ClickOnce 安全性和部署ClickOnce security and deployment

ClickOnceClickOnce 是一種部署技術,可讓您建立自行更新的 Windows 應用程式,並以最少的使用者互動來進行安裝和執行。is a deployment technology that enables you to create self-updating Windows-based applications that can be installed and run with minimal user interaction. 如果您已使用 Visual Basic 和視覺效果C#開發專案,Visual StudioVisual Studio 提供發佈和更新以 ClickOnce 技術部署之應用程式的完整支援。Visual StudioVisual Studio provides full support for publishing and updating applications deployed with ClickOnce technology if you have developed your projects with Visual Basic and Visual C#. 如需部署視覺化C++應用程式的相關資訊,請參閱Visual C++ applications 的 ClickOnce 部署For information about deploying Visual C++ applications, see ClickOnce Deployment for Visual C++ Applications.

ClickOnceClickOnce 部署克服了部署中的三個主要問題:deployment overcomes three major issues in deployment:

  • 更新應用程式的困難。Difficulties in updating applications. 使用 Microsoft Windows Installer 部署時,每當更新應用程式時,使用者就可以安裝更新(msp 檔案),並將它套用到已安裝的產品;透過 ClickOnceClickOnce 部署,您可以自動提供更新。With Microsoft Windows Installer deployment, whenever an application is updated, the user can install an update, an msp file, and apply it to the installed product; with ClickOnceClickOnce deployment, you can provide updates automatically. 只會下載應用程式中已變更的部分,然後從新的並存資料夾重新安裝完整的已更新應用程式。Only those parts of the application that have changed are downloaded, and then the full, updated application is reinstalled from a new side-by-side folder.

  • 對使用者電腦的影響。Impact to the user's computer. 有了 Windows Installer 部署,應用程式通常會依賴共用元件,而且可能會發生版本衝突的情況;使用 ClickOnceClickOnce 部署時,每個應用程式都是獨立的,而且不會干擾其他應用程式。With Windows Installer deployment, applications often rely on shared components, with the potential for versioning conflicts; with ClickOnceClickOnce deployment, each application is self-contained and cannot interfere with other applications.

  • 安全性權限。Security permissions. Windows Installer 部署需要系統管理許可權,而且只允許受限的使用者安裝;ClickOnceClickOnce 部署可讓非系統管理使用者安裝並僅授與應用程式所需的代碼啟用安全性許可權。Windows Installer deployment requires administrative permissions and allows only limited user installation; ClickOnceClickOnce deployment enables non-administrative users to install and grants only those Code Access Security permissions necessary for the application.

    在過去,這些問題有時候會導致開發人員決定建立 Web 應用程式,而不是以 Windows 為基礎的應用程式,而犧牲豐富的使用者介面來方便安裝。In the past, these issues sometimes caused developers to decide to create Web applications instead of Windows-based applications, sacrificing a rich user interface for ease of installation. 藉由使用以 ClickOnceClickOnce部署的應用程式,您可以擁有這兩種技術的最佳選擇。By using applications deployed using ClickOnceClickOnce, you can have the best of both technologies.

什麼是 ClickOnce 應用程式?What is a ClickOnce application?

ClickOnceClickOnce 應用程式是使用 ClickOnceClickOnce 技術發行的任何 Windows Presentation Foundation (xbap)、Windows Forms ( .exe)、主控台應用程式( .exe)或 Office 方案( .dll)。A ClickOnceClickOnce application is any Windows Presentation Foundation (.xbap), Windows Forms (.exe), console application (.exe), or Office solution (.dll) published using ClickOnceClickOnce technology. 您可以用三種不同的方式發佈 ClickOnceClickOnce 應用程式:從網頁、網路檔案共用或 CD-ROM 等媒體。You can publish a ClickOnceClickOnce application in three different ways: from a Web page, from a network file share, or from media such as a CD-ROM. ClickOnceClickOnce 應用程式可以安裝在終端使用者的電腦上,並在本機執行,即使電腦已離線,或可以在僅限線上模式下執行,而不需要在使用者的電腦上永久安裝任何專案。A ClickOnceClickOnce application can be installed on an end user's computer and run locally even when the computer is offline, or it can be run in an online-only mode without permanently installing anything on the end user's computer. 如需詳細資訊,請參閱選擇 ClickOnce 部署策略For more information, see Choose a ClickOnce deployment strategy.

ClickOnceClickOnce 應用程式可以自行更新;他們可以檢查是否有較新的版本可供使用,並自動取代任何已更新的檔案。applications can be self-updating; they can check for newer versions as they become available and automatically replace any updated files. 開發人員可以指定更新行為;網路系統管理員也可以控制更新策略,例如將更新標記為強制性。The developer can specify the update behavior; a network administrator can also control update strategies, for example, marking an update as mandatory. 使用者或系統管理員也可以將更新回復為先前的版本。Updates can also be rolled back to an earlier version by the end user or by an administrator. 如需詳細資訊,請參閱選擇 ClickOnce 更新策略For more information, see Choose a ClickOnce update strategy.

因為 ClickOnceClickOnce 的應用程式是隔離的,所以安裝或執行 ClickOnceClickOnce 應用程式無法中斷現有的應用程式。Because ClickOnceClickOnce applications are isolated, installing or running a ClickOnceClickOnce application cannot break existing applications. ClickOnceClickOnce 的應用程式都是獨立的;每個 ClickOnceClickOnce 應用程式都會安裝到每個使用者、每個應用程式的安全快取,並從該安全性執行。applications are self-contained; each ClickOnceClickOnce application is installed to and run from a secure per-user, per-application cache. ClickOnceClickOnce 應用程式會在網際網路或內部網路安全性區域中執行。applications run in the Internet or Intranet security zones. 如有需要,應用程式可以要求提高安全性權限。If necessary, the application can request elevated security permissions. 如需詳細資訊,請參閱保護 ClickOnce 應用程式For more information, see Secure ClickOnce applications.

ClickOnce 安全性的運作方式How ClickOnce security works

核心 ClickOnceClickOnce 安全性是以憑證、代碼啟用安全性原則和 ClickOnce 信任提示為基礎。The core ClickOnceClickOnce security is based on certificates, code access security policies, and the ClickOnce trust prompt.


Authenticode 憑證是用來驗證應用程式發行者的真實性。Authenticode certificates are used to verify the authenticity of the application's publisher. 藉由使用 Authenticode 進行應用程式部署,ClickOnce 有助於防止有害程式拿本身,做為來自已建立、可信任來源的合法程式。By using Authenticode for application deployment, ClickOnce helps prevent a harmful program from portraying itself as a legitimate program coming from an established, trustworthy source. 或者,也可以使用憑證來簽署應用程式和部署資訊清單,以證明檔案尚未遭到篡改。Optionally, certificates can also be used to sign the application and deployment manifests to prove that the files have not been tampered with. 如需詳細資訊,請參閱ClickOnce 和 AuthenticodeFor more information, see ClickOnce and Authenticode. 憑證也可以用來設定用戶端電腦,使其具有受信任的發行者清單。Certificates can also be used to configure client computers to have a list of trusted publishers. 如果應用程式來自受信任的發行者,則可以在不需要任何使用者互動的情況下進行安裝。If an application comes from a trusted publisher, it can be installed without any user interaction. 如需詳細資訊,請參閱信任的應用程式部署概觀For more information, see Trusted application deployment overview.

程式碼存取安全性Code access security

代碼啟用安全性有助於限制程式碼對受保護資源的存取。Code access security helps limit the access that code has to protected resources. 在大多數情況下,您可以選擇 [網際網路] 或 [近端內部網路] 區域來限制許可權。In most cases, you can choose the Internet or Local Intranet zones to limit the permissions. 使用ProjectDesigner中的 [安全性] 頁面,要求適用于應用程式的區域。Use the Security page in the ProjectDesigner to request the zone appropriate for the application. 您也可以使用受限制的許可權來偵錯工具,以模擬終端使用者體驗。You can also debug applications with restricted permissions to emulate the end-user experience. 如需詳細資訊,請參閱 ClickOnce 應用程式的程式碼存取安全性For more information, see Code access security for ClickOnce applications.

ClickOnce 信任提示ClickOnce trust prompt

如果應用程式要求的許可權比區域所允許的更多,則系統會提示使用者進行信任決策。If the application requests more permissions than the zone allows, the end user can be prompted to make a trust decision. 使用者可以決定是否信任執行 ClickOnce 應用程式,例如 Windows Forms 應用程式、Windows Presentation Foundation 應用程式、主控台應用程式、XAML 瀏覽器應用程式和 Office 方案。The end user can decide if ClickOnce applications such as Windows Forms applications, Windows Presentation Foundation applications, console applications, XAML browser applications, and Office solutions are trusted to run. 如需詳細資訊,請參閱如何:設定 ClickOnce 信任提示行為For more information, see How to: Configure the ClickOnce trust prompt behavior.

ClickOnce 部署的運作方式How ClickOnce deployment works

核心 ClickOnceClickOnce 部署架構是以兩個 XML 資訊清單檔案為基礎:應用程式資訊清單和部署資訊清單。The core ClickOnceClickOnce deployment architecture is based on two XML manifest files: an application manifest and a deployment manifest. 這些檔案可用來描述 ClickOnce 應用程式的安裝位置、更新的方式,以及更新的時間。The files are used to describe where the ClickOnce applications are installed from, how they are updated, and when they are updated.

發佈 ClickOnce 應用程式Publish ClickOnce applications

應用程式資訊清單會描述應用程式本身。The application manifest describes the application itself. 這包括元件、組成應用程式的相依性和檔案、必要的許可權,以及可用的更新位置。This includes the assemblies, the dependencies and files that make up the application, the required permissions, and the location where updates will be available. 應用程式開發人員會使用 Visual Studio 中的 [發行嚮導] 或 Windows Software Development Kit (SDK)Windows Software Development Kit (SDK)中的資訊清單產生和編輯工具(mage.exe),來撰寫應用程式資訊清單。The application developer authors the application manifest by using the Publish Wizard in Visual Studio or the Manifest Generation and Editing Tool (Mage.exe) in the Windows Software Development Kit (SDK)Windows Software Development Kit (SDK). 如需詳細資訊,請參閱如何:使用發行嚮導發行 ClickOnce 應用程式For more information, see How to: Publish a ClickOnce application using the Publish Wizard.

部署資訊清單會描述應用程式的部署方式。The deployment manifest describes how the application is deployed. 這包括應用程式資訊清單的位置,以及用戶端應該執行的應用程式版本。This includes the location of the application manifest, and the version of the application that clients should run.

部署 ClickOnce 應用程式Deploy ClickOnce applications

部署資訊清單在建立之後會複製到部署位置。After it is created, the deployment manifest is copied to the deployment location. 這可能是 Web 伺服器、網路檔案共用或 CD 之類的媒體。This can be a Web server, network file share, or media such as a CD. 應用程式資訊清單和所有應用程式檔也會複製到部署資訊清單中指定的部署位置。The application manifest and all the application files are also copied to a deployment location that is specified in the deployment manifest. 這個位置可能與部署位置相同,也可能是不同的位置。This can be the same as the deployment location, or it can be a different location. 在 Visual Studio 中使用 [發行嚮導] 時,會自動執行複製作業。When using the Publish Wizard in Visual Studio, the copy operations are performed automatically.

安裝 ClickOnce 應用程式Install ClickOnce applications

在應用程式部署到部署位置之後,終端使用者可以在網頁上或資料夾中按一下代表部署資訊清單檔案的圖示,來下載和安裝應用程式。After it is deployed to the deployment location, end users can download and install the application by clicking an icon representing the deployment manifest file on a Web page or in a folder. 在大部分的情況下,使用者會看到一個簡單的對話方塊,要求使用者確認安裝,之後安裝會繼續進行,而且不需要額外介入即可啟動應用程式。In most cases, the end user is presented with a simple dialog box asking the user to confirm installation, after which installation proceeds and the application is started without additional intervention. 在應用程式需要提高許可權的情況下,或如果應用程式不是由受信任的憑證簽署,對話方塊也會要求使用者授與許可權,才能繼續安裝。In cases where the application requires elevated permissions or if the application is not signed by a trusted certificate, the dialog box also asks the user to grant permission before the installation can continue. 雖然 ClickOnce 安裝是針對每位使用者,但如果有需要系統管理員許可權的必要條件,可能就需要許可權提升。Though ClickOnce installs are per-user, permission elevation may be required if there are prerequisites that require administrator privileges. 如需更高許可權的詳細資訊,請參閱保護 ClickOnce 應用程式For more information about elevated permissions, see Securing ClickOnce applications.

憑證可以在電腦或企業層級受到信任,讓以受信任憑證簽署的 ClickOnce 應用程式可以無訊息方式安裝。Certificates can be trusted at the machine or enterprise level, so that ClickOnce applications signed with a trusted certificate can install silently. 如需有關受信任憑證的詳細資訊,請參閱信任的應用程式部署總覽For more information about trusted certificates, see Trusted application deployment overview.

應用程式可以新增至使用者的 [開始] 功能表,以及 [控制台] 中的 [新增或移除程式] 群組。The application can be added to the user's Start menu and to the Add or Remove Programs group in the Control Panel. 不同于其他部署技術,程式檔案資料夾或登錄不會新增任何專案,而且安裝不需要系統管理許可權。Unlike other deployment technologies, nothing is added to the Program Files folder or the registry, and no administrative rights are required for installation


您也可以防止將應用程式新增至 [開始] 功能表和 [新增或移除程式] 群組,這樣做的行為就像 Web 應用程式一樣。It is also possible to prevent the application from being added to the Start menu and Add or Remove Programs group, in effect making it behave like a Web application. 如需詳細資訊,請參閱選擇 ClickOnce 部署策略For more information, see Choose a ClickOnce deployment strategy.

更新 ClickOnce 應用程式Update ClickOnce applications

當應用程式開發人員建立應用程式的更新版本時,會產生新的應用程式資訊清單,並將檔案複製到部署位置(通常是原始應用程式部署資料夾的兄弟資料夾)。When the application developers create an updated version of the application, they generate a new application manifest and copy files to a deployment location—usually a sibling folder to the original application deployment folder. 系統管理員會更新部署資訊清單,以指向應用程式新版本的位置。The administrator updates the deployment manifest to point to the location of the new version of the application.


Visual Studio 中的 [發行嚮導] 可以用來執行這些步驟。The Publish Wizard in Visual Studio can be used to perform these steps.

除了部署位置外,部署資訊清單也包含更新位置 (網頁或網路檔案共用),應用程式會在該位置檢查更新的版本。In addition to the deployment location, the deployment manifest also contains an update location (a Web page or network file share) where the application checks for updated versions. ClickOnceClickOnce發行屬性會用來指定應用程式檢查更新的時間和頻率。Publish properties are used to specify when and how often the application should check for updates. 您可以在部署資訊清單中指定更新行為,也可以透過 ClickOnceClickOnce Api,在應用程式的使用者介面中以使用者選擇的方式呈現。Update behavior can be specified in the deployment manifest, or it can be presented as user choices in the application's user interface by means of the ClickOnceClickOnce APIs. 此外,也可以運用 [Publish] (發佈) 屬性將更新設為強制性,或復原為較舊版本。In addition, Publish properties can be employed to make updates mandatory or to roll back to an earlier version. 如需詳細資訊,請參閱選擇 ClickOnce 更新策略For more information, see Choosing a ClickOnce update strategy.

協力廠商安裝程式Third party installers

您可以自訂 ClickOnce 安裝程式,以安裝協力廠商元件和您的應用程式。You can customize your ClickOnce installer to install third-party components along with your application. 您必須擁有可轉散發套件(.exe 或 .msi 檔案),並使用語言中性的產品資訊清單和語言特定的套件資訊清單來描述套件。You must have the redistributable package (.exe or .msi file) and describe the package with a language-neutral product manifest and a language-specific package manifest. 如需詳細資訊,請參閱建立啟動載入器套件For more information, see Creating bootstrapper packages.

ClickOnce 工具ClickOnce tools

下表顯示您可以用來產生、編輯、簽署及重新簽署應用程式和部署資訊清單的工具。The following table shows the tools that you can use to generate, edit, sign, and re-sign the application and deployment manifests.

工具Tool 描述Description
專案設計工具、安全性頁面Security Page, Project Designer 簽署應用程式和部署資訊清單。Signs the application and deployment manifests.
專案設計工具、發行頁面Publish Page, Project Designer 產生和編輯 Visual Basic 和視覺效果C#應用程式的應用程式和部署資訊清單。Generates and edits the application and deployment manifests for Visual Basic and Visual C# applications.
Mage.exe (資訊清單產生和編輯工具)Mage.exe (Manifest Generation and Editing Tool) 產生 Visual Basic、視覺效果C#和視覺效果C++應用程式的應用程式和部署資訊清單。Generates the application and deployment manifests for Visual Basic, Visual C#, and Visual C++ applications.

簽署並重新簽署應用程式和部署資訊清單。Signs and re-signs the application and deployment manifests.

可以從批次腳本和命令提示字元執行。Can be run from batch scripts and the command prompt.
MageUI.exe (資訊清單產生和編輯工具,圖形化用戶端)MageUI.exe (Manifest Generation and Editing Tool, Graphical Client) 產生和編輯應用程式和部署資訊清單。Generates and edits the application and deployment manifests.

簽署並重新簽署應用程式和部署資訊清單。Signs and re-signs the application and deployment manifests.
GenerateApplicationManifest 工作GenerateApplicationManifest task 產生應用程式資訊清單。Generates the application manifest.

可以從 MSBuild 執行。Can be run from MSBuild. 如需詳細資訊,請參閱 MSBuild 參考For more information, see MSBuild reference.
GenerateDeploymentManifest 工作GenerateDeploymentManifest task 產生部署資訊清單。Generates the deployment manifest.

可以從 MSBuild 執行。Can be run from MSBuild. 如需詳細資訊,請參閱 MSBuild 參考For more information, see MSBuild reference.
SignFile 工作SignFile task 簽署應用程式和部署資訊清單。Signs the application and deployment manifests.

可以從 MSBuild 執行。Can be run from MSBuild. 如需詳細資訊,請參閱 MSBuild 參考For more information, see MSBuild reference.
ManifestUtilities 的部署。Microsoft.Build.Tasks.Deployment.ManifestUtilities 開發您自己的應用程式,以產生應用程式和部署資訊清單。Develop your own application to generate the application and deployment manifests.

下表顯示在這些瀏覽器中支援 ClickOnce 應用程式所需的 .NET Framework 版本。The following table shows the .NET Framework version required to support ClickOnce applications in these browsers.

瀏覽器Browser .NET Framework 版本.NET Framework version
Internet ExplorerInternet Explorer 2.0、3.0、3.5、3.5 SP1、42.0, 3.0, 3.5, 3.5 SP1, 4
FirefoxFirefox 2.0 SP1、3.5 SP1、42.0 SP1, 3.5 SP1, 4

請參閱See also