I am working on deploying a ClickOnce Application build on .NET 4.5 Here are the facts:
However, no matter what I do, when I use the "Publish Now" button to actually publish the ClickOnce application, all of the file get published, but when I download the "Setup.exe", it ALWAYS says "Unknown Publisher".
Any ideas on what I'm doing wrong? I have been researching this for several weeks and I have read through enough to believe that I'm doing it "correctly", but I just must be missing some small checkbox or setting, or something of course.
Any help appreciated.
-- W.G.
As far as I know the "Unknown Publisher" keys off the code-signing, which Visual Studio doesn't provide an interface for. Oh, it does have signing interfaces, but only for manifest signing and strong-name assembly signing. This other question mentions the three signings, too.
To get the "Unknown Publisher" replaced with your org name, you'll have to add a bit of XML to your .csproj or .vbproj file. Right before the closing </Project>
tag, you'll need to call SignTool.exe, which I manually copied to my solution's main Bin folder (If you don't have it, it's part of the Windows SDK). Here's what mine looks like:
<!-- This section is used for code-signing the application. This should not be confused with manifest signing or with strong-name assembly signing, which can both be done from the Visual Studio interface. -->
<Target Name="SignOutput" AfterTargets="CoreCompile">
<PropertyGroup>
<TimestampServerUrl>http://timestamp.verisign.com/scripts/timstamp.dll</TimestampServerUrl>
<ApplicationDescription>A.Franklin's Awesome App</ApplicationDescription>
<SigningCertificateCriteria>/sha1 0c0ff5e29404b7d78q2517f487da0b1a0912c4da</SigningCertificateCriteria>
</PropertyGroup>
<ItemGroup>
<SignableFiles Include="$(ProjectDir)obj\$(ConfigurationName)\$(TargetName)$(TargetExt)" />
</ItemGroup>
<Exec Command=""$(ProjectDir)..\Bin\SignTool" sign $(SigningCertificateCriteria) /d "$(ApplicationDescription)" /t "$(TimestampServerUrl)" "%(SignableFiles.Identity)"" />
</Target>
To get the hash code (the "0c0ff5..." above) for my certificate, which I already had installed on my machine, I did this:
You could use SignTool.exe manually too, but for me this setup runs it transparently during each compile.