I've built and successfully deployed a ClickOnce application. The repository url is at http://mywebsite.com/Install
The application successfully updates when needed, and everything works fine.
However, I don't like the fact than everybody on the internet can access the files freely (even if he's not one of my customers)
Since I have only a small number of clients (huge corporations), I've restricted the access to my client IPs using a .htaccess file as follows :
AddType application/x-ms-application application
AddType application/x-ms-manifest manifest
AddType application/octet-stream deploy
<LIMIT GET POST>
order deny,allow
deny from all
allow from 1.2.3.4
allow from 5.6.7.8
....
....
</LIMIT>
Unfortunately, this solution is not automated, and doesn't work well with mobile users.
How do you deal with this situation?