LINQ

LINQ is Language Integrated Query. It is pronounced “link” and not ‘lin-queue”. It is a Microsoft .NET 3.5 component that adds native data querying capabilities to .NET languages using a syntax similar to SQL. One can do databases, XML, arrays, etc.

var results = from c in SomeCollection

where c.SomeProperty = conditionvalue

select new (c.SomeProperty, c.SomeOtherProperty);

foreach (var result in results)

XPS

XPS is XML Paper Specification. It is a specification for a page description language and a fixed-document format developed by Microsoft. It is an XAML-based specification, based on a new print path and a color-managed vector-based document format which supports device independence (documents look the same and as they are intended on any device) and resolution independence. It is essentially a competitor to PDF. XPS is a part of WPF which is a part of .NET 3.0.

To save a Word or Office document as XPS do Print to File.

PDF includes dynamic capabilities not supported by the XPS format.

Is it AJAX or Atlas?

Not many know that Microsoft originally invented AJAX. AJAX helps update data on a web page without a complete reload of the page.

ASP.NET AJAX was formerly known as Atlas. It is a set of extensions to ASP.NET developed by Microsoft for implementing Ajax functionality. ASP.NET AJAX was released as a standalone extension to ASP.NET in January 2007. It was subsequently included with .NET 3.5.

The key technology in ASP.NET AJAX is the XMLHttpRequest object, along with Javascript and DHTML.

XAML is EXtensible Application Markup Language (Pronounced as "zammel")

It is a declarative XML-based language that defines objects and their properties in XML. You can create visible UI elements for a Windows Presentation Foundation (WPF) application in the declarative XAML markup, and then separate the UI definition from the run-time logic by using code-behind files, joined to the markup through partial class definitions. It is very intuitive for creating interfaces ranging from prototype to production especially in the sense that a web designer's exact layout can be saved in XAML and combined with the application without affecting the development process. XAML files are XML files that generally have the .xaml extension.

XAML syntax describes objects, properties and their relationships to one another. Generic XAML syntax defines the relationship between objects and children. Properties can be set as attributes or by using 'period notation' to specify the object as a property of its parent.

XAML is a part of .NET 3.0 and is used in writing WPF applications.

The Visual Studio 2008 contains "Cider", the Visual Designer for WPF. The designer's split view editor lets you see your XAML and a design view of it simultaneously, so you can see consequences of your XAML edits immediately without having to run your application.

 

   

 

 

   

 

 

    This is a button

 

Garbage Collection

Garbage collection (GC) is a form of automatic memory management. The garbage collector attempts to reclaim memory used by objects that will never be accessed or mutated again by the application.

Garbage collection essentially is a 2-step process:

•  It determines which objects in a program will not be accessed in the future,
•  And then reclaims the resources used by these objects.

Automatic memory management can eliminate common problems, such as forgetting to free an object and causing a memory leak, or attempting to access memory for an object that has already been freed. It aids programmers in their efforts to make programs more stable, because it prevents several runtime errors. E.g. it prevents dangling pointer errors, where a reference to a de-allocated object is used.

In Java, the JVM takes care of releasing unused memory by keeping track of the references to allocated resources. Whenever the JVM detects that a resource is no longer referenced by a valid reference, the resource is garbage-collected.

In C#, garbage collection is handled by the CLR with similar functionality to that of the JVM. The CLR garbage collector periodically checks the memory heap for any unreferenced objects, and releases the resources held by these objects.

Reflection

Reflection is a functional extension to the object-oriented programming paradigm. It includes self-examination, self-modification, and self-replication. It is commonly used by programs which require the ability to examine or modify the runtime behavior of applications. This is typically accomplished by dynamically assigning program code at runtime.

E.g. In C#, here's how you would achieve reflection:

//Without reflection

Foo foo = new Foo();

foo.Hello();

//With reflection

Type t = Assembly.GetCallingAssembly().GetType("FooNamespace.Foo");

t.InvokeMember("Hello", BindingFlags.InvokeMethod, null, Activator.CreateInstance(t), null);

Reflection is powerful, but should not be used indiscriminately. The following concerns should be kept in mind when accessing code via reflection:

•  Performance Overhead

Because reflection involves types that are dynamically resolved, certain optimizations cannot be performed. Consequently, reflective operations have slower performance than their non-reflective counterparts, and should be avoided in sections of code which are called frequently in performance-sensitive applications.

•  Security Restrictions

Reflection requires a runtime permission which may not be present when running under a security manager. This is in an important consideration for code which has to run in a restricted security context.

•  Exposure of Internals

Since reflection allows code to perform operations that would be illegal in non-reflective code, such as accessing private fields and methods; the use of reflection can result in unexpected side-effects. This may render code dysfunctional and may destroy portability. Reflective code breaks abstractions and therefore may change behavior with upgrades of the platform.

P.S. Since this is an advanced feature of .Net framework, if you can use this in your application, you can call yourself an "advanced programmer"! :)

FxCop

FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework CLR) and reports information about the assemblies, such as possible design, localization, performance, and security improvements.

So to say, FxCop essentially analyzes the compiled object code, and not the original source code. It uses MSIL parsing, and callgraph analysis to inspect assemblies for defects in the following areas:

•  Correctness
•  Library design
•  Localization
•  Naming conventions
•  Performance
•  Security

FxCop is intended for class library developers; however, anyone creating applications that should conform to .NET Framework best practices will benefit. FxCop is also useful as an educational tool for those who are new to the .NET Framework or are unfamiliar with the .NET Framework Design Guidelines.

FxCop is designed to be fully integrated into the software development cycle and is distributed as both a fully featured application with a GUI (FxCop.exe) for interactive work, and a command-line tool (FxCopCmd.exe) suitable for use as part of automated build processes or integrated with Microsoft Visual Studio®.NET as an external tool.

Keywords of FxCop:

•  Target: FxCop analyzes programming elements in managed assemblies, called targets. It provides an informational report containing messages about the targets, including suggestions on how to improve the source code used to generate them.
•  Rule: A rule is managed code that can analyze targets and return a message about its findings. Rule messages identify any relevant programming and design issues and, when possible, supply information on how to fix the target. FxCop represents the checks it performs during an analysis as rules.

FxCop integrates with the Visual Studio IDE to enable developers to analyze the source code at the time of coding and is a freeware downloadable from:

http://www.microsoft.com/downloads/details.aspx?familyid=3389F7E4-0E55-4A4D-BC74-4AEABB17997B&displaylang=en

internal - A keyword in C#

“internal” is a new access modifier for types and type members, in addition to the existing private, public and protected. Internal types or members are accessible only within files in the same assembly. When “protected internal” is used, it keeps access limited to the current assembly or types derived from the containing class.

public class BaseClass

{

    // Only accessible within the same assembly

    internal static int count = 0;

}

A common use of internal access is in component-based development because it enables a group of components to cooperate in a private manner without being exposed to the rest of the application code.

E.g. a framework for building graphical user interfaces could provide Control and Form classes that co-operate using members with internal access. Since these members are internal, they are not exposed to code that is using the framework.

It is an error to reference a member with internal access outside the assembly within which it was defined.

Assembly1.cs

// Compile with: /target:library

internal class BaseClass

{

   public static int nCount = 0;

}

// Assembly2.cs

// Compile with: /reference:Assembly1.dll

class TestAccess

{

   static void Main()

   {

      BaseClass myBase = new BaseClass();       // Error: CS0122; 'member' is inaccessible

// due to its protection level

   }

}

sealed - A keyword in C#

When applied to a class, the “sealed” modifier prevents other classes from inheriting from this class. Sealed classes are primarily used to prevent derivation. Because they can never be used as a base class, some run-time optimizations can make calling sealed class members slightly faster.

using System;

sealed class MyClass

{

    int x;

    int y;

}

It is an error to use the abstract modifier with a sealed class, because an abstract class must be inherited by a class that provides an implementation of the abstract methods or properties.

You can also use the “sealed” modifier on a method or property that overrides a virtual method or property in a base class. This enables you to allow classes to derive from your class and prevent them from overriding specific virtual methods or properties. This negates the virtual aspect of the member for any further derived class. This is accomplished by putting the sealed keyword before the override keyword in the class member declaration. When applied to a method or property, the sealed modifier must always be used with override.

public class D : C

{

    public sealed override void DoWork() { }

}

Structs are implicitly sealed; therefore, they cannot be inherited.

To determine whether to seal a class, method, or property, you should generally consider the following two points:

•  The potential benefits that deriving classes might gain through the ability to customize your class.
•  The potential that deriving classes could modify your classes in such a way that they would no longer work correctly or as expected.

Silverlight

Microsoft Silverlight is a cross-browser, cross-platform implementation of the .NET Framework for building and delivering the next generation of media experiences and rich interactive applications (RIA) for the Web. Silverlight unifies the capabilities of the server, the Web, and the desktop, of managed code and dynamic languages, of declarative and traditional programming, and the power of Windows Presentation Foundation(WPF).

Silverlight enables you to create a state-of-the-art application that has the following features:

•  It runs in all popular Web browsers, including Microsoft IE, Mozilla Firefox, and Apple Safari, and on Microsoft Windows and Apple Mac OS X.
•  It provides a consistent experience no matter where it runs.
•  It is supported by a very small download that installs in seconds.
•  It streams video and audio. It scales video quality to everything from mobile devices to desktop browsers to 720p HDTV video modes.
•  It includes compelling graphics that users can manipulate drag, turn, and zoom, directly in the browser.
•  It reads data and updates the display, but it doesn't interrupt the user by refreshing the whole page.

Silverlight offers you the following features:

•  WPF and XAML: Silverlight includes Windows Presentation Foundation (WPF) technology, which greatly extends the elements in the browser for creating UI. WPF lets you create immersive graphics, animation, media, and other rich client features, extending browser-based UI beyond what is available with HTML alone. Extensible Application Markup Language (XAML) provides a declarative markup syntax for creating WPF elements. See Creating User Interfaces with Silverlight for more information.
•  Extensions to JavaScript: Silverlight provides extensions to the universal browser scripting language that provide powerful control over the browser UI, including the ability to work with WPF elements.
•  Cross-browser, cross-platform support: Silverlight runs the same on all popular browsers (on any platform). You can design and develop your application without having to worry about which browser or platform your users have.
•  Integration with existing applications: Silverlight integrates seamlessly with your existing JavaScript and ASP.NET AJAX code to complement functionality you have already created.
•  Access to the .NET Framework programming model and to associated tools: You can create Silverlight-based applications using dynamic languages such as managed JScript and IronPython as well as languages such as C# and Visual Basic. You can use development tools such as Visual Studio to create Silverlight-based applications.
•  LINQ: Silverlight includes language-integrated query (LINQ), which enables you to program data access using intuitive native syntax and strongly typed objects in .NET Framework languages.

If you already use ASP.NET, you can integrate Silverlight with the server and client capabilities of ASP.NET that you are familiar with. You can create server-based resources in ASP.NET and use the AJAX capabilities of ASP.NET to interact with server-based resources without interrupting the user.

params (A keyword in C#)

Arrays are used to pass a variable number of parameters to a member. C# provides the "params" keyword which lets you specify a method parameter that takes an argument where the number of arguments is variable. No additional parameters are permitted after the params keyword in a method declaration, and only one params keyword is permitted in a method declaration.

E.g.

public class MyClass

{

    public static void UseVariableParameters(params int[] list)

    {

        for (int i = 0; i < list.Length; i++)

        {

            Console.WriteLine("{0}th parameter: {1}", i, list[i]);

        }

    }

}

public static void DemonstrateVariableParameters()

{

    MyClass.UseVariableParameters(1, 2, 3, 4, 5);

}

Passing variable number of parameters to methods should be used judicially. Follow guidelines given below for appropriate use of variable arrays for parameters:

•  Use params keyword to array parameters if you expect the end users to pass a small number of elements.
•  Do not use params arrays if the caller would almost always already have the input in an array.
•  Do not use params arrays if the array is modified by the member taking the params array parameter.
•  Do try to order parameters to make it possible to use the params keyword.
•  Consider providing special overloads and code paths for calls with a small number of arguments in extremely performance-sensitive APIs.
•  By following this guideline, you can avoid creating arrays when a member is called with a small number of arguments. The parameter names should be a singular form of the array parameter followed by a numeric suffix. The following code example shows a member signature that follows this guideline.

public static void WriteLine(string format, object arg0, object arg1, object arg2)

•  Be aware that null could be passed as a params array argument.

JSON is JavaScript Object Notation (Pronounced as Jason)

JSON is a lightweight computer data interchange format. It is a text-based, human-readable format for representing simple data structures and associative arrays (called objects).

The JSON format is specified in RFC 4627 by Douglas Crockford. This format is often used for transmitting structured data over a network connection in a process called serialization. Its main application is in Ajax web application programming, where it serves as an alternative to the use of the XML format.

The following example shows the JSON representation of an object that describes a person. The object has string fields for first name and last name, contains an object representing the person's address, and contains a list of phone numbers (an array):

{

     "firstName": "John",

     "lastName": "Smith",

     "address": {

         "streetAddress": "21 2nd Street",

         "city": "New York",

         "state": "NY",

         "postalCode": 10021

                },

     "phoneNumbers": {

         "212 555-1234",

         "646 555-4567"

                      }

}

Although JSON was based on a subset of the JavaScript programming language (specifically, Standard ECMA-262 3rd Edition-December 1999) and is commonly used with that language, it is considered to be a language-independent data format. Code for parsing and generating JSON data is readily available for a large variety of programming languages. The http://json.org website provides a comprehensive listing of existing JSON bindings, organized by language.

Although JSON is intended as a data serialization format, its design as a subset of the JavaScript programming language poses several security concerns. These concerns center on the use of a JavaScript interpreter to dynamically execute JSON text as JavaScript, thus exposing a program to errant or malicious script contained therein - often a chief concern when dealing with data retrieved from the internet.

Fortify SCA

Fortify® Source Code Analysis (SCA) is the most widely used and effective solution to find and fix software vulnerabilities at the root cause early in the development cycle. Its advanced features help developers identify and resolve issues with less effort, while enabling security leads to review and prioritize more code in less time.

It supports a wide variety of languages, frameworks and operating systems and delivers depth and accuracy in its results. It can be tuned to be comprehensive when completeness is needed or extremely targeted for day-to-day use. Fortify SCA makes triage, audits and remediation fast and effective for any organization.

Fortify SCA's comprehensive source code analysis engine detects a wide variety of vulnerabilities using specialized analyzers:

•  Data Flow Analyzer tracks tainted input across application architecture tiers and programming language boundaries,
•  Semantic Analyzer detects use of vulnerable functions or procedures and understands the context of their use,
•  Control Flow Analyzer accurately tracks sequencing of operations to detect improper coding constructs,
•  Configuration Analyzer finds vulnerabilities in interactions between configurations, and
•  Code Structural Analysis identifies vulnerabilities or problems arising from code structures.

It uses various analysis techniques such as Buffer Overflow Analysis, Deviation Analysis, Infeasible Path Analysis, etc.

Fortify SCA supports a wide variety of development environments, languages, platforms and frameworks to enable security reviews in mixed software development and production environments:

LANGUAGES	ASP.NET, C/C++, C#, COBOL, Classic ASP/VB6, ColdFusion, Java, JavaScript, JSP, .NET, PL/SQL, PHP, T-SQL, XML
PLATFORMS	Windows, Solaris, Linux, Mac OS X, HP-UX, AIX
FRAMEWORKS	J2EE/EJB, Struts, Hibernate
IDEs	Microsoft Visual Studio, Eclipse, WebSphere Application Developer, IBM Rational Application Developer and RSA

For more information, visit http://www.fortify.com/products/detect/in_development.jsp

PREfast

PREfast is a static analysis tool that identifies defects in C/C++ programs. It uses your existing build structure and works by intercepting your native compiler. Intra-procedural analysis identifies defects in the C/C++ source files.

Users commonly run PREfast over a section of code, view results, make fixes, and then run PREfast again. It is recommended that you divide your build into small (10 MB or less) sections, and run PREfast on each section.

PREfast displays a log of the code defects encountered. Each line entry in the log shows a description of the type of defect, a PREfast warning number, the source location, and function where the defect occurred.

The following defect message indicates that PREfast warning 501 occurred in function main, where PREfast found an HRESULT cast to a BOOL at line 21 of the source program test1.cpp.

Casting HRESULT to BOOL   501   c:\prefast\test\test1.cpp(21)   main

To execute PREfast, use whatever build command you normally use at the command line, prefaced by the word prefast. Follow the build command with command-specific arguments, as shown in the following command:

prefast

PREfast recognizes three standard build commands:

•  cl cl-arguments

Compiles and runs PREfast on an individual file and prints the PREfast results textually.

E.g. prefast cl /c test.c

•  nmake nmake-arguments

Performs an Nmake and runs PREfast on all compiled files and prints the PREfast results textually. Any nmake-arguments are passed as arguments to Nmake.

E.g. prefast nmake /f pfw_build.mak 

•  build build-arguments

Performs an Nmake and runs PREfast on all compiled files and prints the PREfast results textually. Any build-arguments are passed as arguments to build.

E.g. prefast build /cefZ 

You can use one of four PREfast-specific commands to customize PREfast:

HELP	Opens the PREfast user guide.
LIST	Writes the defect log to the console.
RESET	Removes all existing defects from the defect log.
VIEW	Displays the user interface for the PREfast defect log.

PerfMon

PerfMon allows you to open a Performance console configured with settings files from Windows NT 4.0 version of Performance Monitor.

perfmon.exe [file_name] [/HTMLFILE:converted_file settings_file]

Parameters

•  .exe

Specifies the name of the file extension.

•  file_name

Specifies the name of the settings file.

•  /HTMLFILE:converted_file settings_file

Specifies the name of the converted files, and the name of the original Windows NT 4.0 settings file.

This procedure works for the following types of Windows NT 4.0 version of Performance Monitor settings files: chart (.pmc), report (.pmr), alert (.pma), and log (.pml). To display the Windows NT 4.0 settings file in System Monitor, the system temporarily converts the file for use with Windows XP System Monitor, then discards the converted version after the console starts.

If you want to save the settings file for permanent use with System Monitor, type:

Perfmon [file_name] [/HTMLFILE:converted_file settings_file]

Where /HTMLFILE:converted_file is the name given to the converted file and settings_file is the name of the original Windows NT 4.0 settings file.

SOA

Service Oriented Architecture (SOA), at an abstract level, is an architectural style whose goal is to achieve loose coupling among interacting software agents. A service is a unit of work done by a service provider to achieve desired end results for a service consumer.

SOA is a software architecture where functionality is grouped around business processes and packaged as interoperable services. It also describes IT infrastructure which allows different applications to exchange data with one another as they participate in business processes. The aim is a loose coupling of services with operating systems, programming languages and other technologies which underlie applications. SOA separates functions into distinct units, or services, which are made accessible over a network in order that they can be combined and reused in the production of business applications. These services communicate with each other by passing data from one service to another, or by coordinating an activity between two or more services.

VSS is Volume Shadow Copy Service

The Volume Shadow Copy Service (VSS) is a set of COM APIs that implements a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. It provides the backup infrastructure as well as a mechanism for creating consistent point-in-time copies of data known as shadow copies. It can produce consistent shadow copies by coordinating with business applications, file-system services, backup applications, fast-recovery solutions, and storage hardware. VSS provides a consistent interface that allows coordination between user applications that update data on disk (writers) and those that back up applications (requesters).

The Volume Shadow Copy Service (VSS) captures and copies stable images for backup on running systems, particularly servers, without unduly degrading the performance and stability of the services they provide. The VSS service starts on demand; therefore, for VSS operations to be successful, this service must be enabled.

Though largely transparent to user and developer, VSS does the following:

•  Coordinates activities of providers, writers, and requesters in the creation and use of shadow copies.
•  Furnishes the default system provider.
•  Implements low-level driver functionality necessary for any provider to work.

There are two methods for creating shadow copies: making either a complete copy (a full copy or clone) or copying only the changes to the volume (a differential copy or copy-on-write). Each method results in two data images - the original volume and the shadow copy volume. The functional difference between the two is that the original volume maintains full read/write capabilities, whereas the shadow copy volume is read-only. This read-only status ensures that the shadow copy volume remains a point-in-time copy until its status is changed by the administrator for a specific purpose.

Keywords of VSS:
Volume Shadow Copy Service	A service that coordinates various components to create consistent shadow copies of one or more volumes.
Requestor	An application that requests that a volume shadow copy be taken. A backup application is an example.
Writer	A component of an application that stores persistent information on one or more volumes that participate in shadow copy synchronization. Typically, this is a database application like SQL Server or Exchange Server, or a system service like Active Directory.
Provider	A component that creates and maintains the shadow copies. Examples are the system provider included with the operating system and the hardware providers included with storage arrays.
Source volume	The volume that contains the data to be shadow copied.
Storage volume	The volume that holds the shadow copy storage files for the system copy-on-write software provider.

Generics - A new feature in CLR and C# version 2.0

The .NET Framework 2.0 introduces generics to allow you to create flexible, reusable code. Language features collectively known as generics act as templates that allow classes, structures, interfaces, methods, and delegates to be declared and defined with unspecified or generic type parameters instead of specific types. Actual types are specified later when the generic is used. The new System.Collections.Generic namespace provides support for strongly typed collections. System.Nullable is a standard representation of optional values.

Use generic types to maximize code reuse, type safety, and performance. The most common use of generics is to create collection classes. You can create your own generic interfaces, classes, methods, events and delegates. Generic classes may be constrained to enable access to methods on particular data types.

E.g.

Stack - Represents a variable size last-in-first-out(LIFO) collection of instances of the same arbitrary type.

Stack numbers = new Stack();

numbers.Push("One");

numbers.Push("Two");

numbers.Push("Three");

numbers.Push("Four");

// A stack can be enumerated without disturbing its contents.

foreach (string number in numbers)

{

      Console.WriteLine(number);

}

Information on the types used in a generic data type may be obtained at run-time by means of reflection.

SAN is Storage Area Network

Storage area network (SAN) is a high-speed sub-network of shared storage devices. It contains nothing but disks for storing data. A SAN's architecture works in a way that makes all storage devices available to all servers on a LAN or WAN. It is an architecture to attach remote computer storage devices such as disk arrays, tape libraries, etc. to servers such that the devices appear as locally attached to the operating system. Because stored data does not reside directly on any of a network's servers, server power is utilized for business applications, and network capacity is released to the end user.

Devices on the SAN are normally connected together through a special kind of switch, called a Fiber Channel switch, which performs basically the same function as a switch on an Ethernet network, in that it acts as a connectivity point for the devices. Because Fiber channel is a switched technology, it is able to provide a dedicated path between the devices in the fabric so that they can utilize the entire bandwidth for the duration of the communication.

Sharing storage usually simplifies storage administration and adds flexibility since cables and storage devices do not have to be physically moved to move storage from one server to another. Other benefits include the ability to allow servers to boot from the SAN itself. This allows for a quick and easy replacement of faulty servers since the SAN can be reconfigured so that a replacement server can use the LUN of the faulty server.

SANs also tend to enable more effective disaster recovery processes. A SAN could span a distant location containing a secondary storage array. This enables storage replication either implemented by disk array controllers, by server software, or by specialized SAN devices.

ClickOnce

ClickOnce is a deployment technology that enables you to create self-updating Windows-based applications that can be installed and run with minimal user interaction. ClickOnce deployment overcomes three major issues in deployment:

•  Difficulties in updating applications

-          With Microsoft Windows Installer deployment, whenever an application is updated, the user must reinstall the whole application.

-          With ClickOnce deployment, you can provide updates automatically. Only those parts of the application that have changed are downloaded, and then the full, updated application is reinstalled from a new side-by-side folder.

•  Impact to the user's computer

-          With Windows Installer deployment, applications often rely on shared components, with the potential for versioning conflicts.

-          With ClickOnce deployment, each application is self-contained and cannot interfere with other applications.

•  Security permissions

-          Windows Installer deployment requires administrative permissions and allows only limited user installation.

-          ClickOnce deployment enables non-administrative users to install and grants only those Code Access Security permissions necessary for the application.

Developers chose Web applications instead of Windows-based applications, sacrificing the rich user interface and responsiveness of Windows Forms for ease of installation. But now, by using applications deployed using ClickOnce, you can have the best of both technologies.

Simple definition of a ClickOnce application is: any Windows Presentation Foundation, Windows Forms, or console application published using ClickOnce technology. Salient features include:

•  You can publish a ClickOnce application in three different ways: from a Web page, from a network file share, or from media such as a CD-ROM. A ClickOnce application can be installed on an end user's computer and run locally even when the computer is offline, or it can be run in an online-only mode without permanently installing anything on the end user's computer.
•  ClickOnce applications can be self-updating; they can check for newer versions as they become available and automatically replace any updated files.
•  Because ClickOnce applications are isolated, installing or running a ClickOnce application cannot break existing applications. ClickOnce applications are self-contained; each ClickOnce application is installed to and run from a secure per-user, per-application cache. By default, ClickOnce applications run in the Internet or Intranet security zones. If necessary, the application can request elevated security permissions.