ClickOnce - Security Questions - winforms

I am considering using ClickOnce for a legacy Windows Forms application. I have several questions related to ClickOnce itself.
Does a user need administrative privelages to install the ClickOnce application?
Can the ClickOnce application access the local file system?
When does an end-user experience security prompts?
Can the application be served over https://?
Can the application make calls to services hosted on https://?
Can the application be served over SSL?

No
Yes
When the app is updated (optionally, you can suppress them)
Yes
Yes
See #4? I'm not sure what you're asking, HTTPS = HTTP over SSL

Related

Service to update WPF application placed on server

I am developing a WPF application, which will be accessed from shared folder on server (Windows Server). My goal is to implement some mechanism of updating the app. The updater should be run on server probably as some kind of service. Which mechanism/technique would you recommended to use?
Based on your comment, I would look into using ClickOnce.
ClickOnce enables Web-style application deployment for non-Web
applications. Applications are published to and deployed from Web or
file servers.
https://msdn.microsoft.com/en-us/library/t71a733d(v=vs.140).aspx
You can also use Squirrel.
Squirrel: It's like ClickOnce but Works™
https://github.com/Squirrel/Squirrel.Windows

How to deploy website on live server?

I have created a website on angularJS. I have local server running using nodeJS. Can anyone please tell me the further process to deploy the website.
Your local server is probably only for development purposes.
You can deploy it as usual application. All you need is web server. The most common selection is Apache, nginx or IIS. You can set up one of these on your own (on your own computer/VPS etc.) or use web hosting (just google it...).
Selecting correct solution depends on budget, needed support and number of users. I assume that usual "cheap web hosting" is the best for you.

What is the relationship/differences between Google App Engine, and "normal" web apps?

I was trying to start to learn about programming on Firefox OS, and I heard that it is programmed with JavaScript and HTML5, and it uses the same structures of web apps.
Said that, I'm doing a course on Udacity ( I'm a beginner) that is about web development, and it talked about how to use the Google App Engine(we just made our own websites online, using python and some structures of the GAE), and I tryied to make some relationship with what I was seeing in the Firefox website, and I just coundn't figure out nothing.
Google App Engine is a "platform as a service model" of webapps. What you don't need is the key. You don't need :
a Database Administrator
Network technician
a Backup Admin (you still need to make backups of your app and data but not your network config files ect...)
the hardware at your company
the ISP service level agreements
there is more that Google specifically puts in over other platform as a service businesses.
Google takes care of this for you. You just write the webapp (and back it up for a rainy day)
As for Firefox OS, you build application, as you wrote, with HTML5, CSS3, and JavaScript: only web technology. Those are web applications that you build to run on Firefox OS devices, and even in the browser, depending on the API you used. The application you build https://developer.mozilla.org/en-US/Apps, can be either hosted on your own server, or if you packaged it, on the Firefox OS marketplace https://marketplace.firefox.com/.
I would also like to add that Google App Engine is a PaaS at the end of the day. So while technically, one can say that any web application should run, that is not always the case.
If you are using a PaaS, whether it is a Google App Engine or any others like Heroku, CloudFoundry, etc - you must understand the various Services and APIs that it provides in the different platforms that it supports. For e.g. using Google App Engine, you can choose either Java, Python or PHP to write and host your web applications. However, you have to use some of its services like Datastore, etc.
Moving any web application that you have written to a PaaS is not always straightforward. Except for the most simplistic apps that print a "Hello World", there are chances that you atleast have to do the following things:
Migrate parts of your application to utilize the Platform Services/APIs
Rearchitect parts of your application to take maximum advantage of the Cloud i.e. multi-tenancy, Scaling, etc.
You could treat Google App Engine(GAE) as web server hosting with specific web framework (python or java), which can host any normal webapps.
Firefox OS webapps are written with normal web skills. So you can use GAE to 'host' Firefox webapps.
(GAE is also mentioned as one of hosting place in Mozilla Developer Network
https://developer.mozilla.org/en-US/docs/Trash/Publishing_the_app )
The evil detail is Firefox webapp need an extra 'manifest.webapp' file that need extra MIME host settings
self.response.headers['Content-Type'] = 'application/x-web-app-manifest+json'
https://developer.mozilla.org/en-US/Apps/Developing/Manifest#Serving_manifests
Then you are ready to host Firefox Webapp on GAE :)

Phonegap Remote Server Post Security

I have a phonegap app that uses jquery to post to a remote server, running on Google App Engine.
What's the best way to ensure that only my phonegap app can post to this remote server? I've been scouring the web for an answer but can't find anything concrete.
Normally I believe you'd check the referrer to ensure that the request is coming from a whitelisted domain but in this scenario there is no domain because it's a phonegap app.
This question is similar but it's gone unanswered:
Security issues with phonegap remote server access
You can't. Any request that your app can make - including whatever authentication credentials you care to embed in the app - can be generated by a third-party. The most you can do is obfuscate, by embedding secrets in your app, but a clever user can extract these.
A better option would be to authenticate the user, rather than the application.

Is it possible to host the clientaccesspolicy.xml file with the ASP.NET Development Server?

I have a solution with two service projects (one is hosting a unit test silverlight application and other is providing the services being tested). Because of cross-domain policy, I have to publish the primary service site to IIS before the unit test site can consume a service.
Is it possible to host the clientaccesspolicy.xml file on ASP.NET Development Server so I can run these without needing to do an IIS publish first? OR, does Visual Studio provide a more elegant solution?
I don't know of a "more elegant" solution, however you can serve a clientaccesspolicy.xml file from a ASP.NET development server, its after all just a static file. Just add it to the web project as a Content file.

Resources