ClickOnce Prompt for Citrix Published App

Thanks to the state of the world currently, I’ve recently had to publish a lot more applications through Citrix for people that need access to on-prem applications, which gave me the following scenario.

I have an on-prem application that runs through Internet Explorer. More specifically, when a user navigates to the site, it triggers an application to run, which brings up the ClickOnce Security Prompt that we all know and love:

Security Warning

Normally, I would expect for Citrix to be able to properly bring this up, but it turns out that Citrix can’t do it without some jiggering. I had published Internet Explorer (C:\Program Files (x86)\Internet Explorer\iexplorer.exe) and added the option to open to the site (http://site/sitepage), but doing so did not bring up the prompt. Doing this on the same server in Desktop mode showed the prompt, so I knew it was a specific issue with the way Citrix publishes apps and allows those apps to interact with other executables.

After some Googling and ill-fated attempts to make registry modifications, NIcolas Couture on this thread gave me the answer I was looking for:
https://discussions.citrix.com/topic/289806-report-builderapplication-run-%E2%80%93-security-warning-before-starting/

Creating a batch file with the following content, and then publishing that batch file did the trick.

CD /D "C:\Windows\Microsoft.NET\Framework\v4.0.30319"
START DFSVC.EXE
Start "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "http://myserver.com/webapp/"

For reference as to what I had previously tried that DID NOT work, here’s a list:

  • Setting the site into the Trusted Sites Zone and changing the following settings to “Enable.”
    • Launching applications and unsafe files
    • Launching programs and files in an IFRAME (I don’t know why I thought this would work. This was not in an IFRAME. We’ll call it desperation)
  • Going into the registry and setting the following keys to Enabled at HKLM\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel , in the order I tried them (again, out of desperation) [and here’s the link to the article that gave me this red herring to chase]
    • TrustedSites
    • Internet
    • LocalIntranet
    • MyComputer
    • UntrustedSites

So yeah, don’t do any of these things. Do the thing up top.

Happy hunting, and stay safe out there.

One Reply to “ClickOnce Prompt for Citrix Published App”

Leave a Reply

Your email address will not be published.