We're building a proof of concept windows application based on Windows Forms.
We plan to offer the package for beta testing to a small focus group but whenever one tries to download the app from our website Google Chrome / Internet Explorer report that the software may be malware.
I am not an actual desktop software developer, C# is just an hobby and I have no clue on how "sign" the software as legit. Any advice from someone doing this on a daily basis?
The following are some of the code signing tools I've used so far:
SignTool of Microsoft
DigiCertUtility
Those code signing tools are free and there are a lot of it out there but you need to buy digital certificate to sign your code or your installer to make your software trusted. Before you can buy a certificate they will verify few credentials about you or your company because they will put it in your certificate as trusted publisher.
Related
I have developed an STVO add-in for Outlook. This add-in works great on both my personal computers (Office 365) and my company computer (also Office 365).
However, an acquaintance for whom I programmed the add-in (Microsoft Professional Plus 2019) always gets the following error (error message translated into English, it may be slightly different): User-defined functions cannot be used in this application because the certificate used to sign the deployment manifest for XXX or its location is not trusted.
On all other machines I just get a warning that it could be a potential threat, but on the acquaintance's machine the above error message comes up and you can't install it.
What do I need to change so that he can install it too?
Assuming your add-in isn't signed with a trusted certificate but perhaps yours, Outlook doesn't recognize the publisher. For commercial use, it is recommended to sign the code with a "code signin certificate" issued by a trusted authority so that all customer PCs recognize the certificate. Once you have the certificate, follow these simple steps written in the documentation to sign the project How to: Sign Office solutions
I hope I have been helpful
Try to install the certificate before to running the installer - in Windows Explorer, right click on your signed file, Digital Signatures | Details | View Certificate | Install Certificate.
Before a solution can run on user computers, either you must grant trust or users must respond to a trust prompt when they install the solution. To grant trust to the solution, sign the manifests by using a certificate that identifies a known and trusted publisher. See Trust the solution by signing the application and deployment manifests.
You may find the Deploy an Office solution by using ClickOnce article helpful.
Unlike the test tool for Windows 10, which is part of the Windows 10 SDK, Microsoft went out of their way to make the certification tool for Windows Server 2016 complicated.
I installed my test application and specified the path to the Inno Setup installer, off the Downloads folder, and specified the location of the binary files, namely the Program Files location, and the screen shown, I specified the process name, basically the executable file name. At least System Internal's Process Monitor utility said that was the name.
As you can see, I got thrown an error.
Log Time: 12/04/2018 08:57:21
MethodName:: ApplicationRunningViewModel.VerifyApplication
Message:
No running application's process found after your application installation.
==================================================================
Log Time: 12/04/2018 08:57:58
MethodName:: ApplicationRunningViewModel.VerifyAppProcess
Message:
Process not found in snapshot file.
==================================================================
How do I resolve the error? Basically, how is the steps to use this test tool?
Background:
I had previously certified my application for Windows 10 in the Windows Platform Ready / Winqual area of Microsoft and obtained the Microsoft Gold Application Development competency.
I was expecting to simply pay the yearly extortion fee, $5400, when I logged into the portal, saw the new redesigned Partner Center, and went to the Competency Summary section, where I saw the message that I am in danger to lose the competency. Microsoft apparently did away application certification based competencies for Application Development. Talking to MS external support, I was told what I already saw on my own that the Silver ISV is the only path forward testing against Windows Server 2016. My attempts to talk to a real Microsoft employee or find a real solution failed miserably. I think talking to Google is easier. I hope that MS straightens things out for next year. By the way, the Platform Ready / WinQual area disappeared as well as all certifications.
That brings me to my question. I am trying to use the Windows Server 2016 test tool (2019 was not available last week for download, hence 2016).
I already installed the application. It works fine on Windows Server 2016, just Microsoft did not make application verification easy.
How do I resolve this error? What piece of information does it want and how do I obtain it?
I found the same error while testing my application using the Certification Test Tool 1.0 for Windows Server for Windows Server 2019.
I just changed the sequence of the test. I did launch the tool and then installed my application. If you cancel the test your application must be reinstalled in order for the test tool to recognize your process. Everything worked as expected
I got another error while using the Certification Test Tool Preview for Windows Server 2016. He couldn't validate my signed assemblies because the tool verify the aseemblies signature usign the signtool.exe instead of sn.exe. If you signed your assemblies using the sn.exe, neither of the test tools for Windows server 2016 & 2019 will validate your signed assemblies. I had to check the log file generated by the test tool and sign the assemblies manually using the signtool.exe.
I hope this information help someone havign the same issues.
Greetings
I have written a very simple add-in that adds a button to the ribbon of outlook (C#).
I have spent days trying to get this very simple add-in to install on another machine using the clickonce method.
I have published clickonce to ftp using Visual Studio. All fine so far.
Upon running the resulting vsto (or setup.exe) on a different machine I am getting the error:
'System.Security.SecurityException: Customized functionality in this application will not work because the certificate used to sign the deployment manifest for Add-In or its location is not trusted. Contact your administrator for further assistance.'
I understand the idea behind a certificate being required to remove rogue add-ins being added to Outlook. I have signed the clickonce deployment using a test certificate on my machine.
Simply is it possible, without paying for a third-party certificate, to give a user the clickonce url and them install it without me having to do anything to their machine? (and/or domain etc.) This is ideally to be used by lots of enterprise users. Altering their environment isn't practical.
Many thanks.
Check your certificate chain. Most likely you need to place a copy of the certificate into:
Certificates - Current User\Trusted Root Certification Authorities
...so your "issuer" is trusted in order for your certificate to be trusted.
So, my team and I are developing an app but we don't have a code signing certificate for multiple reasons. We are using the Universal Windows blank app template, so the result is an .appxbundle. I thought I could deploy it like any other program, without a Code Signing Certificate, but I can't figure out how to do that, is it possible?
PS: using Universal Windows template for W10 on VS2017.
Thanks in advance and tell me if you don't understand,
RektibouCaribou
If you have generated package file successfully.
you can sideload apps to your device without submitting them to the Store. This lets you install them and test them out using the app package (.appx) that you have created. If you have an app that you don’t want to sell in the Store, like a line-of-business (LOB) app, you can sideload that app so that other users in your company can use it.
MSDN source:Sideload your app package
In endeavours as to learn C# and toy with the app-store-like approach too, I now have two applications;
Web TVGuide (WinRT with publically sealed exposed C# classed backed)
A WebTV Player (winforms + WebBrowser/ActiveX) and .
First intentions was to upload #1 (the WinRT) to appstore - and provide a link to #2, hosted on my private page...
But im wondering as to how i would go about merging the two projects under one solution in order to package them together as one. I am betting that this also would remove some of my requirements for WFC Service (IPC) communications.
Structure follows to give a little insight;
Can i 'launch' the WinRT TVGuide from my Windows.Forms application - without having to run two setup packages - and call via Process?
You could ease the future development by having both projects inside the same solution and move all the shared core code (if any) to a PCL project. However, the other plans you have won't really work.
Launching a WinRT application from a Windows Forms application is only possible if the app is already installed on the user's machine. If the application is available, you can launch it using the IApplicationActivationManager COM interface.
I think that your best bet is to count on users installing the WinRT app and then link to the Windows Forms application from an about page or something.
Here's a nice article detailing the use of IApplicationActivationManager:
Launching Windows Store Apps Programmatically
Edit: Upon further investigation, it looks like I might have been slightly wrong. There actually is a legit way to sideload Windows Store applications but it requires jumping through quite a few hoops. However, you should be able to install both the Windows Forms application and the WinRT application with your own installer and then launch the WinRT app like you wanted to.
Here are the quick steps for reference. For a detailed explanation, see Install a Windows 8 Modern UI app without the Windows Store.
Windows 8 and 8.1
Enable Allow all trusted apps to install group policy
Sign the app with a CA that is trusted on the target PC
Run a PowerShell command to install the application. For example Add-AppxPackage C:\app1.appx –DependencyPath C:\winjs.appx
In some cases, enterprise sideloading product keys need to be used. Check out the linked answer for more details on that one.
Windows 10
I also took a look at how it's done on Windows 10, and here are my findings. Microsoft has taken a more relaxed approach on sideloading apps to a Windows 10 installation. Differences to the earlier versions are the following:
You can unlock a device for sideloading using an enterprise policy, or through Settings
License keys are not required
Devices do not have to be joined to a domain
The requirements for sideloading are the following:
Devices need to be unlocked for sideloading (unlock policy enabled)
Certificate assigned to app
Signed app package
And finally here are the steps to take:
Turn on sideloading - you can push a policy with an MDM provider, or you can use Settings.
Trust the app - import the security certificate to the local device.
Install the app - use PowerShell to install the app package.
Take a look at this article for detailed steps on how to achieve app sideloading on Windows 10.