Hi,
I work for a company that produces a commercial product and we’re currently trying to deliver a solution that will allow some of our larger customers the ability to distribute the client side of our application via ClickOnce.
The intention is that our customers would deploy the ClickOnce installation to a network share and then send out a link to the application manifest to clients via email or some other means.
We’ve been able to successfully integrate the production of the ClickOnce install into our automated build (using the Mage command line tools), and we can then successfully run the actual installation on a client machine. However, after installing and launching, our application throws a SecurityException at runtime, because it’s being denied access to the FileIOPermission. Our application requires FullTrust permissions, but it seems that if the executing assembly’s CodeBase location is a network share, you are only granted LocalIntranet permissions (which don’t include the FileIOPermission).
There is an article here that seemingly indicates that this is quite a common problem: http://blogs.msdn.com/shawnfa/archive/2004/12/30/344554.aspx
A workaround is provided in this article using the CasPol tool, but we would have to run this on every single client machine in the deployment environment. That’s not really a problem in itself, it’s more the fact that you require admin rights on the client machine to perform what’s being done with the CasPol tool, and the majority of clients in our customer’s environment won’t have these privileges.
An article has also been published on the same blog that seems to imply that the need for running the CasPol fix has been alleviated with the release of .NET 3.5 SP1: http://blogs.msdn.com/shawnfa/archive/2008/05/12/fulltrust-on-the-localintranet.aspx
However, I modified our application to specifically target the SP1 release of the framework as detailed in this article: http://msdn.microsoft.com/en-us/library/bb398202.aspx#
After doing this, we still encountered the same SecurityException. So I then applied some specific SP1 ClickOnce settings as detailed in the article, but still no joy. If I launch the application directly from the publishing network share I’m granted the permissions, it seems to be only from within the context of ClickOnce that we are refused them.
Has anybody else run into issues similar to these? I would have thought if there was a problem in the SP1 release of the framework with respect to these permissions somebody else would have noticed it before us as we’ve not even shipped a ClickOnce solution yet.