Background: I have a .NET application, which must be deployed and auto-configured to work in multiple third-party environments. Currently, it gets deployed via posting a customer-compiled MSI to the intranet. The reason why MSI needs to be customer compiled is to specify deployment parameters, such as internal web service URLs to connect to.
Problem statement: both MSI and ClickOnce deployment installations must be signed; otherwise security popup shows. I have a signing key, but cannot sign them, since there is no information about which customer environment will it be used in. Customer has information about environment, so he can delpoy as ClickOnce or build MSI, but cannot sign them because he's got no key.
Question: Is it possible to launch pre-built MSI, executable, or ClickOnce application, from a web page, while supplying them parameter(s), such as the URL? Alternatively, is it possible to generate deployment package, such that it can determine from which URL it was downloaded (so that it is used to discover environment)?
Example Solution: One way of addressing the problem is renaming the file itself. For example: rename mysetup.msi to aHR0cDovL215aG9zdC5sb2NhbC9jb25maWcueG1s.msi. This will not break digital signature because file itself is not altered. But the name of MSI is accessible to custom actions, so an action would convert file name to a text and learn that it should read configuration from http://myhost.local/config.xml. That would work, but is pretty ugly. I'm looking for more elegant solution.
I have some difficulties to follow the reason for the "customer-compiled" msi strategy. Quite uncommon thing this :-)
Yes, if you mean with web deploy, the user shall double click on the msi, you cannot pass parameters.
Solution 1: Of course you could ask the user in setup dialogs to fill in the data. There was an earlier answer for this than mine.
Solution 2: Hardcode dependencies. You ask all your customers for their web URLs, try to find out a domain name or special registry key or environment variable for the machines of your customers and put this logic into the msi. The msi will be started on this special environment and could find the correct data. You can even ping different URLs or IPs to assure the environment. Takes some time but.. Not very beautiful, but you could get money every time they want to change something :-)
Solution 3: Prepared machines at the customer Tell the customer: OK, custom compile is not a good solution, If have to deliver one sigend setup, please prepare all your machines by Group policy with a defined registry value(s) where all you specific URL data are captured. These are read out either by setup or by the application itself. Or let him put a custom .config file at a specific place on his own.
Solution 4: Two-step-deployment Deploy the .config file with predefined custom URLs or other configs separately from you MSI. In your MSI you only check, if it exists in the same path already. if you choose an .ini file format, (instead of .xml) MSI is able with standard methods to read them in MSI properties. .XML is supported by tools like InstallShield or others.
Solution 5: Somewhat similar: Don't care for configuration in the setup. Install with the URL/config information and ask the user the first time the app starts, to provide the data or give a path for a config file containing the information.
Solution 6: If the other solutions are not for your case, let the customer sign the MSI with their own certificate. Make a batch script to help him. If the company is not capable of buying an own certificate, buy one separate certificate anywhere for each customer, and include the price in your price for the product and the support :-)
I think 4 and 5 are my favourites, actually.