Search code examples
c#winformsvisual-studio-2015clickoncemage

ClickOnce deployment horrors

I am having trouble signing an application after ClickOnce deployment.

The application is a winforms project with 3 class-library projects and is deployed to a shared file path.

Publish from Visual Studio works and if I run the application it installs fine despite the warning in Windows 10 about it being unrecognized: Windows protected your PC screenshot

So being a foolishly helpful programmer I thought I'd try to remove the warning message for my users.

  • First step was to create a signing certificate. Luckily the sys admin was able to do whip up an internal certificate for me, and I managed to work out how to export it reading this.
  • Then I used Mage UI to sign the manifest. What a "manifest" was exactly I did not know at this stage. Where to find Mage was also an issue as the Windows SDK were not installed on the deployment server. I eventually remoted into the deployment server and ran Mage from my own PC. Using Mage to sign random files I eventually worked out that I needed to sign ALL the .application + .manifest files mentioned in the file structure of this answer.
  • At this point I was stuck with a Reference in the manifest does not match the identity of the downloaded assembly error and after exhausting the 10 different things to try mentioned in this question I started posting here.
  • Then I found this MSDN article where they suggested that the file was in some way corrupt. Which file? Well after comparing the files before and after I noticed that the .application file still had product key = "000000000000000" for the .manifest file instead of the new signed product key.
  • So I went back into Mage and reselected the "Application Reference" for the manifest and signed it again. At which point I got another error could not find a part of the path \\MyFileShare\Application%20Files\MyApplication_1_0_0_23\MyApplication.exe.manifest
  • Eventually I worked out that Mage had delightfully corrupted the file path with urlencoding. I fixed %20 in notepad to and resigned in Mage AGAIN and it worked!!!

Surely I'm doing something wrong and Microsoft didn't intend for this to be so difficult?

TLDR;

What is the correct way to run Mage to sign the application in 1 hit, without having to edit the files manually and resign multiple times?

Solution

  • As Marco Guignard pointed out in the comments it is possible to export a certificate created from anywhere and import it into your personal store to use in Visual Studio.

    Signing it in Visual Studio (pictures) and setting separate publish + install locations allows me to bypass the need to use mage at all!