If I run the setup.exe of my application, and the certificate is not a trusted certificate in the store. I get the following dialog box.
And as long as the user clicks Install everything is fine.
Now I have another application, Portal, that launches ClickOnce applications. Portal is installed and already accepted the certificate (different pfx file).
Now when the Portal goes to launch application 1 through code, the above prompt doesn't get shown (because it is already running under the security context?). Most of the code is from the InplaceHostingManager from Microsoft's website.
Now when application 1 runs, it gets errors that the user has denied the privliges. I understand this as because the user never clicked the above warning, application 1 does not have the permissions it needs. From Microsoft's website:
If the application uses Trusted Application Deployment, the common language runtime (CLR) trust manager examines the deployment manifest to determine whether it contains a valid trust license. If the deployment manifest does not contain a valid trust license, ClickOnce stops the installation and throws a TrustNotGrantedException. Update will never display a prompt asking the user if they want to grant the application permission to run.
So I am left with some options.
Get a valid certificate. Now for these applications, we can't justify the cost of about $400 for two years. I am looking into creating our own, however, getting the certificate deployed to the internal client machines is something that the network team may be comfortable with. What is invovled in adding certificates to the Trusted root throughout the company.
Or somehow detect if the application is installed. If not, call out to setup.exe. If so run, the existing deploy code. How do I determine if an application is already installed?
