Search code examples
wpfsecurityclickoncepolicyverisign

How it works when computer recognize trusted/unknown publisher when install a WPF App?


I am working on a WPF App but could not make it as a trusted App after publishing it with clickonce. I looked many post with similar issues, signed the clickonce manifest, installed certificate, created test certificate and finally made the App trusted by my own computer. However, when I install the App on other computers, it is still not trusted by those machines. Does it mean I should ask every user who use my App install the same certificate (.cer file) first? But even after installing the certificate and recognizing the publisher name, some computers still prompt security alert like "Windows protected your PC".

So I wondered, how it works when the computer system recognize trusted/unknown publisher? As my App is not a commercial product, and it runs offline most of the time (I only have a MySql database on a CPanel provided by Godaddy to store user login information and some user input data), so besides purchasing a valid certificate, is there is any other way to work around? If there is, what are the appropriate ways to do it?

Can anyone explain a little bit or provide any source? Thanks in advance!


Solution

  • The certificate that was used to sign the ClickOnce application must be configured in the Trusted Publishers certificate store on all user machines.

    Also the certificate must be purchased from a trusted authority that is a member of the Microsoft Trusted Root Certificate Program: https://social.technet.microsoft.com/wiki/contents/articles/37425.microsoft-trusted-root-certificate-program-participants-as-of-march-9-2017.aspx

    Please refer to the following link for more information about this.

    WPF Application Deployment using ClickOnce with trust certificate