Adding StoreFront applications and desktops to Clientless Access on NetScaler Unified Gateway

Did you know it is possible to access XenApp/XenDesktop applications and desktops straight from the Clientless Access portal when using NetScaler? This eliminates the need for users to click and open “Virtual App and Desktop Access” (part of Client Choices) since instead the resources are integrated right in to the Clientless Access section.

Note: Scroll to the bottom for an update – The newest theme (RfWebUI) integrates Citrix hosted applications with bookmarks, clientless access applications and so on without needing to perform the modifications described below.

You need atleast StoreFront 3.0 to do this and NSv11 – NetScaler Unified Gateway will be used to perform this integration.

Firstly, log on to your StoreFront server and open the web.config file located by default in C:\inetpub\wwwroot\YourStoreName\YourStoreNameWeb.1-min

Look for the following text (located towards the bottom of web.config):

“X-Frame-Options” value=”deny”

“Content-Security-Policy” value=”frame-ancestors ‘none””

As you can see there are three instances of the same value. 2-min

Change each value to:

“X-Frame-Options” value=”allow”

“Content-Security-Policy” value=”frame-ancestors ‘self””3At this stage use the Propogate Changes feature within StoreFront to push this change to web.config to any other StoreFront servers within the StoreFront Server Group.

Frame-Ancestors is the predecessor to X-Frame-Options and the value of “self” is pretty much the same value of “Allow” set by X-Frame-Options. Not all browsers support Frame-Ancestors though such as Internet Explorer. X-Frame-Options has been deprecated in Firefox and Chrome so frame-ancestors must be set to “self” if using them browsers. If your users do not use Firefox/Chrome you only need to set the X-Frame-Options value to Allow.

Navigate to your NetScaler Gateway Session Profile and change the Web Interface Portal Mode to Normal then save the configuration. If you have multiple Session Policies which is normal with NetScaler Unified Gateway then change each one that applies.


Now the next time your users log on to NetScaler Unified Gateway and click Clientless Access -> Applications you will see the internal StoreFront resources.5-min

Make sure Single Sign-on to Web Applications is enabled within the Session Profile.6-min

If you don’t you will get the below Cannot complete your request error when trying to access Receiver for Web from Clientless Access.7-min


There is a new RfWebUI theme available for use on NetScaler Gateway which matches the default theme found on StoreFront 3.0+ Receiver for Web. Not only will this give your users a unified look and feel across different platforms it will also include Web/SaaS, XenDesktop, XenApp resources under the same portal.8-minClicking on the details of a resource allows you to add the resource as a favorite. 9-minNow when you click on the Favorites tab you will see your list of favorite resources grouped together for easy viewing. 10-minOn the Apps and Desktops sections you can add your own bookmarks. Enter the requested parameters and click Save. 11-minAny created bookmark resides under the Personal Bookmarks category. 12-minYou can also create an RDP connection if you have configured RDP Proxy on NetScaler. 13-minRDP links appear as below. 14-min


  • Darren

    April 29, 2017

    Hi George – great blog. After following your blog and having no issues, I see there are others out there that have stumbled on this, so great work making it so clear and concise.

    Quick question – is it possible to make the CVPN page the default landing page, removing the choices along with StoreFront and the VPN connection options and going directly to the CPVN landing page?


    • George Spiers

      April 29, 2017

      Hi Darren, thanks and glad it helps you.

      Yes uncheck Client Choices, uncheck Plug-in type. Set Clientless Access to ON

  • Darren

    April 29, 2017

    And I meant others have stumbled on getting it working by using other blogs / articles…


Leave a Reply