Windows Develop Bookmark and Share   
 index > Windows Forms General > remote winforms deployment security
 

remote winforms deployment security

I need to deploy a winforms application to users in another company. Best bet so far seems to be ClickOnce and to comply with their security procedures it will be online only with minimum permissions.

But I need to authenticate the users - without touching any part of the customers network, or the PC that the application is running on.

Is it possible to use ASP forms authentication from a winforms app? Or does anyone have other suggestions?

Regards

Mark

mharvey1  Sunday, August 19, 2007 8:02 PM

Hi,first I will confirm my understandingof the issue with you,if there is any misunderstanding or inconsistency,please let me know.You want to ensure that your application will run with the appropriate permissions.

If you want to control which deployments each user can access, you should not allow anonymous access to ClickOnce applications deployed on a Web server. Rather, you would allow users access to the deployments you have installed based on a user's identity (using Windows NT authentication).

If you deploy to an environment without Windows NT authentication, a possible solution could be to attempt using ASP.NET form-based authentication to authenticate the user. However, ClickOnce does not support forms-based authentication because it uses persistent cookies; these present a security risk because they reside in the Internet Explorer cache and can be hacked. Therefore, if you are deploying ClickOnce applications, any authentication scenario besides Windows NT authentication is unsupported.

For more information,please check following link

http://msdn2.microsoft.com/en-us/library/76e4d2xw.aspx

Hope it helps

Gavin Jin - MSFT  Friday, August 24, 2007 3:26 AM

Hi,first I will confirm my understandingof the issue with you,if there is any misunderstanding or inconsistency,please let me know.You want to ensure that your application will run with the appropriate permissions.

If you want to control which deployments each user can access, you should not allow anonymous access to ClickOnce applications deployed on a Web server. Rather, you would allow users access to the deployments you have installed based on a user's identity (using Windows NT authentication).

If you deploy to an environment without Windows NT authentication, a possible solution could be to attempt using ASP.NET form-based authentication to authenticate the user. However, ClickOnce does not support forms-based authentication because it uses persistent cookies; these present a security risk because they reside in the Internet Explorer cache and can be hacked. Therefore, if you are deploying ClickOnce applications, any authentication scenario besides Windows NT authentication is unsupported.

For more information,please check following link

http://msdn2.microsoft.com/en-us/library/76e4d2xw.aspx

Hope it helps

Gavin Jin - MSFT  Friday, August 24, 2007 3:26 AM

You can use google to search for other answers

Custom Search

More Threads

• ToolStripButton as Radio buttons - how to make it clear which is selected
• How to get the width of a TAB character
• Applicatio name doesn't appear in the open with dialog
• Wants Mdi behaviour on Forms, but cannot set them to MDI
• Error during form closing event
• Progress bar.... multi threading???
• sendkeys (or another method) to an inactive window?
• Using Objects with Forms
• How do I have richtext dublicate in a new tab?
• DateTimePicker: editing position
Home          Copyright 2009-2010 by windowsdevelop.com All rights reserved