Performance Problems with Zero Touch deployed WinForm Application

[Matthias Heuer]

Hi, we try to deploy a quite heavyweight .NET (C#) Rich Client App (2 Tier)
via IIS Server Zero Touch, but it requires about 4-6 times more Processor
Time and is thus 3-4 times slower than if started locally.
We have already set up Dummy Resource Files and we can see from the Web
Server Log that no Web Server Access happens anymore.
What is it that eats up Performance and how can we switch this off? It is
especially blatant when just moving the Mouse across the Application, which
creates a 50% Processor Load on a 1.6 GHz Notebook.
Thanks in Advance!

 

[UAError]

Hi, we try to deploy a quite heavyweight .NET (C#) Rich Client App (2 Tier)
via IIS Server Zero Touch, but it requires about 4-6 times more Processor
Time and is thus 3-4 times slower than if started locally.
We have already set up Dummy Resource Files and we can see from the Web
Server Log that no Web Server Access happens anymore.
What is it that eats up Performance and how can we switch this off? It is
especially blatant when just moving the Mouse across the Application, which
creates a 50% Processor Load on a 1.6 GHz Notebook.
Thanks in Advance!

Haven't got a clue -

But if it was me I'd start the .NET framework Configuration
Tool or Caspol and compare the effective Code groups and
Permissions on the local version and the zero touch version.

In the worst case the local version is running "full trust"
while the zero touch version is not. If you have a large
number of assemblies that delegate through one another quite
deeply the resulting (deep) stack will be "walked" quite a
lot when you call framework functionality (like polling the
current mouse position).

If that is the case, the simplest solution is to alter the
security policy to grant the zero touch version "full trust"
- just make sure you select some fairly stringent membership
conditions - otherwise the cat may drag something in.

 

[UAError]

Hum, we are already running the Application full Trust:
we added the whole Server Address to the List of trusted Machines in IE and
gave the Trusted Zone full Access without Restrictions.
We also tried to set up a Trust using caspol but we get the same Performance
Behavior:
caspol -en -addgroup All_Code -url http://xxxxx/* FullTrust -exclusive
on -levelfinal on -n MY_TRUST

Here you don't specify to which policy level the code group
is being applied to. If you are logged on as a local
administrator it will be applied to the Machine level (-m).
If you are using a custom interactive account then it will
be applied to the User level (-u). On the machine policy
level the code group might not be effective if you have on
the Enterprise policy level a levelfinal code group (set
through Active Directory) that curtails the assembly's
permissions. Even on the same policy level another exclusive
group could be interfering if the code group search runs
into it first.

Ultimately you should use the .NET Configuration utility to
evaluate the effective permissions
Control Panel > Administrative Tools > >NET Framework 1.1
Configuration

Click on the "Runtime Security Policy Folder"
on the right panel you should see "Evaluate Assembly"
use that to evaluate the effective permissions of all the
assemblies in your application.


With Caspol you should be able to do the same thing with the
-all -resolveperm assembly_file
option (-rsp).

The code groups responsible can be identified with the
[-all|-user|-machine|-enterprise] -resolvegroups
assembly_file
option (-rsg)

But it has to do with Security Checks, because when I disable Security using
"caspol -s off" the Application is fast again!!

But how do I get the same Results without having to switch off Security
entirely?

Have you already read these?

NET Zero Deployment
Security and Versioning Models in the Windows Forms Engine
Help You Create and Deploy Smart Clients
http://msdn.microsoft.com/msdnmag/issues/02/07/NetSmartClients/default.aspx

Launching No-Touch Deployment Applications with Command Line
Arguments
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnforms/html/winforms05152003.asp

http://msdn.microsoft.com/security/securecode/deploy/default.aspx