Configure deployment security settings
May include but is not limited to: configuring and integrating UAC by using ClickOnce deployments; setting appropriate security permissions to deploy the application
I have read some very controversial information about UAC and ClickOnce and WPF, so I decided to get onto the bottom of things.
By default, a WPF application needs Full Trust permission, because it needs to call unmanaged code to build its window. However, Full Trust is the devil itself (and is obviously a mock in the philosophy of least principle) so you should configure your applications to have the relevant rights.
This can be done in the Project Properties menu’s Security tab. There you can edit ClickOnce security settings. You can even set the application to run in Partial Trust (which will be the level your users will use it). Even better, you can set Visual Studio to debug in Partial Trust mode – a very nice thing, because you’ll surely see what your end users will. You can set the Local Intranet and the Internet zones’ security settings. You can even define a custom one, where you can edit the resulting XML file by hand. For some strange purposes, the ClickOnce deployment model doesn’t allow demanding administrative rights (at least you cannot specify the requestedExecution level element’s level attribute to requireAdministrator or highestAvaliable). I think this makes sense, because the whole point of ClickOnce development is to get an application up and running with a couple of mouse clicks.
As for configuring UAC with ClickOnce I didn’t find any useful information. In fact MSDN and the rest only told me that it’s against the nature of ClickOnce to have UAC support. If you need some, then you will need to write a shell application which requests for a UAC prompt, and call your ClickOnce setup from there. A stinking but working solution.