ClickOnce security?

7

7777

Hello, sorry if this is wrong area and novice question so is ClickOnce
mainly for deploying asp.net apps and would anyone know of or can mention
any security risks when using Windows Authentication? Thanks in advance.
 
J

Joe Kaplan

ClickOnce is primarily a technology for deploying apps that execute on the
desktop, typically via an HTTP-based distro point. It is not generally about
building ASP.NET apps although you can write ClickOnce apps that interact
with it.

Silverlight is getting a lot more attention these days as a client-side
executable framework though.

What are you trying to do?
 
7

7777

We have a consultant requesting to utilize ClickOnce and configure things in
that direction for client updates and was wondering how safe it is as we're
unfamiliar with this technology. You mention it executes via HTTP in that
would it be able to do it through HTTPS for higher sensitive apps/updates?
Thanks Joe.
 
J

Joe Kaplan

ClickOnce apps are typically distributed via HTTP (you download the code
from a web site) but it doesn't necessarily execute via HTTP. It runs
locally. You can deploy these on SSL endpoints if you wish.
 
J

Joe Kaplan

You should be able to use whatever authentication you want. If you want to
require authentication to allow the files to download, you should be able to
use that. You can use IWA with HTTP or HTTPS. There may be something subtle
about how clickonce works here but generally speaking, this applies to any
resource you download from a web site. The clickonce files are still just
HTTP payload.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
What would be the Authentication Method in the Directory Security tab
setting in IIS 6.0 for the folder to be to utilize ClickOnce? Is it correct
that the 'Integrated Windows authentication' setting doesn't work via
HTTP/HTTPS?
 
7

7777

Thanks Joe, don't mean to put you on the spot but what are you thoughts on
ClickOnce from a security perspective in that are there any specific risks
to consider besides the Firefox issue which we mainly have our users on IE?
 
J

Joe Kaplan

I don't think I have a very well-considered opinion about this. I'm not
aware of any specific security issues related to ClickOnce. You'd probably
be better off researching some blogs that focus in that space. I'm also not
sure when one typically considers ClickOnce vs. Silverlight these days as a
delivery vehicle.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
474,056
Messages
2,570,446
Members
47,098
Latest member
harrysmith

Latest Threads

Top