none
Manual update for signed ClickOnce app throws a TrustNotGrantedException

    Question

  • I have a ClickOnce deployment which is signed by a certificate obtained from Symantec. The security warning prompt after starting the setup shows the publishers name. So it's trusted. But when calling

    ApplicationDeployment.CurrentDeployment.CheckForDetailedUpdate()

    I get the TrustNotGrantedException - User has refused to grant required permissions to the application. If I add my certificate to the Trusted Publishers Store on my machine the exception is not thrown and the CA of Symantec is also added to the store. But obviously I can't add the certificate to the Trusted Publishers Store of our clients who use the app.

    The app is first installed from disc and at every start it checks an online update url. The version on the server does not have more privileges.

    If I don't sign the published ClickOnce app the manual update works. If I sign the published ClickOnce app with a self signed certificate made with makecert the manual update also works.

    How can the update fail if it's full trusted?
    Friday, February 8, 2019 11:28 AM

All replies

  • Hi Fricht,

    I am afraid that you need to send the ".cer" file (the certificate) to the client and install the certificate into the Trusted Publishers Store of his computer before installing your ClickOnce app.

    As for checking for updating, you can "Update" option in the Visual Studio:

    You can set whether to check for updates and when and how often.

    Regards,

    Kyle


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, February 11, 2019 3:09 AM
    Moderator

  • I am afraid that you need to send the ".cer" file (the certificate) to the client and install the certificate into the Trusted Publishers Store of his computer before installing your ClickOnce app.


    That would mean we have to send the certificate each time it expires?

    The automatic update option which we can check in Visual Studio works, but we would like to do it manually to have more control.

    Monday, February 11, 2019 12:18 PM
  • Hi Fricht,

    >> That would mean we have to send the certificate each time it expires?

    I am afraid the answer is yes. Once a certificate expires, you will have to reinstall the new certificate on the client.

    Regards,

    Kyle


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, February 12, 2019 1:44 AM
    Moderator