ClickOnce deployment security on the Internet

  • Thread starter Thread starter Thirsty Traveler
  • Start date Start date
T

Thirsty Traveler

We have a TabletPC application used by remote, roaming users who only have
Internet access. We would like to place the deployment site on our Internet
so they will be able to apply updates, however the issue of security for
ClickOnce seems not to have been considered by Microsoft for some odd reason
(considering that Microsoft has, in theory, become so security conscience
these days). For example, we would like the users to be authenticated prior
to applying updates. This can be somewhat dicey because we do not have AD
for our internal network users in the DMZ, even if it could be done at all
(which appears to not be the case).

Has anyone faced this issue and, if so, how did you go about solving it?
 
Nope, we use AD to enforce this stuff. That said,
if you open up the default.htm generated by
clickonce, you'll see it ain't doing a whole lot.

You could easily do away with default.htm
and replace it with a .asp or .aspx page
that incorporates your own authentication.

You'd have to tweak stuff to hide the folders and
files. But, it could definitely be done.

P.S. I think MS is really heavily on AD if
you want something like this locked down.

You could also make the site only accessible
from inside your network.
 
I would prefer to limit it to the inside network, but unfortunetly our
TabletPC's are being used by remote staff throughout the country. For SOX
reasons, we are not allowed to give them VPN access to our internal network.
 
Thirsty said:
I would prefer to limit it to the inside network, but unfortunetly our
TabletPC's are being used by remote staff throughout the country. For SOX
reasons, we are not allowed to give them VPN access to our internal network.
Click to expand...

I have to ask; what specifically in SOX disallows you from giving VPN
access to your internal network? It would seem rather odd that SOX
suddenly makes the use of VPN illegal...
 
It is not illegal, but VPN access is tightly controlled and much more
difficult to get approval.
 
Back
Top