Ajera Requires ClickOnce
Ajera requires ClickOnce technology from Microsoft, which allows you to run Windows applications over the web without requiring administrative rights or workstation configuration changes. You do not need to be a local administrator to run Ajera using ClickOnce. The Ajera program does not access privileged resources. Non-administrators receive the same one-time security prompt as administrators.
If you access Ajera directly from the web without using a VPN, Deltek strongly recommends running SSL. ClickOnce does not support self-signed certificates. Purchase an SSL certificate issued by a trusted root CA.
Running a ClickOnce application for the first time downloads and runs the application from an isolated folder on the workstation. Subsequent runs do not require that the application be downloaded again unless you move Ajera to a new server or update Ajera to a new version. Ajera program files are approximately 35 MB.
Note: | ClickOnce does not support non-standard ports. You must use either port 80 or 443. |
The following scenario describes what happens when an employee logs into Ajera over the web.
- Using a supported web browser, an employee logs into Ajera: http://<server name>/Ajera or https://<server name>/Ajera.
The Ajera login page displays, via anonymous authentication. - When the employee clicks the Login button, Ajera verifies the user name and password against the database using protections against common attacks, such as SQL injection and buffer overrun.
- If Ajera cannot validate the credentials, an error message appears on the login page.
- If Ajera accepts the login credentials, the system creates a forms authentication token on the server with an expiration of 30 days.
- Communication between the Ajera web application and server uses secure HTML5.
- Using the token passed on the Ajera ClickOnce URL, a forms authentication cookie is manually set in all HTTP requests.
- All communication from the Ajera program back to the server for data entry tasks is done via .NET remoting, with custom client and server sinks.
Server calls are in the form of a binary HTTP POST. The address for all server calls is http://servername/Ajera/Secure/SAService.rem, where .rem is a default ISAPI extension that points to ASP.NET, used for remoting purposes.
This cookie allows the request to access the /Ajera/Secure path to process the .NET remoting call. Note that the cookie is not set in Microsoft Internet Explorer (IE) and is not stored anywhere on the client workstation.