ClickOnce – still fighting with web deployment after 4 years

I’m experimenting with a simple .NET 2.0 WinForms application and ClickOnce and still, as is my destiny, banging my head on the wall.

My latest frustration (while trying to use all of the built-in automated functionality) is trying to limit who has access to the downloads.

For a particular application, we only want it to run in-house on the intranet, yet our webserver is exposed to the www. Windows Authentication sounds like a good solution, but it doesn’t work if you are trying to deploy requirements in addition to the main application.

If I have the IIS properites of the deployment site set to allow anonymous users, everything works peachy-keen. However if I use integrated authentication and no anonymous users, I’m going around in circles and getting “access denied” errors which are buried in a log file (not something I want my users to deal with). If I pre-install the prerequisites manually (.net 2.0, etc.),then I can install the application from the “launch” hyperlink.

I can’t believe that I am still in this hole and trying to out-think the available tools to get what I want. Is it so unusual to not want the entire world to have access to my client’s applications?

There is an msdn document called Server Configuration Issues in ClickOnce Deployments which addresses the authentication problem directly.

Server Authentication Issues

When you publish to a remote server that has “Anonymous Access” turned off, you will receive the following warning:

“The files could not be downloaded from http://<remoteserver>/<myapplication>/.The remote server returned an error: (401) Unathorized.”

You can make NTLM (NT challenge-response) authentication work if the site prompts for credentials other than your default credentials, and, in the security dialog box, you click OK when you are prompted if you want to save the supplied credentials for future sessions. However, this same workaround will not work for basic authentication.

But even after following the above recommendation (where I have turned off anonymous access and selected integrated authentication, and am then prompted to log in) I can’t follow through a full setup with requisites and the application. I have already described the result above.

Now I have the choice between just figuring out my own solution to this (not using the automatically generated publish page and building my own page for downloading some things anonymously and some things securely) or continuing to google endlessly to see if anyone else has dealt with this seemingly commonplace scenario.

Sadly this is just a tiny little exe and this down-the-toilet-again-weekend is making me more worried about getting my big multi-layered app working with ClickOnce.

Update about 2 hours later: After venting (in this blog post 🙂 ) I came up with a solution that is somewhat clunky but does the trick for now. I am modified the publish.htm in the following way:

  1. For the .NET 2.0 requirement, I put a hyperlink to the Microsoft’s .NET 2.0 x86 redistributable download page.
  2. For the crystal reports .net 2.0 msi, I put a hyperlink to the msi on our web server.
  3. I changed the Install button to point to myapp.application, instead of setup.exe. Setup.exe tries to install the requirements.
  4. I wrote text for #1 and #2 to explain to the users how to determine if .NET 2.0 or crystal reports needs to be installed, how long it might take and that this only needs to be done once on their computer.

I also had to muck with proxies on the machines on the intranet. They get at the web through isa-server. So for the local link to publish.htm and the msi for crystal, everything was okay. With the isa-server proxy set up for non-local sites, the microsoft link was okay. But even with “don’t use proxy for local urls”, I couldn’t get the myapp.application to install. Therefore, I had to explicitly put the ip address of intranet web-server into the exceptions list on the Advanced page for the proxy settings. What I’m talking about here is in Internet Explorer/ Tools / Internet Option / Connections / LAN Settings/ “Use a Proxy Server” with my proxy info and “By Pass Proxy Server for Local Addresses” are both checked. Then click on the Advanced button and add the ip of the local web server into “exceptions”.

I have not tried this over the web yet, but remember, my goal is for intranet only installs on this application.

Don’t Forget:

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!  

One thought on “ClickOnce – still fighting with web deployment after 4 years

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.