Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Use ClickOnce on password protected web site

I am using ClickOnce to distribute an application from a website URL. The application has a few merge modules such as ADO ActiveSync that requires the ClickOnce installer to download the dependecy.

If I password protect the URL, the user can log in and start the Click Once process using the publish.htm page. The process fails when it tries to download the dependecy files since ClickOnce is not supplying the authentication information. Is there a setting I can use so that ClickOnce can log back into the website it was just started from and download the merge modules?

I don't really care if the username/password is stored in the XML config files in plain text. I just want to stop anyone in the world from downloading the app.

like image 355
Kenoyer130 Avatar asked Dec 19 '10 16:12

Kenoyer130


People also ask

Is ClickOnce still supported?

ClickOnce is old technology no longer supported by Microsoft.

When should I use ClickOnce?

ClickOnce Publish properties are used to specify when and how often the application should check for updates. Update behavior can be specified in the deployment manifest, or it can be presented as user choices in the application's user interface by means of the ClickOnce APIs.

How do I enable ClickOnce security settings?

To enable ClickOnce security settings With a project selected in Solution Explorer, on the Project menu, click Properties. Click the Security tab. Select the Enable ClickOnce Security Settings check box. You can now customize the security settings for your application on the Security page.

How do you add prerequisites to a ClickOnce application?

To specify prerequisites to install with a ClickOnce application. With a project selected in Solution Explorer, on the Project menu click Properties. Select the Publish pane. Click the Prerequisites button to open the Prerequisites dialog box.


1 Answers

You cannot use forms authentication with ClickOnce deployment.

ClickOnce does not support forms-based authentication because it uses persistent cookies; these present a security risk because they reside in the Internet Explorer cache and can be hacked. Therefore, if you are deploying ClickOnce applications, any authentication scenario besides Windows NT authentication is unsupported. MSDN for ClickOnce Deployment and Security

If you want more control over your distribution system you might consider a third party solution. I have used AppLife Update and enjoyed the flexibility it game me. But there are other 3rd party solutions out there.

There is an excellent StackOverflow question about alternatives to ClickOnce over here: Alternatives to ClickOnce

like image 52
BenSwayne Avatar answered Oct 25 '22 20:10

BenSwayne