.NET ClickOnce签名会导致“未知发布者" [英] .NET ClickOnce Signing results in "Unknown Publisher"

问题描述

我正在部署在.NET 4.5上构建的ClickOnce应用程序 这是事实:

I am working on deploying a ClickOnce Application build on .NET 4.5 Here are the facts:

1. 我有一个有效的Comodo Authenticode证书
2. 证书已安装在我的本地证书存储区中
3. 签名"选项卡的项目属性显示，应使用证书对清单进行签名(我什至尚未尝试对.NET的程序集进行签名)
4. 为comodo输入了正确的时间戳服务器URL
5. 在发布"选项卡上，设置非常典型:
6. 发布到UNC路径
7. 安装文件夹是一个映射到IIS中该路径的URL

但是，无论我做什么，当我使用立即发布"按钮实际发布ClickOnce应用程序时，所有文件都会被发布，但是当我下载"Setup.exe"时，它总是说未知发布商".

However, no matter what I do, when I use the "Publish Now" button to actually publish the ClickOnce application, all of the file get published, but when I download the "Setup.exe", it ALWAYS says "Unknown Publisher".

关于我在做什么错的任何想法?我已经研究了好几个星期，并且已经阅读了足够多的内容，相信我在正确"地进行操作，但是我只是必须缺少一些小的复选框或设置，或者是某些东西.

Any ideas on what I'm doing wrong? I have been researching this for several weeks and I have read through enough to believe that I'm doing it "correctly", but I just must be missing some small checkbox or setting, or something of course.

任何帮助表示赞赏.

-体重

推荐答案

据我所知，"Unknown Publisher"取消了代码签名，而Visual Studio并未为其提供接口.哦，它有签名接口，但仅用于清单签名和强名称程序集签名. 这另一个问题也提到了这三个签名.

Far as I know the "Unknown Publisher" keys off the code-signing, which Visual Studio doesn't provide an interface for. Oh, it does have signing interfaces, but only for manifest signing and strong-name assembly signing. This other question mentions the three signings, too.

要用您的组织名称替换未知发布者"，您必须在.csproj或.vbproj文件中添加一些XML.在结束</Project>标记之前，您需要调用 SignTool.exe ，我将其手动复制到解决方案的主Bin文件夹中(如果没有，则该文件夹是Windows SDK的一部分).这是我的样子:

To get the "Unknown Publisher" replaced with your org name, you'll have to add a bit of XML to your .csproj or .vbproj file. Right before the closing </Project> tag, you'll need to call SignTool.exe, which I manually copied to my solution's main Bin folder (If you don't have it, it's part of the Windows SDK). Here's what mine looks like:

  <!-- This section is used for code-signing the application. This should not be confused with manifest signing or with strong-name assembly signing, which can both be done from the Visual Studio interface. -->
  <Target Name="SignOutput" AfterTargets="CoreCompile">
    <PropertyGroup>
      <TimestampServerUrl>http://timestamp.verisign.com/scripts/timstamp.dll</TimestampServerUrl>
      <ApplicationDescription>A.Franklin's Awesome App</ApplicationDescription>
      <SigningCertificateCriteria>/sha1 0c0ff5e29404b7d78q2517f487da0b1a0912c4da</SigningCertificateCriteria>
    </PropertyGroup>
    <ItemGroup>
      <SignableFiles Include="$(ProjectDir)obj\$(ConfigurationName)\$(TargetName)$(TargetExt)" />
    </ItemGroup>
    <Exec Command="&quot;$(ProjectDir)..\Bin\SignTool&quot; sign $(SigningCertificateCriteria) /d &quot;$(ApplicationDescription)&quot; /t &quot;$(TimestampServerUrl)&quot; &quot;%(SignableFiles.Identity)&quot;" />
  </Target>

要获取我已经安装在计算机上的证书的哈希码(上面的"0c0ff5 ...")，我

To get the hash code (the "0c0ff5..." above) for my certificate, which I already had installed on my machine, I

1. Ran certmgr.msc并打开证书–当前用户>个人> 证书
2. 双击我想要的证书，然后单击详细信息"选项卡
3. 使用Ctrl-C复制Thumbprint(看起来像"0c f0 f5 ...")的值，第一个字符除外.此文本框中有一个不可见的字符，该字符会与第一个字符一起复制，以后会弄乱您的脚本.因此，手动键入第一个字符(在这种情况下为"0")，然后从该对话框中粘贴值.如果在Visual Studio中收到错误消息无效的SHA1哈希格式:?0c 0f f5 ..."，则该问号表示该字符不可见.
4. 手动键入第一个字符，然后从此对话框中粘贴值.删除所有空格，使其看起来像0c0ff5 ...，并使该行看起来像上面的SigningCertificateCriteria代码.

1. Ran certmgr.msc and opened Certificates – Current User > Personal > Certificates
2. Double-clicked the certificate I wanted and clicked the Details tab
3. Used Ctrl-C to copy the value for Thumbprint (which looked like "0c f0 f5..."), except for the first character. There’s an invisible character in this textbox that gets copied along with the first character, and it messes up your script later on. So manually type the first character (a "0" in this case), then paste the value from this dialog box. If you get the error, "Invalid SHA1 hash format: ?0c 0f f5..." in Visual Studio, that question mark means the invisible character is there.
4. Manually type the first character, then paste the value from this dialog box. Delete all spaces, so that it looks like 0c0ff5..., and make the line look like the SigningCertificateCriteria code above.

您也可以手动使用SignTool.exe，但对我来说，此设置在每次编译时透明地运行.

You could use SignTool.exe manually too, but for me this setup runs it transparently during each compile.

这篇关于.NET ClickOnce签名会导致“未知发布者"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！