ClickOnce application downloads instead of directly opening the app

Contributor

When opening a ClickOnce app, the *.application file gets saved to my Downloads folder instead of directly opening it. Additionally, since the file is downloaded, then opened from Downloads, it loses the cookie information required for our app to function correctly.

44 Replies
@mjonestx: Sorry, I should've been more precise: If you click the VSTO link (last link in the yellow box) on https://webdbg.com/test/clickonce/, do you see the "Open this file" style UI?

@ericlaw 

 

Yes, I see it when I click that link as well.  See the following screenshot.

 

VSTO4.png

 

Thanks!

MJ

@mjonestx Thanks for reporting this. Fun.

 

So, the trick here is that, when the RequireReadOnly parameter is present on the X-MS-InvokeApp response header (as it is in your example):

ericlaw_0-1622686309791.png 

...the Shell verb used to open the URL is changed from Open to OpenAsReadOnly. However, the VSTO file type's registration doesn't support that verb, so as a consequence the DirectInvoke code says "Hrm, the requested operation isn't supported, I'm not going to DirectInvoke that." If you were to change your registry such that the type claimed support for that verb:

ericlaw_1-1622687124021.png

 

... you'd find that your scenario starts working again. Of course, for deployability reasons, it's probably more straightforward to remove the RequireReadOnly directive.

 

@ericlaw

Thanks for this. I can get it to work fine in an IIS site outside of SharePoint; however, it appears that SharePoint is putting that in regardless of what I try. Even if I remove it from the web.config of the IIS site, when clicking on the link to the .vsto file, it reappears in the response headers.

Any ideas on a way around that?

Unfortunately, no, I don't know much about SharePoint's header configuration. It looks like there's a simple UI that applies to ALL responses (https://blog.bugrapostaci.com/2019/08/23/unable-to-open-documents-using-direct-links-from-sharepoint...) but to remove the token selectively for only certain types seems likely to require a custom HTTPModule (e.g. something like https://tesitgeek.wordpress.com/2016/04/07/ho-to-remove-http-response-headers-for-sharepoint-sites/)