Monday, February 25, 2013

ClickOnce, Windows 8 and SmartScreen (If you're using ClickOnce, planning on Windows 8 [Desktop] and don't have a CA cert, read this...)

RobinDotNet's Blog - Windows 8 and ClickOnce : the definitive answer

There have been a lot of copies of Windows 8 sold since it came out a few months ago, and the Surface Pro was just released. (In fact, I’m writing this on my brand new Surface Pro, which I really like, but that’s a subject for another time.)

If you’re using ClickOnce deployment, you’re probably wondering how (or if) it’s going to work with Windows 8. I’ve worked with Saurabh Bhatia at Microsoft to ensure that this article will cover what you need to know. We use ClickOnce at GoldMail (whose product is now called Point Across) for our desktop product and VSTO applications, as well as several internal utility applications, so I’ve also tested this on our products to make sure it’s accurate.

If you are hosting your deployment on a file share or on an intranet, you won’t have to make any changes. You can go get ice cream now while the rest of us soldier on.

If you are hosting your deployment on the internet, you will eventually get calls from your customers who have upgraded to Windows 8 or purchased a Windows 8 machine. So let’s talk about that.

I’m not going to talk about the bootstrapper right now; that’s going to come up later. For now, let’s concentrate on the ClickOnce application itself. When a user installs a ClickOnce application on Windows 8, here’s what happens:


How will the application work after publishing it with a signed executable?

If you sign your executable and your deployment with a valid certificate from a Certificate Authority like Verisign using one of the methods above, when the user clicks install, it will install without stopping and showing the SmartScreen filter, and updates will do the same. Yay!

Do I have to use a certificate from a Certificate Authority to circumvent the Smart Screen Filter?


Is there any workaround?



This is a great article on ClickOnce in the Win8/IE10/SmartScreen filter world. Looks like I'm going to have to pony up and get a real cert, which is not all that bad, but still...


jpigott said...


Are you doing the build first, then sign .exe, and then publish.

Is there a post build command you are using to do the sign of the executable before doing the publish?

jpigott said...

do you have a post build command handy to sign the .exe?

Or will this work?

Greg Duncan said...

@jpigott Just so you know... I'm only highlighting Robin's work because I thought it cool and something I might be able to use in the future.

To connect with Robin, you should click through to the entire article and comment there...