Internet zone
Hi,
I have problems with applications deployed using ClickOnce from the Internet zone.
I have created a sample application (just a form with a button that makes an illegal operation in this zone - looks if a file exists).
http://www.valil.com/TestExpress/TestExpress.zip
I have set the zone to Internet and I have deployed it on the web server. When I try to run it, I get the message "Application has been blocked ..." (the message you get when you try to run a full trust application).
I must mention that my website has the problem from this thread ("Problems with MIME settings at the hosting provider") so the deployment manifest has the extension .app instead of .application.
Regards,
Valentin
This is most likely because you don't have a trusted (authenticode) certificate. As a security precaution, you cannot install a ClickOnce app over the Internet without a trusted cert being used to sign the deployment. By default at design time, Visual Studio creates a test certificate for you and uses this. This works in local intranets (but will prompt). You can not use it for Internet deployments unless its trusted.
OK, I have thought that if the app doesn't require for permissions outside Internet zone (like no local IO, only SafeTopLevelWindows etc.) and it is deployed from the Internet zone it will not require a trusted certificate ... it seems I am wrong.
Thank you,
Valentin
For Beta 2 anything that needs to "Prompt" is blocked in the internet zone unless signed by a Known Publisher. Because even a limited trust Installed app has to install to disk it has to prompt while a limited trust online app can install fine.
However this restriction has been relaxed and for RTM the Internet behavior will be pretty much like Intranet where unknown publisher apps can also prompt. (this is subject to change of course).
I haven't verified this but, I believe one work-around in the mean time is to to add the site to the ‘trusted sites’ list.
Thank you for the clarifications.
Yes, it is working by adding to trusted sites list.
Regarding the ClickOnce settings for Internet zone, I am in favor of tighter security and I like the idea of blocking anything that needs a prompt in the Internet zone.
