ClickOnce and Forms Authentication – you’ve got to be kidding me!

dotNET

What do you think is going to be the most likely need for ClickOnce?

Deploying apps to anyone in the world? Not for me, I write custom apps for my client.

Deploying apps on the intranet? Sure, but we have had a very simple hack for that for a long time.

C’mon, think smart client….

Yep – deploying apps to users on the go over the web.

I need ClickOnce to work for mobile workers who need to be able to install and update their company’s custom software.

And what’s the best way to do this? You would think it was Forms Authentication. That’s what I want to use. Not all of these people have windows accounts or will be using VPN. But they do have logins to get to the company portal, fill out their timesheets online, etc. Additionally, we are already using web services as the back end to their smart-client applications so that they can do their work over HTTP.

But guess what – sure I have had two years to discover this, but I am just coming up for air on this one now – Forms Authentication is not supported for Click Once. See this msdn document.

Their suggestion? Just let anyone in the whole world download your client’s application and then use web service based authentication (which I just happen to already have built into this smart client app) to make sure they can’t use it.

No no no no no.  I do not think this would make my client very happy at all.

So I am struggling wtih hacking this together. The forms authentication works just great for accessing the installation page, but setup.exe and myapp.application are not protected by forms authentication. Anyone can browse right to them.

Next step is to feed them to ISAPI for this web app, which for some reason I can’t get to work yet.

I’m sure there have already been many discussions and rants about this problem but I have been focused on other things and am pretty late to the game.

Web deployment has become my a#1 pet peeve with .NET. I have been trying to use it since it was called zero touch deployment. ClickOnce is supposed to be my savior and I have ported their app to VS2005 just for ClickOnce. I won’t give up, but I might have to rant and rave every so often as I get this to work for me.

Don’t Forget: www.acehaid.org

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!  

One thought on “ClickOnce and Forms Authentication – you’ve got to be kidding me!

Leave a Reply to Leandro de los Santos Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.