Paul makes a good point that Microsoft is slow to adopt and use it’s own technology. As some Microsofters put it: “eating your own dog food”.

Unfortunately, this is very true, and isn’t an isolated incident.

At work, we have no direct Internet access, All machines are isolated, and can’t even resolve a DNS entry outside the corporate network, let alone connect to it.  Internet access is granted through the use of a corporate proxy – which requires you to authentication, and ensures only authorised users can access web sites outside the firewall. 

As it would happen, we’re mostly a Microsoft shop, and so of course – a lot of applications and services leverage the Single Signon (SSO) capability delivered by Windows Domains and Active Directory. The proxy server happens to be one of these services – if you try and request a site, it’ll ask you to authenticate. No big deal, both Internet Explorer, and Firefox support NTLM / Kerberos Authentication, so everything happens seamlessly. 

I decided I’d try using a ClickOnce application, which is a feature introduced in .NET 2.0 - so, it’s certainly not new technology. Proxy Servers requiring authentication are also nothing new – they’ve been around for years (decades?), so it shouldn’t come as a surprise that almost every application around that has proxy support, also has a username and password box. That is – unless they go to the effort of enabling SSO.

You can probably see where I’m going with this – so, to cut a long story short – it turns out that Microsoft has not enabled any form of Proxy Authentication support in ClickOnce for .NET 2.0. Yes, you can call up Microsoft and request the patch manually – but you need to hand over your card details first, and you might be let off without charge.

Microsoft – You need to start eating your own dogfood – a lot more often.