Re: How to securely publish a Click Once application
- From: "Julie Lerman" <jlerman@xxxxxxxxxxxxxxx>
- Date: Wed, 8 Feb 2006 08:28:59 -0500
fyi: this is the official word (from the msdn documentation) on deploying
click once securely:
"Therefore, if you are deploying offline applications (ClickOnce deployments
in which you enable The application is available offline as well (launchable
from Start menu) on the Publish page), any authentication scenario besides
Windows NT authentication is unsupported. An acceptable solution would be to
allow any user to install the application, but have the client application
authenticate the user by means of Web services at activation."
I will, however, figure out how to do it with forms authentication! :-)
"Julie Lerman" <jlerman@xxxxxxxxxxxxxxx> wrote in message
news:e55qBwsKGHA.208@xxxxxxxxxxxxxxxxxxxxxxx
just a quick update.
I'm stuck on the problem of the .exe and .application files not being
protected by ISAPI. So even with using forms auth to get to the publishing
page working properly, it is possible to browse directly to the setup.exe
and app.application files without being authenticated.
I have tried to map those extensions, but htere is something not working
with that process - even for a .GIF file.
I'll be back...
julie
"Julie Lerman" <jlerman@xxxxxxxxxxxxxxx> wrote in message
news:Oo6lSzmKGHA.1508@xxxxxxxxxxxxxxxxxxxxxxx
I'm in the process of trying to do ClickOnce deployment/updates using
forms authentication. That way you can still have the website use
anonymous access for the updates
I will post back my results.
I have not been able to find anything via google where anyone talks about
this or gives examples.
I have also done an in-house only deployment using Integrated
Authentication. I wrote up how I did this along with gotchas on my blog.
http://www.thedatafarm.com/blog/PermaLink.aspx?guid=3d77e65b-4367-4408-b230-ce609fe9ed88
be sure to see the "Update about 2 hours later" at the bottom of the post
.
julie lerman
"Rodney" <RodneyL@xxxxxxxxxxxxxx> wrote in message
news:OCEZPDRKGHA.604@xxxxxxxxxxxxxxxxxxxxxxx
I want to provide a small Click Once application to a small number of
selected users, when the application is published on an otherwise public
web
server (I don't want everyone to have access to my application).
My first solution was to setup a virtual directory (the publish
location)
with "Anonymous Access" turned off - setting up a special username and
password for it which I give to my selected users.
The users then 'log on' to the initial install page, and install the
application. However, subsequent running of the application should
check
for any updates - but because the update location doesn't allow
anonymous
access, the application fails to log on and assumes that its offline, so
continues to use the initial version, never downloading any updates.
What am I missing? How can you securely publish a Click Once
application to
a public website?
.
- Follow-Ups:
- Re: How to securely publish a Click Once application
- From: Julie Lerman
- Re: How to securely publish a Click Once application
- From: news.microsoft.com
- Re: How to securely publish a Click Once application
- References:
- How to securely publish a Click Once application
- From: Rodney
- Re: How to securely publish a Click Once application
- From: Julie Lerman
- Re: How to securely publish a Click Once application
- From: Julie Lerman
- How to securely publish a Click Once application
- Prev by Date: Console.ReadLine Abort
- Next by Date: Re: .net framework 2.0 network installation
- Previous by thread: Re: How to securely publish a Click Once application
- Next by thread: Re: How to securely publish a Click Once application
- Index(es):
Relevant Pages
|
