Problems embedding manifest for UAC execution level for ClickOnce application

Bruce, anything else I can try

Sean.

I called Microsoft on this. Their final response:

ClickOnce / Vista / UAC - ClickOnce is designed to install applications in a secure, per user cache with the benefit being that you do not require administrative permissions to install the VS part of a Click Once deployed applications. Click once applications do not attempt to elevate to admin privileges at runtime because they can expose the client to security elevation attacks. It is by design. We do not have any work around for this as of now.

So, while you can add a UAC manifest to a ClickOnce published application, you can only use "asInvoker" as the requested execution level. The other levels ("requireAdministrator", "highestAvailable") are not supported due to security concerns.

The workaround I'm going with is to create a shell app (simple exe) that will have the UAC manifest with "requireAdministrator" and call the ClickOnce app from there. The thinking is that the shell app is a one-time install, and the ClickOnce app will be able to upgrade normally. I'll post back here if this works out OK.

Sean.

------

Update to this post:

The solution of using a shell exe app and calling the application reference created by ClickOnce is working very well. The shell app has the UAC manifest embedded, so you get the nice Vista security shield over the icon automatically. There is the headache of having an additional app to install, but it's just an exe with no supporting files, and it's a one-time thing. The ClickOnce automatic updates still work.

The other major problem we ran into when not running elevated as administrator was that the performance for both internet calls and SQL Server calls were painfully slow! A simple web service call and SQL update took 6.8 seconds as a standard user, and 0.1 seconds elevated. Simply not acceptable. HTTP downloads of JPG files was so slow the system became unusable. See Rick Strahl's post on this subject at http://www.west-wind.com/weblog/posts/10685.aspx. This was on a new Toshiba laptop with 2GB RAM installed.

Thanks for everyone's help on this!

Sean.

Hi Sean,

I've run into a similar problem, and I'm interested in a few more details regarding your solution.

How do you deliver the shell exe app As an MSI An MSI wrapped in a setup.exe

How does the ClickOnce app get installed By the MSI that delivers the shell exe By a call to Process.Start() referencing the URL for the ClickOnce deployment manifest

How do you find the application reference created by ClickOnce so the shell exe can start it

I'd really like to learn from your experience.

Regards,

Oluf N

Hi Oluf,

The shell exe is so small (36K) and simple (no supporting files), we just copy it down to the client and put it on the desktop. In our situation, we install the main app for our clients, so it wasn't worth the time to do something more sophisticated.

We start the ClickOnce app by calling the application reference that's created with a ClickOnce install (appref.ms file). That way the normal ClickOnce updates work fine.

I'm using System.Environment.GetFolderPath(Environment.SpecialFolder.StartMenu) and add "Programs/Company Name/Application.appref-ms" because I know that's where it's installed. If this file isn't found, I just send the user to the ClickOnce install site (publish.htm) and they install normally.

If the file is found, then we just use Process.Start() with the appref-ms file. I liked this idea better than calling the URL because it still works if the user is offline.

Hope that helps. If I didn't answer your questions or I wasn't clear, please let me know!

Thanks,

Sean.

Hi Sean,

Thanks for the extra explanations. I'm still not quite clear on how you actually get the app ClickOnce installed in the first place if it requires Vista elevation.

My application is deployed on a web server, wrapped in ClickOnce. The application itself has a manifest that requires Admin privileges, and that's the part that's not supported on Vista with web deployment as far as I understand.

So I think I'm still not going to be able to solve my problem. Even if I were to use the workaround you describe.

On top of that, my webserver seems to mysteriously cache a really old version of the app (it's not in the file system of the webserver any more, yet it still gets successfully downloaded and deployed on XP systems)

-Oluf

ClickOnce installations don't require elevation. That's why including a manifest that says the app needs to be elevated doesn't work, MS doesn't support elevating ClickOnce apps because the installations doesn't require elevation. So it's a security thing.

We install the app by going to the publish.htm page created when you publish the app with VS2005. Once the app is installed, it needs to run elevated, which is what the shell exe does.

Are you saying you can't even install your ClickOnce app on Vista

Sean.

Hi Sean,

I guess there are two things that get signed in the ClickOnce scenario: The xyz.application deployment manifest and the actual application manifest. My xyz.application deployment manifest is just a standard, unmodified ClickOnce manifest. It's the actual application manifest that's marked as requiring UAC elevation. And I guess that's the problem. ClickOnce goes part of the way through, and then fails, leaving the ClickOnce app not installed.

Let me try to summarize your scenario, just for my own benefit: You leave both your .application deployment manifest and the real application's manifest unmodified. Then you create a separate exe that has a UAC elevation manifest and that in turn launches the ClickOnce app using Process.Start(). Since the app that launches the ClickOnce app runs elevated, the ClickOnce app will also run elevated. Did I get that right

So it sounds like I'll have to create an MSI-based installer for the small elevation .exe, have the user download and install that, and then from there launch the ClickOnce app, causing another initial download.

It seems like ClickOnce is not the right deployment model for my app after all. That double download is just a little too weird for a user. In my opinion, anyway.

Thanks for all the help! I really appreciate it!

-Oluf