DAY 20 DATA ACCESSING IN DOT NET

DAY 21 DATA BASE OBJECTS