All right, I'm not doing something right, and I need some help. Here's what's happening:
When I build and publish, everything works! The setup.exe is signed with my Comodo certificate, so that's good. Also, the .application
file is signed with the Comodo certificate and my company name shows as the publisher -- this is also good.
Here comes the problem: Once the application is downloaded to the client, Windows 8 throws up a warning about an untrusted program (MyProgram.exe) and the publisher is not my company name. So, everything is getting signed except for the actual executable.
I've tried adding a post-build script that uses signtool.exe on obj\Release\MyProgram.exe, but when I try to install the application, I get a manifest error stating that the hash values don't match. In other words, the manifest is getting generated before the post-build event.
How do I sign my .exe and maintain the ClickOnce manifest's integrity? Is there a simple way to do this or do I have to use mage.exe on every file, by hand (I hope not)?
Click the Publish tab. Click the Updates button to open the Application Updates dialog box. In the Application Updates dialog box, make sure that the check box The application should check for updates is selected. In the Choose when the application should check for updates section, select After the application starts.
ClickOnce and DirectInvoke in Microsoft Edge | Microsoft Learn. This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Well, no one has jumped on this, but thankfully, I figured it out!
Thanks to this question: "File has a different computed hash than specified in manifest" error when signing the EXE
I was able to edit the project file's XML (Unload the project, then choose "Edit myproject.csproj") and added:
<Target Name="SignOutput" AfterTargets="CoreCompile">
<PropertyGroup>
<TimestampServerUrl>http://timestamp.comodoca.com/authenticode</TimestampServerUrl>
<ApplicationDescription>My Project Friendly Name</ApplicationDescription>
<SigningCertificateCriteria>/n MyCertName</SigningCertificateCriteria>
</PropertyGroup>
<ItemGroup>
<SignableFiles Include="$(ProjectDir)obj\$(ConfigurationName)\$(TargetName)$(TargetExt)" />
</ItemGroup>
<GetFrameworkSdkPath>
<Output TaskParameter="Path" PropertyName="SdkPath" />
</GetFrameworkSdkPath>
<Exec Command=""$(SdkPath)bin\signtool" sign $(SigningCertificateCriteria) /d "$(ApplicationDescription)" /t "$(TimestampServerUrl)" "%(SignableFiles.Identity)"" />
I had to move the signtool.exe file into the SDK folder (C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin, in my case), but after that it worked like a charm!
I hope this helps someone else in the future.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With