none
Deploying clickonce as a private blob

    Question


  • Hi,

    I am looking to deploy an application on Azure blob using ClickOnce deployment procedure. I  want access to this storage space to be restricted and only users with permission are allowed to access it. A way to do that is to make the blob storage space private and use the Azure account Primary Access key to grant access.

    The clickonce deployment works fine when the blob is given public access, however, when the blob is made private, the application is unable to start. Here is the code i have:

     

     

    StorageCredentialsAccountAndKey

     

     

    credentials = new StorageCredentialsAccountAndKey("myaccount", "mykey==");

     

     

    CloudStorageAccount account = new CloudStorageAccount(credentials, false);

     

     

    CloudBlobClient blobclient = account.CreateCloudBlobClient();

     

     

    CloudBlobContainer cloudblobcontainer = blobclient.GetContainerReference("mycontainer");

     

     

    cloudblobcontainer.CreateIfNotExist();

     

     

    BlobContainerPermissions permission = new BlobContainerPermissions();

    permission.PublicAccess =

     

    BlobContainerPublicAccessType.Off;

    cloudblobcontainer.SetPermissions(permission);

     

     

    CloudBlob blob = blobclient.GetBlobReference("<myblob>");

    Response.ContentType =

     

    "application/x-ms-application";

    Response.AddHeader(

     

    "Content-disposition", "filename=myapp.exe");

    Response.BinaryWrite(blob.DownloadByteArray());

    Response.End();

     

    Is the above approach correct ?

    Monday, August 30, 2010 3:44 PM

Answers

  • Hi Siris,

    If you look at your code, you're authenticating the request for downloading the main application file. Once the main application file is downloaded, it then requests all other files and those requests are not authenticated. I suggest that you look at the error log created by the ClickOnce installation process. You should see a 403 or 400 error which means the request is not authenticated.

    Hope this helps.

    Thanks

    Gaurav

    • Proposed as answer by DanielOdievich Tuesday, October 05, 2010 4:23 PM
    • Marked as answer by DanielOdievich Wednesday, October 06, 2010 5:38 PM
    Wednesday, September 01, 2010 3:56 PM

All replies

  • Hi Siris,

    If I am not mistaken your ClickOnce deployment actually contains many files which are referenced in your .application file. I believe what you're doing is authenticating the request against your main application file however the other files are requested by your application file which would not be authenticated and that could be the reason you're getting an error.

    If you post the actual error you're getting, then somebody here might be able to help you out.

    Hope this helps.

    Thanks

    Gaurav Mantri

    Cerebrata Software

    http://www.cerebrata.com

    Monday, August 30, 2010 6:44 PM
  • Hi Siris:

    Here is the steps to publish your ClickOnce application to Windows Azure blob storage:

    1. Publish your ClickOnce application into a folder on your local hard drive.
    2. Upload this folder to your Windows Azure blob storage.
      1. The easiest way to do this is with SpaceBlock, you can download it from here: http://www.codeplex.com/spaceblock.
      2. Please don’t forget, you can’t upload files to the root container on blob storages, so create one target container.
      3. Be sure the target container is publicly available on the blob storage. You can allow public access on the container with SpaceBlock with right clicking on the container and choose “Edit Azure Container Access..” from the context menu.

    Hope it can help you.

    More information

    http://kazinadudvari.wordpress.com/2009/06/01/how-to-deploy-clickonce-applications-to-windows-azure/

     


    Believing is Seeing
    Tuesday, August 31, 2010 5:55 AM
  • Hi Gaurav,

    Yes, you are corerct that ClickONce deployment actually contains many files which are referenced in the .application file.. I am not just authenticating the request to my main application, but I am authenticating the request to my main container which already has all these files.

    The actual error I get is: "Unable to luanch the Application. Please contact application vendor for assistance"

     

    Wednesday, September 01, 2010 3:52 PM
  • Hi Cybertron2008:

     

    I followed the same steps to deploy my application. As stated earlier, it works fine when given public access, but when I turn public access off, I get an error. One thing I do not understand is how is the file system heirarchy handled by SpaceBlock in Azure ? Is it a container within a container ?

    PRivate access (with primary key) still seems to the issue for clickonce deployment...

    Wednesday, September 01, 2010 3:56 PM
  • Hi Siris,

    If you look at your code, you're authenticating the request for downloading the main application file. Once the main application file is downloaded, it then requests all other files and those requests are not authenticated. I suggest that you look at the error log created by the ClickOnce installation process. You should see a 403 or 400 error which means the request is not authenticated.

    Hope this helps.

    Thanks

    Gaurav

    • Proposed as answer by DanielOdievich Tuesday, October 05, 2010 4:23 PM
    • Marked as answer by DanielOdievich Wednesday, October 06, 2010 5:38 PM
    Wednesday, September 01, 2010 3:56 PM
  • I'll repost my code to avoid confusion:

    StorageCredentialsAccountAndKey credentials = new StorageCredentialsAccountAndKey("myaccount", "mykey==");

    CloudStorageAccount account = new CloudStorageAccount(credentials, false);
     
    CloudBlobClient blobclient = account.CreateCloudBlobClient();

    CloudBlobContainer cloudblobcontainer = blobclient.GetContainerReference("mycontainer");  //this is my main container which has ALL the files.

    BlobContainerPermissions permission = new BlobContainerPermissions();

    permission.PublicAccess = BlobContainerPublicAccessType.Off; // public access if off for the ENTIRE container.

    cloudblobcontainer.SetPermissions(permission);

    CloudBlob blob = blobclient.GetBlobReference("<myblob>");  // Here i just get a blob refernce to my main application file which i want the user to click to start the intallation procedure.

    Response.ContentType = "application/x-ms-application";

    Response.AddHeader("Content-disposition", "filename=myapp.exe");

    Response.BinaryWrite(blob.DownloadByteArray());

    Response.End();

     

    Wednesday, September 01, 2010 4:06 PM
  • What everyone's telling you is almost certainly the issue.  The user gets that one blob, but when the application tries to retrieve other files, those requests fail.
    Saturday, October 02, 2010 4:21 AM
  • Steve,

       I am trying to do the same thing as the original poster. I agree with you about what the problem is (subsequent retrieves fail because they are not authenticated), but I am wondering if there is any way to make this work?

       I tried using the full signed url as the deployment url when I created the local deployment files, but that didn't work. It still tries to load the subsequent files without authentication.

       It seems to me that in order for this to work, the ClickOnce build process would need to know that authentication is needed for all files and use the full signed url each time it tries to retrieve another file. In theory, it should be enough to provide a signed url when creating the deployment files. The ClickOnce deployment build process could just use that url for every retrieval. But it does not appear that it (the build process for ClickOnce) knows how to do this.

       So is there some way to do this? Or does Microsoft have any plans to support Azure Access Policies for ClickOnce in the future?

       Rick.


    Rick Harrison (KnowWare, Inc.)
    Tuesday, August 09, 2011 4:52 AM
  • Steve,

       I am trying to do the same thing as the original poster. I agree with you about what the problem is (subsequent retrieves fail because they are not authenticated), but I am wondering if there is any way to make this work?

       I tried using the full signed url as the deployment url when I created the local deployment files, but that didn't work. It still tries to load the subsequent files without authentication.

       It seems to me that in order for this to work, the ClickOnce build process would need to know that authentication is needed for all files and use the full signed url each time it tries to retrieve another file. In theory, it should be enough to provide a signed url when creating the deployment files. The ClickOnce deployment build process could just use that url for every retrieval. But it does not appear that it (the build process for ClickOnce) knows how to do this.

       So is there some way to do this? Or does Microsoft have any plans to support Azure Access Policies for ClickOnce in the future?

       Rick.


    Rick Harrison (KnowWare, Inc.)
    Tuesday, August 09, 2011 4:52 AM
  • I don't know anything about ClickOnce, so you'd have to ask someone who works on that, sorry.

    Tuesday, August 09, 2011 5:18 AM