What are mechanisms to protect the manifest url created to launch the ClickOnce application (online only). e.g. http://www.myworld.com/myapp/OnlineClkOns.application?param1=4579087786575 Option i have to generate this URL on the fly and also have a check within the application to ensure not more than one instance of the application is running.
This solution although not very elegant, does cover the security aspects. want to hear if any better alternatives to restrict the (human) url hijacking. thnx
UPDATE: I do not wish any user to simply copy the url and use it else where. The URL should be accessed only via a authenticated site. I am trying to evaluate the clientapplication services in .net 3.5 which allow smart clients to use Forms based authentication, although that does not solve the problem completely.