Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

User Prompting

Despite the name ClickOnce, often users will need to click twice to get the application deployed and running. The first click is the one that starts the process of deployment and launching of the application. Users click on a URL provided in an e-mail or on a Web site to start the deployment process. If the application is configured to run offline, then users will also be prompted because the application will create a Start menu item and an Add or Remove Programs entry, which causes visible changes on their machines. As a result, users are notified of this change before it occurs and has the opportunity to refuse the application. Additionally, if the application requires elevated permissions to run, users will also be prompted to decide whether they should allow the application's elevated permissions on their machine. The kind of prompt presented to users in both of these cases also gives an indication of whether the publisher is verifiable through a trust chain on the machine.

Table 6.1 summarizes the prompting dialogs users will see and the associated risk levels, and Figures 6.21 through 6.26 show the range of prompting dialogs that users will see, starting from lowest risk to highest risk to the local machine. For any of these prompts, if users click the Install button, the installation will complete and the application will launch. If users click the Don't Install button, no modifications to the client machine will be made. The different levels of prompting are just intended to convey different degrees of risk to users based on how well known the publisher is and whether the application requires elevated permissions on the local machine.

Table 6.1. Security Dialog Risk Levels

Risk Level

Icon

Cause

Low

Green check mark

Known publisher, no security permission elevation, only adding Start menu shortcut and Add or Remove Programs item.

Medium

Yellow exclamation point

Known publisher, security permissions elevation needed to run, may also be adding Start menu shortcut and Add or Remove Programs item.

Medium

Yellow exclamation point

Unknown publisher, no security permission elevation, but adding Start menu shortcut and Add or Remove Programs item.

High

Red X

Unknown publisher, security permission elevation needed to run, may also be adding Start menu shortcut and Add or Remove Programs item.

Once users have been prompted and they click the Install button, they will not be prompted again for running that application, even if updates are installed, unless an update requests higher permissions than the currently installed version. In that case, the prompting will follow the same logic as an initial install in determining which prompts to provide. This is true for both installed and online-only applications. The following subsections describe those different prompts.

Low-Risk Install

Figure 6.21 shows the install prompt users will see if an application is being launched for the first time where:

  • The application is an installed application
  • The application is signed by a publisher that was issued its certificate by a Trusted Root Certification Authority known by the client machine
  • And the application is not requesting any permissions beyond what it would be granted by default by CAS based on its launch URL
Figure 6.21

Figure 6.21 Low-Risk Install Prompt

Figure 6.22 shows the More Information dialog for this deployment scenario. You can see that the only thing the dialog is really cautioning users about is that it will add a Start menu item and an Add or Remove Programs item.

Figure 6.22

Figure 6.22 Low-Risk Install More Information Dialog

Medium-Risk Install

Figure 6.23 shows the install prompt users will see if an application is being launched for the first time where:

  • The application is an installed application
  • The application is signed by a publisher that was issued its certificate by a Trusted Root Certification Authority known by the client machine
  • And the application is requesting elevated permissions beyond what it would be granted by default by CAS based on its launch URL
Figure 6.23

Figure 6.23 Medium-Risk Install Prompt

Figure 6.24 shows the More Information dialog for this deployment scenario. You can see that in this case users are being warned that the application requires access to "additional resources on your computer," meaning elevated permissions. It also adds the normal caution that it will add a Start menu item and an Add or Remove Programs item. However, you can see that this dialog makes it clear that the publisher is considered to be a known entity since its certificate was issued by a known certificate authority (CA).

Figure 6.24

Figure 6.24 Medium-Risk Install More Information Dialog

High-Risk Install

Figure 6.25 shows the install prompt users will see if an application is being launched for the first time where:

  • The application is an installed application
  • The application is signed by a publisher that is unknown (meaning its certificate was issued by an unknown certificate authority)
  • And the application is requesting elevated permissions beyond what it would be granted by default by CAS based on its launch URL
Figure 6.25

Figure 6.25 High-Risk Install Prompt

Figure 6.26 shows the More Information dialog for this deployment scenario. You can see that in this case users are being warned that the publisher of the application is unknown, and the application requires access to "additional resources on your computer," meaning elevated permissions. It also adds the normal caution that it will add a Start menu item and an Add or Remove Programs item.

Figure 6.26

Figure 6.26 High-Risk Install More Information Dialog

The high-risk prompts shown in Figures 6.25 and 6.26 are what users will see if you deploy a ClickOnce application using a self-generated test certificate (created with Visual Studio or the makecert.exe tool).

User Prompting for Online-Only Applications

When users click on a link to an online-only ClickOnce application, they will only be prompted if the application needs to elevate permissions. If the application does not need to elevate permissions, users will not be prompted at all after they click on the link to the application, even if the publisher is unknown. The application will just download and launch.

If the application does need to elevate permissions, then users will be prompted with a dialog similar to either Figure 6.23 or 6.25, depending on whether the publisher is known (certificate issued by a trusted root CA) or unknown. The only difference in the prompting dialogs in this case is that the buttons will be labeled Run and Don't Run for the online-only application instead of Install and Don't Install for the installed application. If users inspect the More Information dialog, they will see the green status for installation, indicating that no modifications to their Start menu or Add or Remove Programs items will be made (see Figure 6.27).

Figure 6.27

Figure 6.27 Online-Only High-Risk Install More Information Dialog

  • + Share This
  • 🔖 Save To Your Account