ASP.NET as a Client App

[Guest]

I have a ASP.NET app that my users would like to be able to access remotely
while out of the office (i.e. where they will have no internet connection).
Rather than rewrite the whole thing as a traditional windows forms app, I'd
like to deploy the actual web project.

All my users have good laptops, and I've been able to install MSDE and IIS
on them, deploy the project, and everything runs fine. Only one person will
ever hit the localized IIS at one point in time, and performance is
acceptable (but not as good as I'd like).

My question is, is there a better way to deploy a ASP.NET web project in a
scenario like this without using IIS? We're a small shop (2 developers) and
the bulk of our time will always be spent working on the "main server"
website, we'll probably never have time to write and maintain a second UI,
even though the bulk of our logic is in class files.

 

[John Timney \( MVP \)]

I've seen your solution used a hundred times for small groups of users. If
your solution works ok for a small group then there should be no reason why
you cant continue using it. Look at it from a cost persepective if nothing
else.

Your options though also include using a redistributable version of Cassini
as part of your deployment, so you could in theory package all this to work
with a smaller scale webserver at least.

http://www.devx.com/tips/Tip/30771

Or, hosting the ASP.NET Runtime.

http://msdn.microsoft.com/msdnmag/issues/03/01/CuttingEdge/default.aspx

Me - If no one is complaining, I'd probably go with what your doing and save
myself a lot of rework.

 

[Guest]

Thanks, that's very helpful, and re-assuring.

Any downsides / upsides to using Casini over IIS? Would Cassini handle a
scenario like mine, with one visitor (or two, if I'm troubleshooting) at a
time any better or worse than IIS?

Finally, I like the implications that I could Add Casini to my install page,
can I do something similar with IIS if I choose to say on that path?

Thanks for your help.

 

[Ryan LaNeve]

Thanks, that's very helpful, and re-assuring.

Any downsides / upsides to using Casini over IIS? Would Cassini handle a
scenario like mine, with one visitor (or two, if I'm troubleshooting) at a
time any better or worse than IIS?

Finally, I like the implications that I could Add Casini to my install
page,
can I do something similar with IIS if I choose to say on that path?

Thanks for your help.

:

There is one major downside to using IIS: it's a target. It takes an
impressively small amount of time for an unprotected IIS instance to get
infected once exposed to the public Internet. Unless you specifically locked
down each and every user's local install of IIS, you've left them extremely
vulnerable. Once one of those laptops gets infected, your user is going to
jack that machine back into your LAN the next time they are in the office
and now you've got an infected IIS server running inside your corporate
firewall. Before you know what's going on, your main IIS server(s) - the
ones you thought were safe because they're behind your firewall - will
probably be infected as well. There's a mess just waiting to happen.

Cassini, I believe, will mitigate a great deal of risk in it's default setup
because it will only accept local connections. Of course, you can lock-down
IIS, including restricting it to local connections, but you have to take
responsibility for making these changes yourself and keeping the machines
patched and training your users to always, always, always keep their local
firewalls running, and etc, etc, etc, etc...

Please think about security as you are designing your systems. The world
does not need another batch of infected IIS instances trying endlessly to
spread some virus/worm to every other machine they can find.

Good luck,
Ryan LaNeve

 

[John Timney \( MVP \)]

Valid points Ryan, Karl did mention that his users had no internet
connections when using the local apps but I think you have answered the
questions he had perfectly and added some extra thoughts for him.

IIS is not really a packagable application. I personally have never
packaged Cassini for re-distribution, but it does appear that it can be
done, and as Ryan points out, given it only accepts local connections may be
a better solution in this instance. That said, as long as you IIS instances
are patched as they should be you should have few issues. IIS can be locked
down to specific IP's or total number of concurrent users. You'll need to
play to find out how to configure it for your scenario.

Of course you can always also consider using Mono as a local install. I
know that its install steps could be packaged up and its something else to
consider for any platforms your having trouble deploying into due to lack of
support.