none
ClickOnce security warning.

    Question

  • Hi
    i've published my desktop app on webServer by clickOnce, now when user run it via http request, this security warning prompt to user. i found some links to create certificate for my app in server and client but i'm looking for other way to avoid this message by Code (because many clients must use app and i don;t want to configure each client, i want to do this by code), is there any way ?
    Thanks
    this is my Signature
    • Moved by Harry Zhu Friday, May 15, 2009 3:58 AM I'm moving the thread to clickonce forum ,since it's relating to click once issue (From:Visual C# General)
    Tuesday, May 12, 2009 4:49 AM

All replies

  • Hi,
      What is your Client's OS? If it is vista it will show for security warning if it runs under administrative privilages.

    -- Thanks Ajith R [Remember to Mark as Answer if it is Helpful.]
    Tuesday, May 12, 2009 12:53 PM
  • Hi Hamed_1983,

    This is one way that you can do it from your backend: http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx

    But i'm not pretty sure if you can do it without being backed up on the Trusted Root Certification Authorities by a third party like VeriSign.

    Here is another very useful article that helped me out when i was having problems publishing a ClickOnce. We have chosen to go with a VeriSign certificate in order to save us some hassle and testing time.

    Good luck!
    Tuesday, May 12, 2009 1:40 PM
  • If you could get around that warning programmatically, then you could download anonymous code to anyone who accidentally clicked a link on a website.  That's a large security risk.  From a CD or other physical media, of course, that warning doesn't appear.

    Basically, for web hosted code, you have to be a trusted publisher, or the user has to approve it.  That's a good thing.
    Michael Asher
    Tuesday, May 12, 2009 1:43 PM
  • Hi Hamed_1983,

    This is one way that you can do it from your backend: http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx

    But i'm not pretty sure if you can do it without being backed up on the Trusted Root Certification Authorities by a third party like VeriSign.

    Here is another very useful article that helped me out when i was having problems publishing a ClickOnce. We have chosen to go with a VeriSign certificate in order to save us some hassle and testing time.

    Good luck!

    Hi suciua
    i saw your link and tried it in my code, but my question is that where i must use it in my code ?
    can u give me an example ?

    Note : my app run in local intranet.

    Thanks

    this is my Signature
    Tuesday, May 12, 2009 6:11 PM
  • Any help ?
    this is my Signature
    Wednesday, May 13, 2009 11:07 AM

  • Hi Hamed,

    You can not run the X509Store class from your startup event, you can not do this from an XBAP.

    Here is an article that comes to my help: http://social.msdn.microsoft.com/Forums/en-US/wpf/thread/23cd7010-774f-47c5-abb6-d0f93a627f8e

    If you follow this article they propose using the SupportUrl in order to send the user to install the certificate.

    I don't have a straight forward answer yet due to the fact that i have came across this issue and my higher management turned me to something else till product release. :)

    If you give me a day or two i may be able to get into making an example of some sort.
    Wednesday, May 13, 2009 3:27 PM
  • Thanks suciua
    i'm waiting for u.
    Best regards.

    this is my Signature
    Wednesday, May 13, 2009 5:00 PM
  • Hi Hamed_1983,

    This document is the one you need.
    http://msdn.microsoft.com/en-us/library/ms996418.aspx

    When a ClickOnce application is being launched on a user's desktop the first time, the .NET Framework runtime will first check to ensure that the application manifests have not been tampered with since they were signed with whatever publisher certificate was used for signing.

    So what constitutes a trusted publisher? First, you must always sign the ClickOnce deployment and application manifests with a publisher certificate. Next, the certificate used to sign a ClickOnce application must be configured in the Trusted Publishers certificate store on the user's machine.

    Publisher certificates come in two flavors—self-generated or third-party–verified (by Verisign, for example). A certificate is issued by a certificate authority, which itself has a certificate that identifies it as a certificate issuing authority. A self-generated certificate is one that you create for development purposes, and you basically become both the certificate authority and the publisher that the certificate represents.

    To be used for production purposes, you should be using a certificate generated by a third party, either an external company like Verisign or an internal authority such as your domain administrator in an enterprise environment.

    Sincerely,
    Kira Qian


    Please mark the replies as answers if they help and unmark if they don't.
    Friday, May 15, 2009 6:21 AM
  • Hi Kira
    is there any way to do this without implementing certificate, i want only run desktop application on each client without installation (in local interanet). i found some links about CAS (code access security) and this code to implement security level in my app :

    //Create new X509 store called teststore from the local certificate store.
                X509Store store = new X509Store("teststore", StoreLocation.CurrentUser);
                store.Open(OpenFlags.ReadWrite);
                X509Certificate2 certificate = new X509Certificate2();
    
                //Create certificates from certificate files.
                //You must put in a valid path to three certificates in the following constructors.
                X509Certificate2 certificate1 = new X509Certificate2("c:\\mycerts\\testCert.cer");
    
                //Add certificates to the store.
                store.Add(certificate1);            
    
                X509Certificate2Collection storecollection = (X509Certificate2Collection)store.Certificates;
                
                //Remove a certificate.
                store.Remove(certificate1);
                X509Certificate2Collection storecollection2 = (X509Certificate2Collection)store.Certificates;            
                X509Certificate2Collection storecollection3 = (X509Certificate2Collection)store.Certificates;            
                store.Close();
    but i don't know where i must use this code, can u help me ? is there anyWay to do this and avoid configuring certificate ?
    this is my Signature
    Friday, May 15, 2009 2:38 PM