How to: Restrict Access Based on User Role

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies.
This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
To create client business applications using current Microsoft technologies, see patterns & practices' Prism.

ClickOnce installs an application on the client computer by making a series of individual file requests. The following is the sequence of the requests:

  1. Deployment manifest
  2. Application manifest
  3. Each application file listed in the application manifest

The file requests made by ClickOnce will pass the identity of the logged-on user to the server if the requests are made on a Windows network. By using Windows access control lists, you can restrict access to the manifests and application files to prevent unauthorized users from deploying your applications. However, there is no practical way to restrict access to ClickOnce applications if they are exposed through the Internet to users who do not have Windows accounts in your domain.

To secure a ClickOnce publication so that only specific users who have Windows accounts on your domain can access the application, you just need to define a Windows group, associate those users with the group, and then restrict access to the ClickOnce manifests and application files to that group.

For more information about managing access control and logging application usage, see Administering ClickOnce Deployments (http://msdn.microsoft.com/en-us/library/aa480721(v=MSDN.10).aspx)on MSDN.


Show: