Re: How to securely publish a Click Once application
- From: "Julie Lerman" <jlerman@xxxxxxxxxxxxxxx>
- Date: Sat, 11 Feb 2006 11:34:11 -0500
Rodney
an additional test showed that sticking everything in a protected folder
made setup unhappy. I fiddled around with it and in the end, we must leave
the folder hierarchy in tact.
Forms authentication, deny all anonymous users and the mime setting to add
non-asp.net apps to the forms authentication protection looks like the right
combination.
still testing
julie
"Julie Lerman" <jlerman@xxxxxxxxxxxxxxx> wrote in message
news:%23OxKMDeLGHA.648@xxxxxxxxxxxxxxxxxxxxxxx
I think I've got it worked out. I'm still just having one problem that is
unrelated - the server won't server up exe files over the web. I'm having
the I.T. guys see if the ISA Server is responsible.
So...
I shifted things around in the site to make life easier.
I created a folder called protected and copied the folders, the manifests
and the setup.exe into there.
I marked that folder to deny all anonymous users. Then to ensure that the
non asp.net files (eg app.application, setup.exe) would participate in
forms authentication, I added a mapping. See "Securing Non-ASP.NET Files"
in this quickstart page:
http://www.asp.net/QuickStart/aspnet/doc/tipstricks/default.aspx
It's not deployed yet, but looks like it's doing what I want.
Let me know how this works for you.
Julie
"news.microsoft.com" <RodneyL@xxxxxxxxxxxxxx> wrote in message
news:%230CD5mcLGHA.3468@xxxxxxxxxxxxxxxxxxxxxxx
Hi Julie - thanks for the info at your two blog posts:
http://www.thedatafarm.com/blog/PermaLink.aspx?guid=3d77e65b-4367-4408-b230-ce609fe9ed88
http://www.thedatafarm.com/blog/PermaLink.aspx?guid=1b54b38b-a0be-4cda-a94f-7ed24183608c
Have you had any luck with a Forms Authentication solution yet?
"Julie Lerman" <jlerman@xxxxxxxxxxxxxxx> wrote in message
news:%23QZ1XLLLGHA.2416@xxxxxxxxxxxxxxxxxxxxxxx
fyi: this is the official word (from the msdn documentation) on
deploying click once securely:
"Therefore, if you are deploying offline applications (ClickOnce
deployments in which you enable The application is available offline as
well (launchable from Start menu) on the Publish page), any
authentication scenario besides Windows NT authentication is
unsupported. An acceptable solution would be to allow any user to
install the application, but have the client application authenticate
the user by means of Web services at activation."
I will, however, figure out how to do it with forms authentication! :-)
"Julie Lerman" <jlerman@xxxxxxxxxxxxxxx> wrote in message
news:e55qBwsKGHA.208@xxxxxxxxxxxxxxxxxxxxxxx
just a quick update.
I'm stuck on the problem of the .exe and .application files not being
protected by ISAPI. So even with using forms auth to get to the
publishing page working properly, it is possible to browse directly to
the setup.exe and app.application files without being authenticated.
I have tried to map those extensions, but htere is something not
working with that process - even for a .GIF file.
I'll be back...
julie
"Julie Lerman" <jlerman@xxxxxxxxxxxxxxx> wrote in message
news:Oo6lSzmKGHA.1508@xxxxxxxxxxxxxxxxxxxxxxx
I'm in the process of trying to do ClickOnce deployment/updates using
forms authentication. That way you can still have the website use
anonymous access for the updates
I will post back my results.
I have not been able to find anything via google where anyone talks
about this or gives examples.
I have also done an in-house only deployment using Integrated
Authentication. I wrote up how I did this along with gotchas on my
blog.
http://www.thedatafarm.com/blog/PermaLink.aspx?guid=3d77e65b-4367-4408-b230-ce609fe9ed88
be sure to see the "Update about 2 hours later" at the bottom of the
post .
julie lerman
"Rodney" <RodneyL@xxxxxxxxxxxxxx> wrote in message
news:OCEZPDRKGHA.604@xxxxxxxxxxxxxxxxxxxxxxx
I want to provide a small Click Once application to a small number of
selected users, when the application is published on an otherwise
public web
server (I don't want everyone to have access to my application).
My first solution was to setup a virtual directory (the publish
location)
with "Anonymous Access" turned off - setting up a special username
and
password for it which I give to my selected users.
The users then 'log on' to the initial install page, and install the
application. However, subsequent running of the application should
check
for any updates - but because the update location doesn't allow
anonymous
access, the application fails to log on and assumes that its offline,
so
continues to use the initial version, never downloading any updates.
What am I missing? How can you securely publish a Click Once
application to
a public website?
.
- References:
- How to securely publish a Click Once application
- From: Rodney
- Re: How to securely publish a Click Once application
- From: Julie Lerman
- Re: How to securely publish a Click Once application
- From: Julie Lerman
- Re: How to securely publish a Click Once application
- From: Julie Lerman
- Re: How to securely publish a Click Once application
- From: news.microsoft.com
- Re: How to securely publish a Click Once application
- From: Julie Lerman
- How to securely publish a Click Once application
- Prev by Date: Re: Framework v2.0 - File.Copy Bug - Could someone confirm this?
- Next by Date: Re: Creating an Add-In for my own .NET App
- Previous by thread: Re: How to securely publish a Click Once application
- Next by thread: Re: How to securely publish a Click Once application
- Index(es):
Relevant Pages
|
