Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Password protected .NET ClickOnce deployment?

How can I protect a ClickOnce deployed application with a password? Do I have to change the IIS settings of the web or is there a way to do it programmatically? I'm using Visual Studio 2005 (.NET 2.0).

If I have to use web credentials, are auto-updates of the application still possible?

Would be great if you could provide some sample code or detailed instructions for administering IIS.

Thank you!

like image 336
splattne Avatar asked Oct 12 '08 12:10

splattne


People also ask

Is ClickOnce still supported?

ClickOnce and DirectInvoke in Microsoft Edge | Microsoft Learn. This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Does ClickOnce require admin rights?

ClickOnce applications are fundamentally low impact. Applications are completely self-contained & install per-user, meaning no-admin rights are required.

Is ClickOnce secure?

ClickOnce applications which does not require additional machine access (such as file access, network access, ...) can be designed. Such applications will run within a secure sandbox maintained by . NET, and will never be able to access machine/network resources.

How do I enable ClickOnce security settings?

To enable ClickOnce security settings With a project selected in Solution Explorer, on the Project menu, click Properties. Click the Security tab. Select the Enable ClickOnce Security Settings check box. You can now customize the security settings for your application on the Security page.


2 Answers

I found a possible solution by myself in this MSDN article: ClickOnce Deployment and Security.

ASP.NET Form-Based Authentication

If you want to control which deployments each user can access, you should not enable anonymous access to ClickOnce applications deployed on a Web server. Rather, you would enable users access to the deployments you have installed based on a user's identity (using Windows NT authentication).

If you deploy to an environment without Windows NT authentication, a solution could be to try using ASP.NET form-based authentication to authenticate the user. However, ClickOnce does not support forms-based authentication because it uses persistent cookies; these present a security risk because they reside in the Internet Explorer cache and can be hacked. Therefore, if you are deploying ClickOnce applications, any authentication scenario besides Windows NT authentication is unsupported.

Passing Arguments

An additional security consideration occurs if you have to pass arguments into a ClickOnce application. ClickOnce enables developers to supply a query string to applications deployed over the Web. The query string takes the form of a series of name-value pairs at the end of the URL used to start the application:

http://servername.adatum.com/WindowsApp1.application?username=joeuser

By default, query-string arguments are disabled. To enable them, the attribute trustUrlParameters must be set in the application's deployment manifest. This value can be set from Visual Studio and from MageUI.exe. For detailed steps on how to enable passing query strings, see How to: Retrieve Query String Information in a ClickOnce Application.

You should never pass arguments retrieved through a query string to a database or to the command line without checking the arguments to make sure that they are safe. Unsafe arguments are ones that include database or command line escape characters that could allow a malicious user to manipulate your application into executing arbitrary commands.

Note: Query-string arguments are the only way to pass arguments to a ClickOnce application at startup. You cannot pass arguments to a ClickOnce application from the command line.

like image 118
splattne Avatar answered Oct 04 '22 10:10

splattne


I'm not sure it can be done. I may be wrong, but I didn't think that would work. Apart from anything else, even if your user puts in their credentials to get the .application, the runtime then does separate downloading, for which it needs anonymous access.

If you want to protect the client so much, you may have to come up with a different way of deploying it.

like image 38
Marc Gravell Avatar answered Oct 04 '22 10:10

Marc Gravell