dotnet security: How to deploy a VS2005 VB app without signing the clickonce manifest and assy -- dotnet security

You're in the

dotnet security

group:

How to deploy a VS2005 VB app without signing the clickonce manifest and assy

How to deploy a VS2005 VB app without signing the clickonce manifest and assy

Phillip
10/17/2006 10:44:29 AM

dotnet security:

I would really like to avoid having to reinstall this app on 20 some
users on our local network because the Certificate expires after a
year. But as soon as I uncheck the "Sign the ClickOnce manfiest box" it
checks itself after I rebuild the app and then the publish fails with
the error:

SignTool reported an error 'Failed to sign
bin\Debug\PHFx.publish\PHFx.publish\\setup.exe. SignTool Error:
ISignedCode::Sign returned error: 0x80880253

The signer's certificate is not valid for signing.

SignTool Error: An error occurred while attempting to sign:
bin\Debug\PHFx.publish\PHFx.publish\\setup.exe

It is a local network. I don't care about all of these signing tools I
just want an easy deployment.

Thanks,
Phil

Re: How to deploy a VS2005 VB app without signing the clickonce manifest and assy

Dominick Baier
10/17/2006 6:03:43 PM

Why do you have to resign after one year ? what type of certificates are
you using? If you are using a VS generated one - this cannot be validated
anyway regardless of expiration (unknown publisher)

And no - you always have to sign the manifest.

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

[quoted text, click to view]

Re: How to deploy a VS2005 VB app without signing the clickonce manifest and assy

Nicole Calinoiu
10/19/2006 6:55:36 PM

Have you considered applying a timestamp at signing time? (See the docs for
the "Timestamp server URL" textbox on the project properties "Signing" tab.)
Applying a timestamp will allow the signature to continue to be evaluated as
valid even after the signing certificate eventually expires.

[quoted text, click to view]

Re: How to deploy a VS2005 VB app without signing the clickonce manifest and assy

simeyLA NO[at]SPAM gmail.com
11/10/2006 4:32:33 PM

This is obviously a very undesirable and regrettable feature for
ClickOnce.

I've discovered a useful workaround. Just set your system clock back
while publishing the application. Then deploy it, and the client will
still be able to use it (even if their system clock is past the
expirationd date). Remember to reset your system clock !

This is a quick and dirty fix for all of those people that right now
are discovering this limitation.

I havent tried the timestamp thing yet, or even looked to see what it
is - this is just the workaround I discovered.

Re: How to deploy a VS2005 VB app without signing the clickonce manifest and assy

GiddyUpHorsey
12/12/2006 9:28:37 PM

Thanks for posting that workaround. It worked for me. It's a very
annoying defect in ClickOnce and the error message doesn't help much.

Re: How to deploy a VS2005 VB app without signing the clickonce manifest and assy

Dominick Baier
12/13/2006 12:00:00 AM

cool. there is always a workaround for security - once you try it hard enough....(sarcasm)

-----
Dominick Baier (http://www.leastprivilege.com)

[quoted text, click to view]

Re: How to deploy a VS2005 VB app without signing the clickonce manifest and assy

Phillip
12/20/2006 1:47:45 PM

I recreated a key with an expiration date 2036.

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the dotnet security group.

home · blog · groups

Questions? Comments? Contact the dn