|
Hi,
I have a problem with the authentication part in the ClickOnce application. I have created a ASP.NET web application to protect (using Form based authentication) the download of ClickOnce application. But this authentication mechanism is not properly working in the deployment environment. I can bypass my authentication and download the ClickOnce application. Further, my ClickOnce application and deployment server both are not in same Windows domain.
Please help me how to protect the ClickOnce application for the above scenario and also how manage subsequent updates using direct shortcut.
Thanks in advance
Anslum | | Anslum Sunday, June 28, 2009 11:50 PM | Hi Anslum,
ClickOnce doesn't well support for authentication to restrict user. I think you are refer to this document and use the ASP.NET form based authentication.
http://msdn.microsoft.com/en-us/library/76e4d2xw(VS.80).aspx
As the article say, "Therefore, if you are deploying ClickOnce applications, any authentication scenario besides Windows NT authentication is unsupported." In this case, I think you'd better not mark your ClickOnce appliation check update. Once you release a new version, tell your user to login to your web site to click the install button to update to the new version.
Sincerely,
Kira Qian
Please mark the replies as answers if they help and unmark if they don't.- Marked As Answer byKira QianMSFT, ModeratorFriday, July 03, 2009 6:21 AM
-
| | Kira Qian Tuesday, June 30, 2009 7:33 AM | Hi Anslum,
ClickOnce doesn't well support for authentication to restrict user. I think you are refer to this document and use the ASP.NET form based authentication.
http://msdn.microsoft.com/en-us/library/76e4d2xw(VS.80).aspx
As the article say, "Therefore, if you are deploying ClickOnce applications, any authentication scenario besides Windows NT authentication is unsupported." In this case, I think you'd better not mark your ClickOnce appliation check update. Once you release a new version, tell your user to login to your web site to click the install button to update to the new version.
Sincerely,
Kira Qian
Please mark the replies as answers if they help and unmark if they don't.- Marked As Answer byKira QianMSFT, ModeratorFriday, July 03, 2009 6:21 AM
-
| | Kira Qian Tuesday, June 30, 2009 7:33 AM | Hi Kira Qian,
Thanks for the reply, can I use cookiless form based authentication with the Clickonce application. If yes please guid me.
Thanks
Anslum | | Anslum Thursday, July 09, 2009 11:59 PM | Hi Anslum,
ClickOnce does not support forms-based authentication(not ASP.NET form-based authentication) because it uses persistent cookies; these present a security risk because they reside in the Internet Explorer cache and can be hacked.
Here is another sample show you how to use ASP.NET Forms authentication in ClickOnce deployment.
http://www.codeproject.com/KB/web-security/ClickOnceFormsAuth.aspx?display=Print
Sincerely,
Kira Qian
Please mark the replies as answers if they help and unmark if they don't. | | Kira Qian Friday, July 10, 2009 2:07 AM |
|
index > ClickOnce and Setup & Deployment Projects > ClickOnce Deployment with Form Based Authentication