none
Deployment over the Internet for Outlook 2010 Add-in using Visual Studio 2010 VSTO 2010 ClickOnce - please help RRS feed

  • Question

  • I have developed an Outlook add-in using Visual Studio 2010 VSTO 2010. It is targetted towards both Outlook 2010 64 bit and 32 bit. My development computer is a 64 bit windows 7 computer. The Outlook add-in is meant to be downloaded from an Internet (not Intranet) web site and then installed. I first used the temporary key generated by Visual Studio 2010 to sign the application, built and published it. Then I put the published files (an exe, a vsto and a "application files" folder) in a zip file and uploaded it to the internet web site. From a client computer I downloaded the zip file, extracted all its contents and tried to install the exe. I got an error "customized functionality in this application will not work because the certificate used to sign the deployment manifest is not trusted". I tried to install the .vsto and got the same error.

    After this I did some more digging and found recommendations that I should get a code signing certificate from a trusted root certificate authority to sign the application. So, I got a code signing certificate from Trustwave and used that to "sign the ClickOnce manifests" in the "signing" tab of the "Properties" section of my Visual Studio 2010 Outlook add-in project.

    Then I repeated the steps I mentioned in the first paragraph above and am still facing the same problem while installing on the client computer.

    right-clicking on the Properties of the downloaded zip file shows "this file came from another computer and might be blocked to help protect this computer" with an unblock option. I know if I unblock it will install without any error.

    Probably before downloading the zip file, adding the web site from which it is downloaded to the trusted zone in IE may not cause this problem.

    But, how to overcome this problem without doing any of the above 2?

    what am I doing wrong?

    The outlook add-in is intended towards anyone out there in the world and that anyone should not have to tamper with their web browser security settings, nor have to tamper with the security settings on the downloaded zip file.

    What is the point of using a code signing certificate from a trusted authority then?

    Can anyone please help how to overcome this problem?

     

    thanks.

    Friday, April 22, 2011 6:40 PM

All replies

  • Hi Noviceoutlookaddindeveloper,

    Here is a link about the cause of the error:
    Click Once Install problem.
    http://social.msdn.microsoft.com/forums/en-US/vsto/thread/e8eb1540-a3c6-4987-9d89-909990e117d7

    In addition, here is a thread about this problem:
    Deployment Problem
    http://social.msdn.microsoft.com/Forums/en-US/vsto/thread/f3ca32c2-8737-4df5-9007-8d8ed18cb905

    Please check to see if these can help you to solve the problem.
    Best Regards,


    Bruce Song [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, April 25, 2011 2:31 AM
  • Hi,

    normally you would say "Publish" using the right click or the Properties in Visual Studio to directly publish the AddIn to your Webserver.
    That is the easiest way. In the Signing Tab of your AddIn you need to select your code signing certificate in the store.

    After the AddIn has been published, you can point the user directly to the html-page on the publish-location or the setup.exe in the publish directory.

    Using this way, installation works like a charme.

    Hope this helps,

    Greets - Helmut


    Helmut Obertanner [http://www.x4u.de] [http://www.outlooksharp.de]
    Tuesday, April 26, 2011 6:33 AM
    Answerer
  • Hi,

    normally you would say "Publish" using the right click or the Properties in Visual Studio to directly publish the AddIn to your Webserver.
    That is the easiest way. In the Signing Tab of your AddIn you need to select your code signing certificate in the store.

    After the AddIn has been published, you can point the user directly to the html-page on the publish-location or the setup.exe in the publish directory.

    Using this way, installation works like a charme.

    Hope this helps,

    Greets - Helmut


    Helmut Obertanner [http://www.x4u.de] [http://www.outlooksharp.de]


    Hi Helmut,

    What you suggest is not practically possible here. Note that the location where the setup.exe will reside is not in an intranet environment. it is on an internet environment and has no direct network connection with my development box. I cannot publish it to the web server directly. I have to publish on my dev box and then copy it over to the web server.

    I am still reading through the couple of links Bruce suggested and trying to figure out how to automate everything so as to make it transparent for the final user without compromising the user's computer.

    thanks for offering your comments though.

    n

     

    Tuesday, April 26, 2011 9:25 PM
  • Hi Noviceoutlookaddindeveloper,

    Here is a link about the cause of the error:
    Click Once Install problem.
    http://social.msdn.microsoft.com/forums/en-US/vsto/thread/e8eb1540-a3c6-4987-9d89-909990e117d7

    In addition, here is a thread about this problem:
    Deployment Problem
    http://social.msdn.microsoft.com/Forums/en-US/vsto/thread/f3ca32c2-8737-4df5-9007-8d8ed18cb905

    Please check to see if these can help you to solve the problem.
    Best Regards,


    Bruce Song [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Bruce, Thanks for your help. I read through the posts in the 2 links you posted. Please correct me if I am wrong, but, it looks like there is no way to Install the ClickOnce application for the Outlook 2010 Add-in from an Internet URL without any manual security configuration steps even though the application is signed by a trusted authenticode certificate.

    What I found is that the install will work only if either of the 2 steps below are performed:

    1) The code-signing certificate is added to the Trusted Publishers group in the local client certificate store AND the root certificate of the code-signing certificate issuing authority is added to the Intermediate Certification Authorities group. If this is done then the application installs from the intenet URL without any prompting. If only the certificate issuing authority's root certificate is added to the Intermediate Certificate Authorities group, then the install works but with prompting. I wrote a console application to automate this, but, it won't run without administrator access. One has to run it as administrator, only then will it add the certificates to the desired locations in the local certificate store. I don't know how to add this to the bootstrapping mechanism of the ClickOnce application AND run as administrator. If anyone knows how to do this, help will be appreciated.

    2) If the domain name of the Internet URL from which the ClickOnce application will be installed is added to the Trusted Zones of Internet Explorer, then the install works unprompted. I don't know how to do this in VB.net. There is C++ code to do this here: http://msdn.microsoft.com/en-us/library/ms537181(VS.85).aspx, but, I have no idea how to convert this to vb.net and then how to add this to the bootstrapping mechanism of the ClickOnce application. SInce, I was unable to create this application to add domain name to the Trusted Zone of IE, i don't also know if it requires administrator privileges to run.

    Any help will be appreciated.

    Thanks,

    N

     

    Friday, April 29, 2011 2:13 PM
  • Hi Noviceoutlookaddindeveloper,

    I will do further research about your problem.

    Best Regards,


    Bruce Song [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, May 2, 2011 9:11 AM
  • Hi Noviceoutlookaddindeveloper,

    I will do further research about your problem.

    Best Regards,


    Bruce Song [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Thank you Bruce, Appreciate all your help!
    Monday, May 2, 2011 4:11 PM
  • Hi Noviceoutlookaddindeveloper,

    I will do further research about your problem.

    Best Regards,


    Bruce Song [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Any further news for me Bruce?
    Friday, May 6, 2011 2:21 PM
  • Hi Noviceoutlookaddindeveloper,

    Sorry for the late response.

    I have helped you to involve some one who are more expert at this problem. Appreciate your patience.

    Best Regards,


    Bruce Song [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, May 9, 2011 12:29 PM
  • I also need this answer.

     


    Carl Dichter
    Thursday, May 12, 2011 12:50 AM
  • Can anyone please help?
    Thursday, May 19, 2011 2:03 PM