I work for a commercial product company and am currently trying to provide a solution that will allow some of our larger customers to distribute the client part of our application through ClickOnce.
The goal is for our customers to deploy ClickOnce to a network share, and then send a link to the application manifest to clients by email or other means.
We were able to successfully integrate the production of the ClickOnce installation into our automatic build (using the Mage command-line tools), and then we can successfully complete the actual installation on the client machine. However, after installation and launch, our application throws a SecurityException at runtime because it is denied access to FileIOPermission. Our application requires FullTrust permissions, but it seems that if the assembly of CodeBase nodes is a network resource, you are only granted LocalIntranet permissions (which do not include FileIOPermission).
There is an article here that seems to indicate that this is a fairly common problem: http://blogs.msdn.com/shawnfa/archive/2004/12/30/344554.aspx
A workaround is provided in this article using the CasPol tool, but we must run it on every client computer in the deployment environment. This is not a problem in itself, especially since you need administrator rights on the client machine to perform actions using the CasPol tool, and most clients in our client environment do not have these privileges.
The article was also published on the same blog, which apparently implies that the need to launch the CasPol fix was facilitated by the release of .NET 3.5 SP1: http://blogs.msdn.com/shawnfa/archive/2008/05/12/fulltrust -on-the-localintranet.aspx
However, I modified our application to specifically configure the release of the SP1 framework version, as described in this article: http://msdn.microsoft.com/en-us/library/bb398202.aspx#
After that, we still came across the same safe exception. Therefore, I applied some specific SP1 ClickOnce settings, described in detail in the article, but still are not happy. If I started the application directly from the public publishing network Im, granted permissions, it seems that only from the context of ClickOnce we refuse.
Anyone else having problems like these? I would think if there was a problem in releasing SP1 regarding these permissions, which someone else would notice before us, since we have not yet submitted the ClickOnce solution.