0

I am working on a WPF App but could not make it as a trusted App after publishing it with clickonce. I looked many post with similar issues, signed the clickonce manifest, installed certificate, created test certificate and finally made the App trusted by my own computer. However, when I install the App on other computers, it is still not trusted by those machines. Does it mean I should ask every user who use my App install the same certificate (.cer file) first? But even after installing the certificate and recognizing the publisher name, some computers still prompt security alert like "Windows protected your PC".

So I wondered, how it works when the computer system recognize trusted/unknown publisher? As my App is not a commercial product, and it runs offline most of the time (I only have a MySql database on a CPanel provided by Godaddy to store user login information and some user input data), so besides purchasing a valid certificate, is there is any other way to work around? If there is, what are the appropriate ways to do it?

Can anyone explain a little bit or provide any source? Thanks in advance!

randomcat
  • 413
  • 1
  • 4
  • 16

2 Answers2

2

The certificate that was used to sign the ClickOnce application must be configured in the Trusted Publishers certificate store on all user machines.

Also the certificate must be purchased from a trusted authority that is a member of the Microsoft Trusted Root Certificate Program: https://social.technet.microsoft.com/wiki/contents/articles/37425.microsoft-trusted-root-certificate-program-participants-as-of-march-9-2017.aspx

Please refer to the following link for more information about this.

WPF Application Deployment using ClickOnce with trust certificate

Community
  • 1
  • 1
mm8
  • 163,881
  • 10
  • 57
  • 88
  • Thanks! Do you have any recommended authority to purchase a certificate? Like Symantec or Verisign? And after I purchasing, do users need to install and trust the certificate first before installing my app? Or is there any way to embed the code of trusting the certificate into installing process? – randomcat Mar 16 '17 at 01:28
1

You mentioned "Windows protected your PC" so we're most probably talking about a SmartScreen issue here. RobinDotNet explained the oddities of ClickOnce and Windows SmartScreen in all detail in her blog posts Windows 8 and ClickOnce : the definitive answer and Windows 8 and ClickOnce : the definitive answer revisited.

  1. As mm8 pointed out in his answer you need a certificate from a valid Certificate Authority.
  2. Besides signing the manifests you need to sign the application executable as well. Since you have a WPF application you will have to do this AfterCompile (at least this was true for VS2012).
  3. My favourite part: You need to earn some magical reputation by people selecting the "Run anyway" option. For our ClickOnce application the SmartScreen message went away after a few days.
Community
  • 1
  • 1
The Chairman
  • 7,087
  • 2
  • 36
  • 44