Is it good practice to download a dependency assembly from the internet?
I know there are several ways to deploy a .net Windows client application:
There's Windows Installer , Click once , easy load and run, and load Windows Forms / WCF Application in Internet Explorer (not to confuse the latter with WCF / E Applications - Silverlight RIA)
So ... thinking about true Windows client applications - just to make it really clear: those that consist of an .exe on your filesystem - can download some or all of its dependencies from the internet - a good idea
<assemblyIdentity
name="MyAssembly"
publicKeyToken="89a956accc8f98e98a9e954a"
culture="en-US" />
<codeBase
version="2.0.0.0"
href="http://www.contoso.com/MyAssembly.dll" /> <!-- look here -->
There are obviously some serious drawbacks: you have to always connect, CAS configuration in the client (internet dependencies will be in the Internet_Zone code group ), not to mention load times.
But I can think of several advantages as well.
What problems? Has anyone used this in a real project?
source to share
I could see what you are doing in a corporate intranet environment where a custom application can talk to a custom server and everyone understands the other. Of course, there may be connectivity and sync issues, but to some extent they can work over time. I did this on one occasion where the application was doing basic CRUD tasks for an internal server that was running commands against the database. Of course, it didn't really matter and was someone's favorite project for a while, in the end he did something okay.
In an internet environment, I think the security concerns will be my biggest concern in doing what you suggest, as another factor is that if this assembly gets updated it could crash the application. For the internet situation, I think something like Click Once would be my suggestion.
source to share
If the assemblies you download are digitally signed by a trusted provider, that shouldn't be so bad from a security standpoint. IF you really trust them ... For example, if you are downloading an assembly from a third party third party vendor who may not have nice tabs in their private key, then yes, I would be careful about that.
source to share