We have a ClickOnce app that will be distributed to many customers,
one size fits all. We would like to sign the app for security reasons
and to avoid the "Unknown Publisher" message from being presented to
the customer. My understanding, however, is that the signing of
manifests and other files can't be done beforehand since the
ProviderURL must be known at the time of signing. This presents a
problem since, while we can do the signing at the customer site, it
requires us to distribute our cert as part of our product
distribution, making that cert available to anyone at the customer
site to do with it whatever they wish. We want to continue
distributing the ClickOnce app this way, since it is part of a much
larger product; setting up the means to customize the files per
customer is not an option.
What is the recommended best practice for addressing this situation?
Thanks in advance.
|
Similar Threads
