4

i have a strange problem. I recently changed the certificate to SHA256, target framework is .NET 4.0, no other changes, i get the below error when loading my VSTO add-in.

Name: From: file:///C:/Program Files (x86)/SomeAddin.vsto

************** Exception Text ************** System.Deployment.Application.InvalidDeploymentException: Exception reading manifest from file:///C:/Program%20Files%20(x86)/SomeAddin.vsto: the manifest may not be valid or the file could not be opened. ---> System.Deployment.Application.InvalidDeploymentException: Manifest XML signature is not valid. ---> System.Security.Cryptography.CryptographicException: SignatureDescription could not be created for the signature algorithm supplied. at System.Security.Cryptography.Xml.SignedXml.CheckSignedInfo(AsymmetricAlgorithm key) at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key) at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey) at System.Deployment.Internal.CodeSigning.SignedCmiManifest.Verify(CmiManifestVerifyFlags verifyFlags) at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s) --- End of inner exception stack trace --- at System.Deployment.Application.Manifest.AssemblyManifest.ValidateSignature(Stream s) at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri) --- End of inner exception stack trace --- at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.GetManifests(TimeSpan timeout) at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()

strangely, when i remove "file:///" from my manifest URL in the registry it works fine, this is on .NET 4.0.

The issue is also not seen on 4.5 framework, with that "file:///", any thoughts ??

<OutputType>Library</OutputType>
    <NoStandardLibraries>false</NoStandardLibraries>
    <RootNamespace>Some.Addin</RootNamespace>
    <AssemblyName>Some.Addin</AssemblyName>
    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
    <ManifestCertificateThumbprint>{somethumbprint}</ManifestCertificateThumbprint>
    <ManifestKeyFile>
    </ManifestKeyFile>
    <SignManifests>true</SignManifests>
    <SignAssembly>true</SignAssembly>
    <AssemblyOriginatorKeyFile>Somefile.snk</AssemblyOriginatorKeyFile>
    <DelaySign>false</DelaySign>

This is different from “Manifest XML signature is not valid” on client machine but works fine on developer computer because removing "file:///" from the manifest file fixes the problem. If .NET 4.5 was involved, then the problem should have persisted.

Community
  • 1
  • 1
Telson Alva
  • 842
  • 6
  • 22
  • 37
  • Can you please remove the duplicate tag ? I have updated the question with why its not the same. – Telson Alva Oct 12 '15 at 14:33
  • Note the _"or the file could not be opened"_ verse. The URL is probably invalid/unsupported. – ivan_pozdeev Oct 12 '15 at 15:07
  • :) the file is there.. Duh.. So brings me to the part that confuses me, why does removing 'file:///' make it work? Without the certificate upgradation it worked fine. – Telson Alva Oct 12 '15 at 18:38
  • Darn, I didn't read the exception to the end. The root one is "SignatureDescription could not be created for the signature algorithm supplied." I'd try to debug this with ILSpy/.NET Reflector. Still maintain that most probably, it's "invalid/unsupported" - maybe some bug/limitation that was fixed in 4.5. – ivan_pozdeev Oct 12 '15 at 18:47
  • I am also facing same issue some of the systems working fine, some of the systems not working through in error message From: file:///C:/Program Files (x86)/xxx/yyy/AddWordIn.vsto, any one got solution please explain me – Satheeshkumar Somu Apr 19 '18 at 08:02

0 Answers0