The core ClickOnce security is based on certificates, code access security policies, and the ClickOnce trust prompt.
Certificates
Authenticode certificates are used to verify the authenticity of the application’s publisher. By using Authenticode for application deployment, ClickOnce helps prevent a harmful program from portraying itself as a legitimate program coming from an established, trustworthy source. Optionally, certificates can also be used to sign the application and deployment manifests to prove that the files have not been tampered with. For more information, see ClickOnce and Authenticode. Certificates can also be used to configure client computers to have a list of trusted publishers. If an application comes from a trusted publisher, it can be installed without any user interaction. For more information, see Trusted Application Deployment Overview.
Code Access Security
Code access security helps limit the access that code has to protected resources. In most cases, you can choose the Internet or Local Intranet zones to limit the permissions. Use the Security page in the Project Designer to request the zone appropriate for the application. You can also debug applications with restricted permissions to emulate the end-user experience. For more information, see Code Access Security for ClickOnce Applications.
ClickOnce Trust Prompt
If the application requests more permissions than the zone allows, the end user can be prompted to make a trust decision. The end user can decide if ClickOnce applications such as Windows Forms applications, Windows Presentation Foundation applications, console applications, XAML browser applications, and Office solutions are trusted to run. For more information, see How to: Configure the ClickOnce Trust Prompt Behavior.