1

I have a WPF project built in Visual Studio using the .NET framework. The application will be deployed in multiple locations so that users on different networks will be able to run it and get updates (Publish -> Application Updates -> Before the application starts).

I'm trying to set up a pipeline to eventually test and publish the application to the multiple locations. To add security I've decided to self sign the manifest using (Signing -> Sign the ClickOnce manifests).

enter image description here

From what I've read (What is signing ClickOnce manifests for?), you should sign a manifest to add security to your users that the application / update came from you.

My problem is that when Azure tries to build the application in the Pipeline it generates the following error.

Short:

Error MSB3323: Unable to find manifest signing certificate in the certificate store

Long:

##[error]C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(3222,5): Error MSB3323: Unable to find manifest signing certificate in the certificate store.

The Googled solution seems to require me to remove this security feature. (“Unable to find manifest signing certificate in the certificate store” - even when add new key)

Did I misunderstand the solution, reason for self-signing or should I be looking for another solution? (Note: We are not looking to purchase a certificate from a 3rd party.)

Additional Information about the application

Security -> [Checked:true] Enable ClickOnce security settings

And

Security -> This is a full trust application

Let me know if you need additional information about project/solution/build/Azure Settings/... Not to sure what would be relevant to the question and I don't want to dump the entire project here. Please ask and I'll update.

EDIT:

YML DOCUMENT. 

# ASP.NET Core (.NET Framework)
# Build and test ASP.NET Core projects targeting the full .NET Framework.
# Add steps that publish symbols, save build artifacts, and more:
# https://learn.microsoft.com/azure/devops/pipelines/languages/dotnet-core

trigger:
- master

pool:
  vmImage: 'windows-latest'

variables:
  solution: '**/*.sln'
  buildPlatform: 'Any CPU'
  buildConfiguration: 'Release'

steps:
- task: NuGetToolInstaller@1

- task: NuGetCommand@2
  inputs:
    restoreSolution: '$(solution)'

- task: VSBuild@1
  inputs:
    solution: '$(solution)'
    msbuildArgs: '/p:DeployOnBuild=true /p:WebPublishMethod=Package /p:PackageAsSingleFile=true /p:SkipInvalidConfigurations=true /p:DesktopBuildPackageLocation="$(build.artifactStagingDirectory)\WebApp.zip" /p:DeployIisAppPath="Default Web Site"'
    platform: '$(buildPlatform)'
    configuration: '$(buildConfiguration)'
Mandelbrotter
  • 2,216
  • 2
  • 11
  • 28
  • 1
    Which agent did you use? Hosted agent or Self-hosted agent? Did you try to build it in self-hosted agent and check if the error still occur? Perhaps the hosted machines would not have your cert installed in the cert store. – Frank Wang-MSFT Oct 11 '19 at 06:48
  • Short answer: I think I used hosted agent. Long answer: I tried looking for a setting that allowed me to specify Hosted or Self-Hosted but could not find it. Here is more info about it. I use Azure Pipelines. Processing of new requests is set to embedded and I've posted the yml in my post. Where should I look to see this setting. – Mandelbrotter Oct 11 '19 at 13:00
  • Note: I can build with no problems on my local dev machine. – Mandelbrotter Oct 11 '19 at 13:10
  • "Agent: Hosted Agent" Just found it in Job Information – Mandelbrotter Oct 11 '19 at 13:18
  • 1
    That's the point. Using a self-hosted agent like you do on-premise is the solution here if you are running the signing the same way you were on-premise. The hosted machines would not have your cert installed in the cert store. – Frank Wang-MSFT Oct 15 '19 at 01:26
  • Hi, how the things going? Does my answer could help you resolve your issue? If yes, you can accept the answer thus other SO users will be able to see whether the solution works. If you still facing some issues, feel free to leave comment here :-) – Frank Wang-MSFT Oct 28 '19 at 08:54
  • Sorry I tested much later after I read this and forgot to come back here to accept it. Yes it worked perfectly, thank you. – Mandelbrotter Oct 28 '19 at 12:34

1 Answers1

1

Using a self-hosted agent like you do on-premise is the solution here if you are running the signing the same way you were on-premise. The hosted machines would not have your cert installed in the cert store.

Frank Wang-MSFT
  • 1,367
  • 6
  • 6