I have a VS2012 solution (WinForm vb.net) which I deploy thanks to ClickOnce. I do some tests today for deploying this application. I'm able to publish and deploy this application without signing the ClickOnce manifest nor signing the assembly. On the Signing tab of my project I uncheck 'Sign the ClickOnce manifests' and 'Sign the assembly'. I don't have any errors (about assembly not signed) when installing this application.
I copy the published folder on a USB key and install it on another computer without problem. I'm also able to update my application and install these updates automatically (thanks to ClickOnce).
I read a lot about ClickOnce and signing and it seems I don't have to sign for WinForm application.
Does someone can confirm this? I wonder if I copy my ClickOnce folder on a share on the network company if I can always install it without problems?
Tomorrow I will have the opportunity to try to install on the company's network (not today).
Thanks for your help.
Signing ClickOnce manifests is optional since .Net 3.5. See here for confirmation from Microsoft: http://msdn.microsoft.com/en-us/library/zfz60ccf.aspx
Related
So I built an Outlook VSTO Add-in, and in visual studio on the signing page selected a valid certificate which was bought from a Cert Authority. When I publish the add-in, it all works fine and the installer is trusted.
Here's where it gets weird - When I zipped and emailed it to a colleague they found that the application had an unknown publisher. So I downloaded it from the email I sent them on my pc (the one I built the app with) and sure enough the certificate seemed to be untrusted. Zipping and unzipping the files that I already had locally worked fine and the app was trusted, but the exact same file taken from my email is untrusted.
I'm completely baffled, don't even know how to start googling this issue - anyone got any ideas?
Figured out the answer for anyone else that runs into this problem.
The hash used by VS when creating a clickonce application is SHA1 (yes, even with VS2019), but SHA1 was depreciated by MS in 2017, meaning anything signed using it is not trusted by later versions of office. Thus you have to publish an unsigned clickonce application with Visual Studio, and then use the "Developer Command Prompt for VS" to sign the .exe with the cert using SHA265.
I want to add a desktop (WPF) application to the Windows Store using the Desktop Bridge (MakePri, MakeAppx). I have tested my build process using a self-sign certificate and all is well.
However, I cannot find any information stating whether I need an Extended Validation (EV) certificate or if an Organization validated (OV) certificate is sufficient. I know an OV certificate can cause SmartScreen warnings for installer .msi packages.
I also found old links (relating to Windows 8 apps) which say that the store does not use SmartScreen. But I cannot find anything relating to Windows 10 desktop apps packaged via the Desktop Bridge.
Will an OV certificate cause SmartScreen warnings when my converted application is downloaded from the store?
You don't need to use a valid certificate to publish your app to the Store. You just need to sign it with a test certificate. When you upload it to dev. center, it will be signed by Microsoft to be distributed through the Store.
I couldn't find a documentation that clarifies this, just saying it by my own experience. There are some notes here:
To test your app in a realistic setting as you prepare for
distribution, it's best to sign your app and then install it.
Visual Studio signs your app by using a test certificate. You'll find
that certificate in the output folder that the Create App Packages
wizard generates. The certificate file has the .cer extension and
you'll have to install that certificate into the Trusted Root
Certification Authorities store on the PC that you want to test your
app on.
Also if you use the new update of Visual Studio, you can create Desktop Bridge apps and publish them to the Store entirely through Visual Studio using the Windows Application Package project. It means you don't need to manually pack and sign it, VS does it for you.
Edit
Your users do not see an Smart Screen anyways. It makes sense since your app cannot run with administrator privileges. If your app needs a functionality that requires admin privileges, you need to consider it before moving forward.
I am trying to publish a small Microsoft Office customization using Visual Studio 2013. I purchased a code-signing certificate from GoDaddy (issued by Starfield Technologies) and used it to sign the program. However, when a user tries to install the ClickOnce Manifest, they get the following error:
Customized functionality in this application will not work because the
certificate used to sign the deployment manifest for RiskMP or its
location is not trusted. Contact your administrator for further
assistance.
The program is being downloaded from the same server from which the private key was generated and the same URL that was specified in the publish.
The only solution I have found so far is to add the URL to the list of trusted sites in IE internet options, but this isn't a very good solution as it requires a lot of steps on the part of the user. I'd like to simplify this installation as much as possible. Any help is greatly appreciated.
We have a windows application. To deploy it we used windows installer. Now as our application require lots of automatic update we are thinking to move to winform clickonce deployment.
The only problem is we have some DLL in our project which require registration (vsdrfCOMRelativePath). How can I achieve the same in clickonce deployment
ClickOnce installs are for one user account, so will that be an issue? Services won't install either. ClickOnce isn't just another way of doing what an MSI install does, it is very different. You may be better off adding code to your app to call a web service and downloading the update rather than converting to ClickOnce. As far as I know, you can't run COM registration from ClickOnce. Make sure you understand all the ways in which MSI differs from ClickOnce!
I have a problem with a ClickOnce deployment of a Windows Forms application. When I built the new setup, and tried to export it overwriting as usual the previous setup, Visual Studio came up stating that my certificate is expired.
This behaviour is described in You receive an error message when you try to update a Visual Studio 2005 ClickOnce application after the certificate that was used to sign the installation expires and there is a workaround in RenewCert - Working Version. But these solutions are not applicable in my situation.
Another workaround involves taking back the system date of the deployment server to a date before the certificate expiry date (during the deployment operations) - but I see this as a very "last chance".
How can I fix this problem? Is there another workaround I can try?
I found a blog entry, ClickOnce and Expiring Code Signing Certificates by James Harte, that describes a method to have your application remove itself and launch the new ClickOnce install. It worked for me.
I ran into this problem almost two years ago. There is really no good workaround if RenewCert won't work for you. I even emailed the ClickOnce authority, Brian Noyes, and got confirmation that there were no good workarounds.
We ended up buying a 3 year cert and telling our users to uninstall. However, if I remember correctly, the users only got error messages when launching the app from the start menu. If they went to the web page, it installed the app and ran fine. Of course the client then had 2 versions of the app on their machines :). I can't remember what happened to the start menu shortcuts in that scenario.