ClickOnce Application - Security

asked 2020-09-06T10:58:21.597+00:00
Simon CAROLO 1 Reputation point

Hi,

I'm developping an application which i'm publishing with ClickOnce.

I have three questions about protecting my application :

Users download it on "www.mywebsite.com/myapplication/App.htm".
They can access to "www.mywebsite.com/myapplication/" and see the index and the application files.

  • Is this a problem ? Can users get some of my code from it ?
  • Can users decompile my application somehow ? (through the path below or from the installed file)
  • My application is on "Update on launch". Can they cancel the updates and keep their version without updating ?

I hope I find some answers here. I found some informations but I would like to be sure of this 3 answers !

Thanks !

Simon

Windows Forms
Windows Forms
A set of .NET Framework managed libraries for developing graphical user interfaces.
1,314 questions
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2020-09-07T07:30:22.787+00:00
    Daniel Zhang-MSFT 9,471 Reputation points

    Hi Simon CAROLO,
    First, I can't find your application from the link you provided.
    In general, users can install the clickonce application from the website you deployed.
    And users can't get code from application files.
    To prevent others from reverse engineering the code, you need to obfuscate your application by using Dotfuscator.
    Note that assembly obfuscation is not integrated into the Visual Studio IDE or the ClickOnce deployment process. Therefore, you will have to perform the obfuscation outside of the deployment process, perhaps using a post-build step. After you build the project, you would perform the following steps manually, outside of Visual Studio.
    More details you can refer to this docuemnt.
    To block update checking, you can clear the The application should check for updates check box in the Application Updates Dialog Box.
    You can also block update checking by removing the <Subscription> tag from the deployment manifest.
    Please refer to this document.
    Best Regards,
    Daniel Zhang


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    No comments