ClickOnce, the software update package that Microsoft introduced in Visual Studio 2005, might be a convenient and secure way to distribute updates to users over the Internet. I wouldn’t know, since we don’t do that. Our application is a turnkey system whose updates need to retrieved from an internal server at our clients’ sites, and I do know that ClickOnce is an inconvenient (but secure) way of doing that.
The problem is that the URL from which the updates can be obtained is specified when the system is published. That’s fine if all of your users can connect to the same URL, and you can ensure that the URL will remain the same. It’s a pain if users at 20 different sites need to connect to 20 different update servers, and it’s a royal pain if you have no control over whether the names of those servers will change. For us, ClickOnce was PublishTwentyTimes.
What you need is an easy way to change the update URL after the files have been published. Just editing the files won’t do the trick, since the manifest is signed with a certificate — or, more specifically, the manifest contains a hash value that is generated with a key. If you change anything in the published files, this hash value needs to be recalculated.
As it turns out, there is a relatively straightforward workaround for this. Although our situation is not (I think) that uncommon, and the workaround uses a tool that is a standard part of the .Net Framework SDK, the procedure doesn’t seem to be well known or well documented. So, I thought it might be useful if I listed the steps involved.
Before starting, you’ll need to have the certificate that was used to sign the manifestwhen the files were published. If you were the one that did the publishing, then you’ve already got it. If the publishing was done on another PC, and you’re still using the temporary key generated by Visual Studio, you can export it from Visual Studio on the other PC by clicking on the "Create Test Certificate" button in the Signing tab of the Project Properties dialog, and import it into Visual Studio on your PC using the "Select From File" button on the Signing tab. If you are using a certificate from a signing authority then, well, talk to them since they’re the authorities.
1. Follow the standard steps for publishing a ClickOnce update. The install files will be written out to the "Publishing Location" that you specified in the Properties dialog of your project, as shown below.
2. Copy the files from the "Publishing Location" to another folder. This copy of the files will be modified to use a new URL for distributing the updates. If this is the first version that you’ve published then you’ll just copy everything from the "Publishing Location" folder. Otherwise, you’ll need to copy the files for your most recent version:
- <YourAssemblyName>.application
- <YourAssemblyName_YourVersionNumber>.application (e.g. YourApp_1_0_0_0.application)
- publish.htm
- setup.exe
- the folder named <YourAssemblyName_YourVersionNumber>
3. Run MageUI. It is part of the .Net Framework SDK (which can be downloaded from Microsoft), and is also installed as part of Visual Studio. It’s not accessible from the Visual Studio IDE or the Start menu, so you’ll have to launch it the hard way. In Visual Studio 2005, it’s located at Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\mageui. Another way of launching it is to open the .NET Framework SDK Command Prompt (which is on the Start menu) and type “mageui” at the command prompt.
4. In MageUI, select File->Open, or click the Open icon on the toolbar. Select the application manifest (e.g. YourApp.application) in the folder to which you copied the files in step 2.
5. Select Deployment Options. Change the “Start Location” to the URL from which your users will grab the updates.
Having (finally) made the change you needed, you now to need to prove your credentials.
6. Click on Application References. Click the "Select Manifest" button. Open the folder for your current version (e.g. YourApp_1_0_0_0) and select the .manifest file (e.g. YourApp.exe.manifest).
7. Select File->Save, or click the Save icon on the toolbar. A Signing Options dialog will be displayed. Here’s where you’ll need to select the certificate that was used when the install files were originally published, as described earlier. Click OK, and a new hash code will be generated for your updated files.
8. Repeat steps 4 through 7 for the version-specific application manifest (e.g. YourApp_1_0_0_0.application)
There, wasn’t that easy? Well, easier than building the install files 20 times? Trust me, it becomes much easier once you delegate this tedious (but secure) process to someone else!
