Re: ClickOnce security?



Thanks Joe, don't mean to put you on the spot but what are you thoughts on
ClickOnce from a security perspective in that are there any specific risks
to consider besides the Firefox issue which we mainly have our users on IE?


"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OJI3U3xuKHA.5812@xxxxxxxxxxxxxxxxxxxxxxx
You should be able to use whatever authentication you want. If you want to
require authentication to allow the files to download, you should be able
to use that. You can use IWA with HTTP or HTTPS. There may be something
subtle about how clickonce works here but generally speaking, this applies
to any resource you download from a web site. The clickonce files are
still just HTTP payload.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
"7777" <NoSpam@xxxxxxxxxx> wrote in message
news:OPxalKwuKHA.6140@xxxxxxxxxxxxxxxxxxxxxxx
What would be the Authentication Method in the Directory Security tab
setting in IIS 6.0 for the folder to be to utilize ClickOnce? Is it
correct that the 'Integrated Windows authentication' setting doesn't work
via HTTP/HTTPS?





"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eVOiYxqtKHA.4636@xxxxxxxxxxxxxxxxxxxxxxx
ClickOnce apps are typically distributed via HTTP (you download the code
from a web site) but it doesn't necessarily execute via HTTP. It runs
locally. You can deploy these on SSL endpoints if you wish.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
"7777" <NoSpam@xxxxxxxxxx> wrote in message
news:%23holCjCtKHA.1796@xxxxxxxxxxxxxxxxxxxxxxx
We have a consultant requesting to utilize ClickOnce and configure
things
in that direction for client updates and was wondering how safe it is as
we're unfamiliar with this technology. You mention it executes via HTTP
in that would it be able to do it through HTTPS for higher sensitive
apps/updates? Thanks Joe.


"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uVREqGCtKHA.5936@xxxxxxxxxxxxxxxxxxxxxxx
ClickOnce is primarily a technology for deploying apps that execute on
the desktop, typically via an HTTP-based distro point. It is not
generally about building ASP.NET apps although you can write ClickOnce
apps that interact with it.

Silverlight is getting a lot more attention these days as a client-side
executable framework though.

What are you trying to do?

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
"7777" <NoSpam@xxxxxxxxxx> wrote in message
news:%23bOGqiAtKHA.5940@xxxxxxxxxxxxxxxxxxxxxxx
Hello, sorry if this is wrong area and novice question so is ClickOnce
mainly for deploying asp.net apps and would anyone know of or can
mention any security risks when using Windows Authentication? Thanks
in
advance.








.



Relevant Pages

  • Re: ClickOnce security?
    ... If you want to require authentication to allow the files to download, you should be able to use that. ... The clickonce files are still just HTTP payload. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Calling NetUserGetInfo from ASP.NET app
    ... I mostly do delegation stuff with ... HTTP, SQL and and LDAP. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Help encrypt conn string - no ASP, no server, cant protect keys, cant use Windows Authentica
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I also considered putting it in the normal location in the registry as ... Installer property with the result and your installer can then just ...
    (microsoft.public.dotnet.security)
  • Re: Help encrypt conn string - no ASP, no server, cant protect keys, cant use Windows Authentica
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... also considered putting it in the normal location in the registry as you ... Installer property with the result and your installer can then just ...
    (microsoft.public.dotnet.security)
  • Re: Getting GROUPS from Active Directory by inputing an AD username
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services ... DirectoryEntry searchRoot = new DirectoryEntry( ... generate a WindowsIdentity for a user and get their groups. ...
    (microsoft.public.dotnet.framework.aspnet.security)