Using Visual Studio 2012, the manifest signed, but the assembly is not

3
votes

I am using ClickOnce application deployment, and I just got my code certificate from Verisign. I am using this certificate to sign the manifest.

When I download and install the application, the smartscreen comes up with my name on it (lame, but I think this is what is supposed to happen). When the ClickOnce installer completes, the smartscreen comes up again for the execution of the actual application, here it says 'Unknown Publisher'.

Does ClickOnce not sign the assemblies by default? How do I do this?

Edit: Currently I am letting VS sign my manifest (installer) for the ClickOnce, and I am setting a Post-build event to sign my assembly. But still when I install the application it says 'unknown publisher' when I go to actually run it.

1
deploymentvisual-studio-2012clickonce

1 Answers

0
votes

That does not sound right to me. I have used exactly the same workflow for multiple applications, and it works fine. Most likely there is an issue with your postbuild step. Make sure that you sign EXE file inside the OBJ folder (because that's where ClickOnce takes all the files from) - not the BIN one.

Do ClickOnce publishing, go to the OBJ folder, right click on your application.exe file, and select properties. It should have six tabs - the last one being "Digital Signature":

Enter image description here

If you don't have it, you don't sign your application properly.

And here is my postbuild step - note that I sign "RELEASE" configuration only:

  <Target Name="SignOutput" AfterTargets="CoreCompile" Condition="'$(ConfigurationName)'=='Release'">
    <PropertyGroup>
      <TimestampServerUrl>http://timestamp.verisign.com/scripts/timestamp.dll</TimestampServerUrl>
      <ApplicationDescription>my app</ApplicationDescription>
      <SigningCertificateCriteria>/n "my company."</SigningCertificateCriteria>
    </PropertyGroup>
    <ItemGroup>
      <SignableFiles Include="$(ProjectDir)obj\$(ConfigurationName)\$(TargetName)$(TargetExt)" />
    </ItemGroup>
    <Exec Condition=" '$(ConfigurationName)'=='Release'" Command="&quot;c:\Program Files (x86)\Windows Kits\8.0\bin\x64\signtool.exe&quot; sign $(SigningCertificateCriteria) /d &quot;$(ApplicationDescription)&quot; /t &quot;$(TimestampServerUrl)&quot; &quot;%(SignableFiles.Identity)&quot;" />
  </Target>