Thanks to the state of the world currently, I’ve recently had to publish a lot more applications through Citrix for people that need access to on-prem applications, which gave me the following scenario.
I have an on-prem application that runs through Internet Explorer. More specifically, when a user navigates to the site, it triggers an application to run, which brings up the ClickOnce Security Prompt that we all know and love:
Normally, I would expect for Citrix to be able to properly bring this up, but it turns out that Citrix can’t do it without some jiggering. I had published Internet Explorer (C:\Program Files (x86)\Internet Explorer\iexplorer.exe) and added the option to open to the site (http://site/sitepage), but doing so did not bring up the prompt. Doing this on the same server in Desktop mode showed the prompt, so I knew it was a specific issue with the way Citrix publishes apps and allows those apps to interact with other executables.
After some Googling and ill-fated attempts to make registry modifications, NIcolas Couture on this thread gave me the answer I was looking for:
Creating a batch file with the following content, and then publishing that batch file did the trick.
CD /D "C:\Windows\Microsoft.NET\Framework\v4.0.30319" START DFSVC.EXE Start "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "http://myserver.com/webapp/"
For reference as to what I had previously tried that DID NOT work, here’s a list:
- Setting the site into the Trusted Sites Zone and changing the following settings to “Enable.”
- Launching applications and unsafe files
- Launching programs and files in an IFRAME (I don’t know why I thought this would work. This was not in an IFRAME. We’ll call it desperation)
- Going into the registry and setting the following keys to Enabled at HKLM\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel , in the order I tried them (again, out of desperation) [and here’s the link to the article that gave me this red herring to chase]
So yeah, don’t do any of these things. Do the thing up top.
Happy hunting, and stay safe out there.
3 Replies to “ClickOnce Prompt for Citrix Published App”
Thanks, this is so helpful! I’ve been searching for a solution.
Thanks for sharing! I used this workaround successfully with a ClickOnce application run on a Server 2012 R2 server. However, from a Server 2019 OS, I’m prompted to save the file .application file instead of the application launching automatically.
Did you get this method to work on Server 2019?
I haven’t yet had to move this server to 2019 yet, but just thinking out loud, I wonder if the issue is that 2019 uses a different .NET Framework version? This specifically requires that DFSVC.EXE be in “C:\Windows\Microsoft.NET\Framework\v4.0.30319” Maybe it’s somewhere else in 2019.