On the Security tab of the project properties window, we can specify the security permissions that our application requires. To do so, we can tick the Enable ClickOnce security settings checkbox and select whether our application is a full or partial trust application.
For a typical desktop application, it is common to specify that it is a full trust application, but otherwise we can specify just the trust level that we require. Note that unless the application publisher is set as a trusted publisher on the end user's computer, they might be required to grant any required permissions during installation.
If we specify that our application is a partial trust application, then we can either select from pre-configured zones that contain specific groups of permissions, or select custom permissions, in which case, we can manually specify our required permissions directly in the application manifest file.
Note that even if we have specified our application as a partial trust application, we usually have full trust when developing. In order to develop using the same permissions that our application requires and therefore see the same errors as the users, we can click the Advanced button and tick the Debug this application with the selected permission set checkbox.
On the Signing tab of the project properties window, we can optionally digitally sign the ClickOnce manifests by ticking the Sign the ClickOnce manifests checkbox. If we have a valid certificate that has been persisted in the computer's certificate store, then we can select it to sign the ClickOnce manifests using the Select from Store button.
Alternatively, if we have a Personal Information Exchange (PFX) file, we can sign the manifests with it by clicking on the Select from File button and selecting it in the file explorer that opens. If we don't currently have a valid certificate, we can optionally create one for testing purposes by clicking on the Create Test Certificate button.
However, note that a test certificate should not be deployed with a production application as they do not contain verifiable information about the publisher. When installing the ClickOnce application with a test certificate, users will be informed that the publisher cannot be verified and asked to confirm whether they really want to install the application. For the peace of mind of the end users, a real certificate should be used and a copy stored in their Trusted Publishers Certificate Store.
We can also optionally sign the assembly by ticking the Sign the assembly checkbox and selecting a Strong Name Key (SNK) file from the associated drop-down control. If we haven't previously selected one, we can add a new one from the same drop-down control.
This completes the summary of the configuration pages used for a ClickOnce deployment. They provide practically the same settings as the other deployment technologies, except those to do with the location of the installed files and the security permissions that may be required to install. Let's now look at how we can safely store files on the host computer in non-full trust applications.