(Disclaimer: This is my first blog post)
You may be aware that ClickOnce installation and updating is not supported via proxy servers that require authentication credentials other than the users default credentials.
The thread suggests that there is hot fix but as far as I am aware this does not fix the issue which is also highlighted at the end of the thread.
I came across this very issue working on a project for a client who required the application we were writing for them to run inside various different environments using varying proxy servers and configurations. In order to accommodate this we allowed the user to either use the proxy settings provided in IE or to be able to override this with custom proxy settings. This worked fine for WCF, HTTP calls and even for creating BITS jobs but we were unable to get ClickOnce updates working.
And it was all because of this little gem in the System.Deployment.SystemNetDownloader:
This means that every time .Net tries to download a file via the SystemNetDownloader it is overwriting the credentials on the default web proxy with the users default credentials.
In order to work around this short sighted implementation I created a wrapper around the WebProxy object which implemented the IWebProxy interface, the important part here was to specifically do nothing with the Set on the Credentials property and provide a alternative way of setting the proxy credentials:
The final piece of the puzzle is to setup the proxy, the following should be placed at an appropriate place in the application workflow:
It is worth pointing out that this only solves the issue with ClickOnce and proxy authentication once the application is installed you will still need to find away to get the application on to the users computer first, distribute by CD for example.