Which other downloaders would you like to see?

Topics: Updater Application Block
Jun 3, 2003 at 4:51 PM
originally posted by: EdJez

The pluggable downloader mechanism lets you download app updates from multiple places. Which others would you need?
Some common requests:
- Active Directory
- WebService using Dime
(Nice thing about a web service, on the server side you can add some logic to control who should get uploads, and even be able to track deployment stats etc)
- Ideas?
Jun 27, 2003 at 6:42 PM
originally posted by: adamhill

I vote (albeit late) for a DIME example.

What would be REALLY cool is a loosely coupled WSE 2.0 example that updated via SMTP or NNTP! :-)

adam...
Jun 28, 2003 at 1:07 PM
originally posted by: EdJez

Agree - I've seen 2 requests for it already. Part of the benefit of having a web-service implementation is that on the server you can check for update policy - basically ask: 'should this client update' - the answer could be based on ad group membership, client location, etc. You could also add a notification scheme to signal completed updates. The effect is more centralized control over the pull rollout. I know some devs in Australia who were working on such an implementation...let me see if they are in the community and if not try to invite them, but if you want to post a harness implementation I'm sure everyone will love it.
Jul 27, 2003 at 9:49 AM
originally posted by: GDorazio

EdJez,

Actually, I like the BITS downloader because of its apparent robustness: restart, background, async, multiple jobs, etc.

However, I am having difficulty with several aspects of the downloader in that I am trying to implement a system for subscriptions, update policy etc.. I am looking at how I can keep files secure on the web site and deliver them to the respective subscribers using this UAB.

The web site is hosted with a web hosting company so I have no admin privileges, only those given to me as the remote owner of the web site. I log in remote and develop using VS.NET (2003).

Can you comment on the following preliminary design and suggest changes or other possibilities? :

1) A web application is under development where a user can subscribe/purchase software that is subsequently downloaded which contains the UAB for auto updating. The details of the initial install sequence are not defined pending clarifying and defining the authentication mechanism.

2) After the app is initially installed the auto updating feature when performing an update must authenticate in order to be permitted any update. The plan is to use BITS. The BITS has an interface IBackgroundCopyJob2::SetCredentials which is stated to be for setting credentials for say BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT...e.g. Windows Authentication.

3) On the web site, the directory containing the downloadable protected files will probably require Windows Authentication for access. To do this, the plan is to use an Access Control List for attaching users to the various files according to their subscriptions. It is not clear to me whether this is possible from within the web application itself to both do the authentication as the system runs and to also be able to modify ACLs say when s user registers. It is also not clear whether this scenareo would need to use Impersonation in the web application when is is doing the authentication.


With this preliminary design the following questions arrise in my mind:

Given that there are several security models here at work: dotNET, IIS, and Windows Authentication using the right components for the UAB authentication appears to be Windows Authentication. If this is reasonable what can the web app do with regard to security in allowing or disallowing access by users? What security level does the web run at?

Is managing ACL for the various assembly/file downloads a good choice for this type of subscription service or should there I use the subscribers database and impersonation by the web application for the download to occur? If this is the case how would this affect the BITS? One answer to this appears to be to intercept the authentication request in a custom httpModule OR in the Application_AuthenticateRequest(...) handler in the Global.asa.cs file. (But this assumes a knowledge of the IBackgroundCopyJob2::SetCredentials function which I do not have.)


Any suggestions for code samples/links to such are appreciated.


Well, that's enough for this post. Please ponder and post suggestions and/or comments.

Thanks,
Gery


Sep 20, 2003 at 11:23 AM
originally posted by: EdJez

If your users already will have windows accounts created for them, or if you are ok with having 'service accounts' that can access this-or that application (watch out with folks figuring this out and sharing credentials) i'd stay with the ACL'ing of files in an IIS vdir, and impersonating.

are the users on the desktop authenticated with the same domain as the web servers run in? (is this over the internet or..). If not they will need to enter the credentials to the server at some point, and custom apps handling windows credentials is something I try to keep away from.

You will get the chance to run global.asax AuthenticateRequest if using basic, but you would have to make sure the asp.net filter is mapped to your download files so it actually kicks in (otherwise it's just IIS servicing the files), but then you would have trouble acutally doing the authorization part, having many vdirs with service accounts is kind of inelegant.

Given this information what I would probably do is:
- make an httpModule and place it after the authentication modules
the module looks at the requested URL, and based on the autn'd user make a go/no-go decision
- use digest authentication (im assuming your clients are not in the same domain or that this should be over the web)
- you would need to map the ASP.NET isapi filter to the file extensions you are trying to protect.

hope this helps
Sep 20, 2003 at 11:37 AM
originally posted by: Duncanma

I know it is easy to build, but I would like to see a non-BITS downloader (if it isn't already done)... the lack of Win98/ME support for this tool is a big stumbling block for some of the customers I have spoken with.
Sep 21, 2003 at 8:43 PM
originally posted by: pmeinl

Adding a patch feature that only transfers the binary delta between versions might reduce download time extremely.
http://www.rtpatch.com have good patch solutions.