none
clickonce (in .NETv3.5) - does it support working through a proxy server with username and password?

    Question

  • Hi,

    Does ClickOnce (in VS2008, .NETv3.5) support working through a proxy server with username and password?

    thanks

    PS.  Just tried it and it seems is does not?  I got the following errors:

    (a) Under firefox:

        URLDownloadToCacheFile failed with HRESULT '-2147024891'

    (b) under IE

     System.Deployment.Application.DeploymentDownloadException (Unknown subtype)

         --- Inner Exception ---
        System.Net.WebException
         - The remote server returned an error: (407) Proxy Authentication Required.
         - Source: System
         - Stack trace:
          at System.Net.HttpWebRequest.GetResponse()
          at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)


    Is there no screen that prompts the user for a Proxy host/port & username/password???



    Wednesday, March 03, 2010 6:39 AM

Answers

  •  

    Okay, I've talked to the C/O product team, and they're going to try to get some cooperation from another team that is also included in this functionality in ClickOnce deployment.

    In the following, I've tried to summarize the posts here. Does this pretty much state the problem, or am I missing something? Also, has anybody gotten this to work with a proxy server using Windows authentication?

    ==================

    Some companies require proxy authentication to get to the internet, which is required in order to install an external ClickOnce application. It is unclear how to provide the credentials for getting through the proxy server when installing the C/O application.  

    Someone reported they thought it would work with Windows authentication, but (a) this hasn’t been verified, and (b) not all companies use Windows authentication for their proxy server credentials.

     

    One solution is to modify machine.config on all machines to include a <defaultProxy> element, but this only allows you to use default credentials (which I think means Windows authentication), and it also means you have to modify the machine.config file on all the machines, which isn’t feasible. Plus, see previous comment about not everybody using Windows authentication.

     

    According to this article in MSDN: http://msdn.microsoft.com/en-us/library/kd3cf2ex(VS.80).aspx, the <defaultProxy> element can be added to the app.config file instead of put in machine.config. It also says “If the defaultProxy element is empty, the proxy settings from IE will be used.” But that probably applies when the application is running, and not to the ClickOnce installation of it, since the deployment would have no awareness of that information.

     

    There is a bug filed in connect for this: https://connect.microsoft.com/VisualStudio/feedback/details/115468/click-once-fails-with-proxy-authentication?wa=wsignin1.0

     

    ============

    Thanks,

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Monday, March 29, 2010 11:13 PM
    Moderator
  • Okay, here's the final answer: No.

    After some back and forth with the ClickOnce team, ClickOnce only supports proxy authentication using the default credentials, i.e. Windows Integrated Security, i.e. the Windows account information.

    There is no way to pass a username and password to a proxy server.

    System.Net's default web proxy has [UseDefaultCredentials] turned off by default. You'll probably have to turn this on by modifying the machine.config file. If the ClickOnce deployment itself does not require a proxy server, but the application does, you can add an entry to the app.config file instead.

    If the <defaultProxy> element in the machine.config is empty, it uses the settings from IE -- but this applies to calling something via a proxy server, not to installing the ClickOnce app itself.

    Let me know if you have any other questions. I have a couple more q's out on this, and if I get any more info, will post it here.

    RobinDotNet

     


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Thursday, April 08, 2010 10:15 PM
    Moderator

All replies

  • Hi callagga,

    There is a hot fix on Microsoft site which fix the problem for proxy server issue. Here is the KB article.
    http://support.microsoft.com/default.aspx/kb/917952/en-us

    Please try it and tell me if it works.

    Sincerely,
    Kira Qian
    MSDN Subscriber Support in Forum
    If you have any feedback on our support, please contact msdnmg@microsoft.com
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework!
    Wednesday, March 03, 2010 8:50 AM
  • Hi,
    But this is targetted at "Microsoft .NET Framework 2.0" - in my case I compiling on .NET 3.5?

    Is there supposed to be a way for the end-user to configure their proxy server authentication details for a .NET 3.5 clickonce application?






    Thursday, March 04, 2010 12:51 AM
  • Hi,

    The Common Language Runtime is version 2.0 -- .NET 2.0. .NET 3.0 and .NET 3.5 are just bits added on to the .NET 2.0 Framework. So it should work fine.

    (Note: This is not true of .NET 4.0, which has a separate CLR, and runs side-by-side with 2.0/3.0/3.5.)

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Thursday, March 04, 2010 2:24 AM
    Moderator
  • We have been trying to figure this out for a while ourselves.  It seems that ClickOnce works fine with NTLM and other pass-through authentication, but basic authentication never works and always returns a 407 proxy authentication required.  We have tried the various supposed hotfixes that are supposed to fix this problem with ClickOnce but I have never seen it work.  It would be great if got fixed by MS someday.

    Thursday, March 04, 2010 5:02 AM
  • Couple of questions:

    a) So this requires the user to download the patch and install it on their PC correct? 

    b) Is this a wide-spread bug?  Would a large population of users have to go through this if I went with clickonce targeted at companies with users behind proxy servers?

    c) The hotfix does not work for me - I downloaded it and run it - then I get "The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program.  Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch." 

    Thursday, March 04, 2010 5:56 AM

  • This *is* supported in ClickOnce. This is the information the ClickOnce team has provided to me about this issue.

    MSDN article: http://msdn.microsoft.com/en-us/library/ms228998(VS.80).aspx


    ClickOnce and Proxy Authentication

    For ClickOnce to work with default proxy authentication in a corporate setting, the defaultProxy element in the machine.config file on all client computers must be set to allow System.Net to use default security credentials. Alternatively, you can configure defaultProxy on client computers to use a specific proxy server.

    For more information, see <defaultProxy> Element (Network Settings).


    RobinDotNet

    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Thursday, March 04, 2010 5:41 PM
    Moderator

  • For ClickOnce to work with default proxy authentication in a corporate setting, the defaultProxy element in the machine.config file on all client computers must be set to allow System.Net to use default security credentials. Alternatively, you can configure defaultProxy on client computers to use a specific proxy server.

    So you are saying that we should expect that everyone who wants our ClickOnce package to manually make this edit in their system settings if they using a basic authenticating proxy before they can receive any ClickOnce package?  I guess that kind of defeats the purpose of using ClickOnce in the first place, or is my logic wrong here?
    Thursday, March 04, 2010 8:56 PM
  • Hi Robin,

    Still trying to get my head around this issue:

    Q1 - I pretty much have the same question for Microsoft as Allen has just posed.  Are we missing something here. 

    I did come across a link here that seems to support the concept that clickonce is kind of currently broken re a robust mechanism: https://connect.microsoft.com/VisualStudio/feedback/details/115468/click-once-fails-with-proxy-authentication?wa=wsignin1.0 .   I see one poster suggested "instead of oneclick we can call it : change the machine.config , and the click install".  Hopefully we're all missing something here...

    Q2 - Also as a 2nd question how does a user then set their defaultProxy password etc?  I read someone it would be the Windows login credentials, however where I work such credentials would not work with the company proxy.  There would need to be a way for the user to set them specifically, albeit through IE settings, if clickonce could grab them from here.   So, assuming it seems that clickonce itself has nothing inside itself that include a dialog prompt to ask the user for their proxy settings, then where/how would a user set them?    You can't use the app to set them obviously (I think?) as it hasn't been downloaded yet.

    Q3 - Is there any open source project you know of that gives the "clickonce" type approach that might have this issue solved?  Or even code to incorporate in a normal setup based deployment approach that can do the automatic update checks?

    thanks again

    • Edited by callagga Friday, March 05, 2010 6:01 AM
    Thursday, March 04, 2010 9:25 PM
  • Hi callagga,

    > a) So this requires the user to download the patch and install it on their PC correct?

    Currently we have only this solution to fix the problem. Microsoft doesn’t prompt this hot fix along with Windows update, so we need to install it manually.

    > b) Is this a wide-spread bug?  Would a large population of users have to go through this if I went with clickonce targeted at companies with users behind proxy servers?

    This is a product issue.

    > c) The hotfix does not work for me

    I cannot deal with this product issue. Only the product team can take action to fix or find a workaround with the issue (if it is a coding issue, maybe I can give you a hand). Also I have no network environment to test the issue and the hot fix. Please start a Microsoft Connect issue to report it. Product team member will follow the case.

    Sorry for the inconvenience.

    Sincerely,
    Kira Qian
    MSDN Subscriber Support in Forum
    If you have any feedback on our support, please contact msdnmg@microsoft.com
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework!
    Friday, March 05, 2010 2:18 AM

  • > c) The hotfix does not work for me

    I cannot deal with this product issue. Only the product team can take action to fix or find a workaround with the issue (if it is a coding issue, maybe I can give you a hand). Also I have no network environment to test the issue and the hot fix. Please start a Microsoft Connect issue to report it. Product team

    thanks for trying to help - I think the Microsoft Connect Bug 115468 I referred to before "click once fails with proxy authentication" already covered this off - unfortunately the product team then have closed this off, much to the chagrin of the poster - it has 32 votes against it
    Friday, March 05, 2010 6:17 AM
  • Hi,

    Did you happen to read the article, including following the link to the information on the network settings change?  It does say you can put the info in the application configuration instead of the machine configuration. I'd also check the notes for .NET 3.5; I think this one is for .NET 2.0.

    http://msdn.microsoft.com/en-us/library/kd3cf2ex(VS.80).aspx

    I'll ask the product team to check out this thread and respond. No promises, but I'll see what i can do.

    RobinDotNet
    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Friday, March 05, 2010 9:29 AM
    Moderator
  • Thanks Robin, I'll reread and double this. But even if this got the fix working doesn't it still just leverage the default credentials? In which case in companies where the default credential is not tied to the proxy server authentication mechansim they still couldn't use click once. It would be great if you could confirm with the product team for this type of company: a) how, and in which app, would the user set their specific proxy server details/credentials? b) what is the default credentials for a winforms client side application that click once would use? Is it the netword login? Can it be changed through IE? Could I set this programmatically, such that in my app I could ask the user to give me their proxy details and then set them? Asuumes then a manual initally download I guess as normally the app couldn't do this under click once as it wouldn't have been downloaded yet ;( thanks
    Sunday, March 07, 2010 10:55 AM
  •  It does say you can put the info in the application configuration instead of the machine configuration. 
    Hi Robin,

    I've tried this in a standalone (no clickonce) test winforms application (i.e. using http://msdn.microsoft.com/en-us/library/kd3cf2ex%28VS.80%29.aspx advice, and putting the defaultProxy configuration in the client) however:
    1. With the WebBrowser control - it seems to bypass these settings and use IE's settings (works if I sent IE proxy settings correctly)
    2. With WebClient class - can get it to talk to the proxy I configure in the application.config file, however no way to set username/password (i.e. no dialog box) - also noted it does not seem to pull default credentials from IE at all
    3. Even if I could get this approach to work how would this help when I'm trying to down the application via clickonce, as the application itself would not have even been downloaded yet?
    thanks
    Monday, March 08, 2010 7:16 AM
  • Hi,

    My guess is that it uses whatever credentials you specify in Internet Explorer. Can you try filling those in, and making the change to the application configuration file as noted in the article, and see if it works?

    RobinDotNet
    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Tuesday, March 09, 2010 8:55 AM
    Moderator
  • Hr Robin,

    Have already tried this and it didn't work - I guess I could try to run WireShark (packet sniffer) and see what it was doing...

    For the moment I'm just trying to understand where the username/password is supposed to come from for anything that says it uses default network credentials on a client side PC (albeit WebClient class, or click-once etc)
    Tuesday, March 09, 2010 8:49 PM

  • Hi,

    It doesn't come from ClickOnce. There is nowhere and nohow to store any kind of user credentials in ClickOnce. I'm sure it's IE.

    I'm pinging the product team, but they're really busy. Hope to have an answer soon.

    RobinDotNet
    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Wednesday, March 10, 2010 3:22 AM
    Moderator
  • I've just been testing with the following below setup and confirmed that the Username/Password does not come from a successful logged on IE session. 

    Outstanding question is therefore where would the username/password come from?  Or does it have to be programmatically supplied within the custom application, in which case what happens with ClickOnce then? (which doesn't seem to launch any dialog to allow a user to supply the username/password)

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    <system.net>
    <defaultProxy enabled="true" useDefaultCredentials="false">
    <bypasslist>
    <add address="localhost" />
    </bypasslist>
    <proxy usesystemdefault="True" proxyaddress="http://myproxy:80/" bypassonlocal="False" />
    </defaultProxy>
    </system.net>
    </configuration>

    and

            private void button2_Click(object sender, EventArgs e)
            {
                Cursor.Current = Cursors.WaitCursor;
                try
                {
                    var wc = new WebClient();
                    var str = wc.DownloadString(textBox1.Text);
                    MessageBox.Show("String = " + str);
                } 
                finally
                {
                    Cursor.Current = Cursors.Default;
                    
                }
                
    
            }






    Thursday, March 11, 2010 12:59 AM
  • I always assumed it used tokenized windows credentials for the username and password.  Basic authentication with ISA support tokenized passwords with basic authentication, although this technique isn't widely supported with other proxies.  Typically proxies use NTLM or other techniques for this, not basic authentication.  Again, this is virtually useless in most environments though with their own proxies and basic authentication.
    Thursday, March 11, 2010 4:04 AM

  • I've pinged the ClickOnce Team and asked for some clarity around this issue. Still hoping to get an answer; will report back, or they will post here directly.

    RobinDotNet
    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Thursday, March 11, 2010 7:30 AM
    Moderator
  • @Allen - so just to understand, from what you are saying/assuming this would imply if one does not have ISA proxies in place then there really is no way for clickonce to work in behind such a proxy environment.  Is my interpretation of your assumption correct?

    @Robin - thanks - will be great to get the clarity
    Thursday, March 11, 2010 10:01 AM
  • I believe that it uses Windows credentials (local machine or domain), because this is how ISA works - but it probably would work with other proxies if the credentials matched your Windows credentials.  This is my assumption.
    Friday, March 12, 2010 4:47 AM
  • Hi Robin - you didn't get an update I don't suppose from the ClickOnce team?    It kind of feels like they must not have an answer for this one do you think?

     

    Friday, March 26, 2010 9:11 PM
  • I haven't heard back from them on *anything* I've sent them in the last couple of weeks. I think they must be really busy (VS2010 launch coming). I sent another e-mail today asking for a few minutes of their time, and this is one of the issues I want to ask about. I'll continue to try to get an answer out of them. For now, you appear to be s.o.l. Sorry about that.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Friday, March 26, 2010 11:36 PM
    Moderator
  • thanks - yes I guess that would make sense noting VS2010 launch
    Friday, March 26, 2010 11:52 PM
  •  

    Okay, I've talked to the C/O product team, and they're going to try to get some cooperation from another team that is also included in this functionality in ClickOnce deployment.

    In the following, I've tried to summarize the posts here. Does this pretty much state the problem, or am I missing something? Also, has anybody gotten this to work with a proxy server using Windows authentication?

    ==================

    Some companies require proxy authentication to get to the internet, which is required in order to install an external ClickOnce application. It is unclear how to provide the credentials for getting through the proxy server when installing the C/O application.  

    Someone reported they thought it would work with Windows authentication, but (a) this hasn’t been verified, and (b) not all companies use Windows authentication for their proxy server credentials.

     

    One solution is to modify machine.config on all machines to include a <defaultProxy> element, but this only allows you to use default credentials (which I think means Windows authentication), and it also means you have to modify the machine.config file on all the machines, which isn’t feasible. Plus, see previous comment about not everybody using Windows authentication.

     

    According to this article in MSDN: http://msdn.microsoft.com/en-us/library/kd3cf2ex(VS.80).aspx, the <defaultProxy> element can be added to the app.config file instead of put in machine.config. It also says “If the defaultProxy element is empty, the proxy settings from IE will be used.” But that probably applies when the application is running, and not to the ClickOnce installation of it, since the deployment would have no awareness of that information.

     

    There is a bug filed in connect for this: https://connect.microsoft.com/VisualStudio/feedback/details/115468/click-once-fails-with-proxy-authentication?wa=wsignin1.0

     

    ============

    Thanks,

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Monday, March 29, 2010 11:13 PM
    Moderator
  • Here's one more piece of information that I think might be helpful:

    Server and Client Configurations in ClickOnce: http://msdn.microsoft.com/en-us/library/ms228998.aspx

    If you go down to the middle, it has a section about ClickOnce proxy authentication. It says this:

    ClickOnce provides support for Windows Integrated proxy authentication. No specific machine.config directives are required. ClickOnce does not provide support for other authentication protocols such as Basic or Digest.

    For more information, see <defaultProxy> Element (Network Settings).

    I'll not sure how providing the info in the app.config file helps install the application, though. I'll report back.

    Thanks,

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Tuesday, March 30, 2010 12:07 AM
    Moderator
  • Okay, here's the final answer: No.

    After some back and forth with the ClickOnce team, ClickOnce only supports proxy authentication using the default credentials, i.e. Windows Integrated Security, i.e. the Windows account information.

    There is no way to pass a username and password to a proxy server.

    System.Net's default web proxy has [UseDefaultCredentials] turned off by default. You'll probably have to turn this on by modifying the machine.config file. If the ClickOnce deployment itself does not require a proxy server, but the application does, you can add an entry to the app.config file instead.

    If the <defaultProxy> element in the machine.config is empty, it uses the settings from IE -- but this applies to calling something via a proxy server, not to installing the ClickOnce app itself.

    Let me know if you have any other questions. I have a couple more q's out on this, and if I get any more info, will post it here.

    RobinDotNet

     


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Thursday, April 08, 2010 10:15 PM
    Moderator
  • Where I have to specify proxy server? ClickOnce used IE settings, I want to specify my, but nothing used ((

     <system.net>
      <defaultProxy enabled="true">
       <proxy usesystemdefault="false" proxyaddress="http://192.168.0.1:3128" bypassonlocal="true"/>
      </defaultProxy>
     </system.net>

     

    Where can I find machine.config for ClickOnce?

    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config

    C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config

    C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config

    Which from them OR something else?????

    Specified in all, but clickonce use system (((

    Thursday, May 27, 2010 9:24 AM
  • Hi,

    At what point are you needing to use the proxy server? At the point of actually installing the ClickOnce app, or does the application itself need to use a proxy server to access the server?

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Thursday, May 27, 2010 5:09 PM
    Moderator
  • I don't ask here if I have no problem ))

    So WebDefaultProxy return my proxy in desktop application, but clickonce use IE ((

    Friday, May 28, 2010 4:15 AM
  • Hi,

    All kinds of questions are posted here. I am as likely to see a question about USING a ClickOnce application with proxy authentication as I am to see a question about INSTALLING a ClickOnce application with proxy authentication. I'm going to assume you mean the latter, but it would be good if you verified that.

    If you read back through the posts in this thread and check out the articles (especially the posts marked as answers), you will find that ClickOnce only supports windows authentication, and to do that, you need to set UseDefaultCredentials to true in the machine.config file (or if just using it to access data from your application, in the app.config file). I don't see that setting in the XML that you have posted.

    There is also a hotfix:

    http://support.microsoft.com/kb/917952/en-us

    It would be helpful if you actually posted the error message you're getting.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Friday, May 28, 2010 5:04 AM
    Moderator
  • >>If you read back through the posts in this thread and check out the articles (especially the posts marked as answers), you will find that ClickOnce only supports windows authentication, and to do that, you need to set UseDefaultCredentials to true in the machine.config file (or if just using it to access data from your application, in the app.config file). I don't see that setting in the XML that you have posted.

     

    I tried this solution, but this is not working on ClickOnce with Framework 4.0 )) There is no effect. Still 407 error because ClickOnce i read does not support Basic Auth.

    Friday, May 28, 2010 12:50 PM
  • Are you using Basic Auth or default credentials? If you're using BasicAuth, you're right, C/O doesn't support that.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Friday, May 28, 2010 6:34 PM
    Moderator
  • Hello,

    I have developed an application in VS2005 (Framework 2.0) and want to deploy it via clickonce.

    Let's say the client machine has the initial installation completed (e.g. over a temp. direct network connection) and from now on the app updates itself via the ApplicationDeployment.Update-Method.

    How can I define the proxy-settings (incl. credentials user/password) for this method programmatically? e.g. can I create a System.Net.WebProxy and tell the clickone-update process to use it?

    Must I also apply the hotfix http://support.microsoft.com/kb/917952/en-us   for this to work?

     

    Many Thanks

    (I'am not a native english speaker, so it might not be so perfect :)

     

    Monday, June 28, 2010 3:29 PM
  • Hi,

    You can't. Please read this whole thread again. You can not specify credentials for a proxy server with a ClickOnce deployment. You can only use Windows credentials on the server side.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Tuesday, June 29, 2010 3:54 AM
    Moderator
  • I understand (after reading the thread) that the normal process of installation and updating before my application is running works only with the windows credentials.

    For my clarification or an additional result:

    - assuming my application is currently running and can communicate with a WebProxy to my data-server (soap, etc.)

    - when it now calls ApplicationDeployment.CheckForUpdate / .Update it does receive "no update available" or "update available" messages.

    unfortunately at the moment I could not test the updating process itself - but it seems to work/have a connection to the deployment-server.

    could it be that clickonce uses the internet-connection prepared by the application (logged in at proxy) ?

    in that case my customer needs to install the application once manually and the following updates can be started by the application after preparing the internet connection.

     

    of course I must test that, but would you say "no that isn't possible - by design" ?

     

    thanks for your patience

     

    Tuesday, June 29, 2010 8:30 AM
  • To be honest, I doubt it will work, but I don't know for certain. I badgered the heck out of the ClickOnce team to get the answers posted above, and I know they're deep in coding for the next release, because they're not responding very quickly.

    If I had a way to test this stuff, I'd try it, but I don't. So why don't you give it a try and report back? If you could get this to work, you'd make hundreds, if not thousands, of people very happy.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Tuesday, June 29, 2010 8:09 PM
    Moderator
  • Yes I will try it in the next days and report here (always want to make people very happy).

     

    Wednesday, June 30, 2010 5:50 AM
  • Just want to add my voice here. This issue has just stopped us dead trying to install our .Net4.0 software via ClickOnce with a customer. We are currently scrabbling around trying to find an alternate way to install with them.

    We tried the 'solution' of adding the useDefaultCredentials to machine.config which seemed to make no difference. Even if it did work it's really a pretty big ask to have customers alter all their client machines. Does this even survive a .net reinstallation?

    I think ClickOnce is a terrific technology and we really want to continue using it, but this seems like a pretty huge issue. Is there any way we can make sure the ClickOnce team is aware of how serious it is?

    Thursday, July 08, 2010 1:38 AM
  • Your customer uses proxy authentication and doesn't use default credentials (i.e. integrated windows security) ?

    The ClickOnce Product Lead is aware of how serious this is, but it is a major change, and I wouldn't expect to see it within the next year. I think it's the kind of thing they would put in the next version of Visual Studio, if they're going to do it. I have no information on the likelihood of that happening, but I have shared with them that this is a frequently-requested feature.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Thursday, July 08, 2010 7:40 AM
    Moderator
  • Yes, apparently that is correct - they tell me they use some other method. What that is exactly they didn't say.

    Good to hear the team at Microsoft are aware of the problem, though of course disappointed a solution it is such a long way off.

    But a big thank you for your response and finding out the information in this thread. There is a lot of confusing information if you search for this topic - for example the hotfix mentioned right at the start of this thread won't even install in .net4 and from the sound of it suffers the same limitations as the machine.config workaround.

    Foster

    Thursday, July 08, 2010 11:47 PM
  • It took some time to pin down the C/O team on exactly what would work, but I'm persistent. :-)  I don't think they were aware of the most frequently requested features of ClickOnce (this is one), but after being active in these forums and in the .NET community, I was able to share that information with them, and I think they will take it into account when they can. They were very interested, and very open to the negative feedback that I provided in addition to the positive. The development cycle is very long, and they have to plan far ahead, so it maybe take some time to see some changes, but I'm optimistic about it.

    I did run across this the other day. It looks interesting -- how to install updates with proxy authentication. You have to get the app installed to start with, and then you can do updates with proxy authentication, according to this article:

     http://bronumski.blogspot.com/2009/06/clickonce-updates-via-authentication.html

    If that's really true and it works, you could install it from a CD (with the Updates URL set to the webserver), and then do updates this way.

    If anybody tries this out, please post back on whether or not it works, because this is a topic of great interest.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    • Proposed as answer by Cataluna Saturday, July 10, 2010 5:59 AM
    Friday, July 09, 2010 5:49 PM
    Moderator
  • I've made the following test. successfully:

    - integrate update dialog with the ApplicationDeployment-API and the web proxy method of Mr. Bronumski
    - block update checking
    - set update url to webserver (e.g. myapp/deploy)
    - publish application on webserver
    - create a setup package
    - distribute setup to different url (e.g. myapp/setup) so the users can download the initial setup

    - install on user machine with the downloaded setup package

    After changing the WebRequest.DefaultWebProxy (Bronumski), ClickOnce-Update is using this proxy. So you can catch a 407 authentication exception (occured at .CheckForDetailedUpdate) and bring up the proxy setting dialog if needed.

    That really helped.
    Of course ClickOnce should do that proxy thing in the future.

    Thank you all and thank you Mr. Bronumski.
    Saturday, July 10, 2010 5:58 AM
  • This is great news. Thanks so much for posting back and verifying that this works. I know people will be really happy about that.

    RobinDotNet

     


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Sunday, July 11, 2010 11:19 PM
    Moderator
  • Glad to have been of help :)
    Bronumski
    LIFE'S TOO SHORT FOR BLOGGING...
    Monday, July 12, 2010 9:09 AM
  • I would just like to add my voice to the clammer for a fix.

    We have used a number of "web-accessible" technologies for our smart-client administration systems - ActiveX controls, Zero Impact Fusion Download .net components, and around 3 years ago settled on ClickOnce thinking it was the solution. Our clients are local and central government (UK, and I would say about 50% (yes 50%!!!) have difficulty in installing ClickOnce applications because of the problem with Authenticating Proxies. The dreaded:

    "(+ The remote server returned an error: (407) Proxy Authentication Required.)"

    in other words. Making changes to local machine configurations is not permitted in these organisations, and often their IT departments have to configure a single PC with different settings just in order to access some of our administration systems. A bit of a joke, and it has given us and Microsoft a bad name.

    Our systems are currently  .net 2.0-based, and we are in the process of upgrading to .net 4.0. But to discover that the problems still persist (5 years after they were first spotted and raised with Microsoft), I find incredible. I can only assume that there is almost zero take-up on ClickOnce, and we were somehow sold a dummy.

    A positive acknowledgement from the ClickOnce team is a step forward. It's now a few months since the last post, so is there any update on this (like it's in .Net framework 4.0 SP1 to be released later this year... I can dream...) ?

    Thanks

    JB

    Monday, October 04, 2010 9:57 AM
  • ClickOnce uses HttpWebRequest to download program files. However the current product doesn’t work well when user in a LAN need proxy authentication. The sample forces a WebBrowser control to use proxy to visit the website but that doesn’t fix the issue either. In this case, I would suggest using WCF to create your own download logic. 


    Senior Support Engineer

    • Edited by Myexp Tuesday, March 29, 2011 9:44 AM correct mistake
    Friday, March 25, 2011 3:23 AM
  • JB -- did you read the thread above with the link to the post by bronumski? This has enabled most people to get ClickOnce working with proxy authentication.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Tuesday, March 29, 2011 9:28 AM
    Moderator
  • MyExp --

    I don't really understand. Why would ClickOnce not work in a LAN? AFAIK it doesn't work any differently on a LAN than it does when deployed publicly. Can you explain what you mean and specifically how it doesn't work well?

    Also, for the ClickOnce proxy issue, I would suggest checking out the link in one of the posts above that points to a blog entry by bronumski -- this does provide a workaround for the proxy issue.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Tuesday, March 29, 2011 9:33 AM
    Moderator
  • Sorry, not describe it clearly. A LAN user need proxy authentication. I mean the CSWebBrowserWithProxy sample does not fix the issue in this situation. 
    Senior Support Engineer
    Tuesday, March 29, 2011 9:40 AM
  • I totally don't get why the All-in-one people posted that thread here.

    Did you try the other workaround?

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev
    Tuesday, March 29, 2011 9:44 AM
    Moderator
  • I know this is an old thread but it has the most information on this problematic bug, which is still around after many years.

    I'm just at a client (large governmental organization with really tight security) that uses proxy authentication and despite trying all the tips & trick I could find (modify machine.config, ...) it still doesn't work.

    I did however find this thread: http://social.msdn.microsoft.com/forums/en-US/winformssetup/thread/4dedd0d4-8a0d-43e6-8ab0-6fc643e19986/

    In the bottom of the thread you can see that apparently Google Chrome uses ClickOnce. Someone (Bronumski) even posted the app manifest of Google Chrome.

    I've tested the Google Chrome installer on two of the clients computers and it works!

    1. Windows credentials match the proxy credentials

    2. Windows credentials are different that the proxy credentials

    Does anyone know what does Google do differently  with their installer compared to the installer we have?

     

    Thanks a lot,

    Sašo

    Wednesday, December 28, 2011 10:03 AM