Develop Office Client Applications using Visual Studio
I just posted another interview on Channel 9. I sit down again with Saurabh Bhatia, a Program Manager on the Office Client team, who is responsible for the ClickOnce publishing functionality in Visual Studio. We chat about trust issues and certificates and he sets me straight on how ClickOnce deployment and application manifests work. He then shows how to resign them outside of Visual Studio using a tool called Mage. This is really handy for folks that need to modify the files within a deployment package, like the application settings (app.config) file, but don't have Visual Studio installed.
Channel 9: Resigning ClickOnce Application and Deployment Manifests with MAGE
Saurabh draws on the whiteboard in this one and since I'm a one (wo)man show I couldn't jump up and zoom in so I redrew it for you all here.
Links from the show:
Enjoy, -Beth Massi, Visual Studio Community
I had a few ClickOnce questions that weren't addressed in the video.
1. I thought with VS 2008 signing the manifests was no longer a requirement. Is that correct? What implications are there for a currently signed and deployed app to remove the signing on the next version?
2. What's the latest version of Mage? I have v3.5.30729.1, but it forces me to sign my manifests. Do I not have the latest version on Mage or is the unsigned option not available via Mage?
3. In the past we've had tons of trouble with certificates expiring. It looks like there's a tool, RenewCert.exe, that you can use on self certs to extend to expiration date. Is there an option for actual certicates that expire? When our Verisign cert expires, are we stuck with telling clients to uninstall before they get the latest version signed with our renewed cert?
1. I thought with VS 2008 signing the manifests was no longer a requirement. Is that correct?
>>> Yes signing manifests is optional if your application targets .Net 3.5 SP1 framework. Also this only applies to Winforms/WPF/ConsoleApps. Notably VSTO still enforces the requirement to sign manifests.
1. What implications are there for a currently signed and deployed app to remove the signing on the next version?
>>> When you more from a currently signed app to a new version that is not signed, end users will get a trust prompt when they try to install the update. The trust prompt will not contain any publisher information and the end user will have to decide whether to trust the app and take the update or not.
Interestingly if you go from an unsigned app to a signed app you will not get a trust prompt even if a temporary certificate is used to sign.
>>>Mage is actually two tools – Mage.exe the command line tool and MageUI a GUI tool that lets you edit manifests.
The latest version of Mage.exe is 3.5.21022.8
The latest version of MageUI.exe is 3.5.30729.1
With Mage commandline you can simply choose to use the -update option and update the manifests without signing them.
When you try to save a manifest from MageUI it will prompt you to choose a certificate to sign the file but there is also an option for “Don’t Sign” which will save the file without signing the manifest.
>>>Yes the certificate expiry scenario has caused a lot of pain for developers using ClickOnce. With .Net 3.5 you can choose to sign your application with a new certificate and the application will be automatically updated to use the new certificate, if the new certificate is not trusted then end users will see a trust prompt during the update. The application itself does not need to target .Net 3.5 just the end users machine needs to have .Net 3.5 in order for this to work. The fix is also available in .Net 2.0 SP1 so if you are on a Windows XP machine with .Net 2.0 SP1 then this scenario will work. On a Vista Machine you need to install .Net 3.5 for it to work. Unfortunately not all scenarios have been solved, if you are updating your application through the programmatic update API in System.Deployment then the expired certificate scenario will still cause trouble. You will still have to rely on uninstalling the previous version and installing the new one with the renewed certificate if you are trying to update the application through the API.
Hope that answers all your questions.
Thank you so much! That helps a ton. ClickOnce is a great technology. I just find it difficult because some of the details are obscure and seem undocumented.
I had one follow-up questions to #2. You say you have the option with MageUI to not sign. That's correct for application manifests. However, when I try to point my deployment manifest to an unsigned app manifest, it won't let me. Am I missing something?
Sorry took me long to reply back here.
You are right about the optional signing and MageUI. Unfortunately there seems to be an issue with MageUI where you will get an error dialog if you try to select an unsigned application manifest. I suggest you use command line mage to achieve the same.
I have just posted a longer entry that illustrates the various signing steps but looks like you are already very familiar with these.