Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

How to: Restrict Access Based on User Role

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies.
This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

ClickOnce installs an application on the client computer by making a series of individual file requests. The following is the sequence of the requests:

  1. Deployment manifest
  2. Application manifest
  3. Each application file listed in the application manifest

The file requests made by ClickOnce will pass the identity of the logged-on user to the server if the requests are made on a Windows network. Using Windows access control lists, you can restrict access to the manifests and application files to prevent unauthorized users from deploying your applications. However, there is no practical way to restrict access to ClickOnce applications if they are exposed through the Internet to users who do not have Windows accounts on your domain.

To secure a ClickOnce publication to a specific set of users who have Windows accounts on your domain, you just need to define a Windows group, associate those users with the group, and then restrict access to the ClickOnce manifests and application files to that group.

For more information about managing access control and logging application usage, see Administering ClickOnce Deployments on MSDN.

For detailed steps to restrict access to a ClickOnce application, see Manual: Restrict Access Based on User Role.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft. All rights reserved.