app from website - not trusted?

app from website - not trusted?

• atisoft

  Please look at this MS answer
  
  http://lab.msdn.microsoft.com/ProductFeedback/viewfeedback.aspx feedbackid=9849e825-7762-493c-97eb-f1ca2bcb4c9e
  
   wrote in message 
  news:cffa3edb-b03d-4f8b-9df1-03d4c9a3a854@discussions.microsoft.com...
  > Hello
  >
  > I am having trouble running my published. The publish.htm page displays
  > fine, but when I click Run, the .application file is displayed in IE as
  > XML.
  >
  > I added "AddType application/x-ms-application .application" to my
  > .htaccess file but it still does not work.
  >
  > Any ideas 
  > 
  
  
  
  
  
  
  
                                              
  

• pdinesh

  the article at http://msdn.microsoft.com/smartclient/default.aspx pull=/library/en-us/dnwinforms/html/clickoncetrustpub.asp is very useful, but just wanted to clarify things (THE QUESTIONS CONCERN APPS DOWNLOADED FROM THE INTERNET):
  
  without signing the manifests with a certificate (self-generated or third-party verified), the end-user is not even prompted to allow installation of the app (unless they change their security settings to add the download url to "trusted sites" in IE).
  
  If you use a self-generated, certificate, is this still the case
  
  If you use a third-party verified certificate, the user is prompted unless the publisher and verifier are in the users certificate store, in which case the install is automatic
  
  Is this right
  
  Where can I get the cheapest authenticode certificate and am I getting the same thing from different vendors or are there others things to consider when choosing a source
  

• Kenneth Clapp

  www.thawte.com is one of the more economical certificate issuers.  
  
  Look for some relaxing of cert signing requirements post Beta 2.  Apps signed with self certs will be able to prompt (all be it with the very scary, high risk security prompt).  
  
  In B2, you must have a cert from a trusted issuer to prompt over the internet.
  

• alpha T

  Hopefully I can clear up the signing issue for anyone currently trying to mess around with Click Once.
  
  - Click Once apps require Authenticode digital certificates to be signed.
  
  - This is because under Windows SP2 all programs downloaded over the Internet are checked for a certificate so that the Publisher (that means you or your company) can be verified.
  
  
  You have 3 Options:
  
  Option 1. Make your own certificate that will accomplish nothing more than to fullfill the basic 'must have a certificate' to Install requirement.
  
  Option 2. Go to www.ascertia.com/onlineCA/Issuer/CerIssue.aspx and get a FREE 3rd-party (Level 3) certificate to sign your manifests with. This is a good option for non-commercial and/or test deployments because Ascertia is not one of Microsoft's Trusted CA. What this means is that you will need to install a root certificate from Ascertia on every client machine before those machines will recognize the certificates as "trusted".
  
  Note: The options I used on Ascertia to generate a valid file was:
  - Digital Signing
  - MS Crypto Enhanced v1.0, but Base should work just fine too.
  - 1024 bit
  - Checkmark for Exportable
  
  Then click install after it has generated the key. This adds it to your personal store. From there you export it and run whatever key utilities you need.
  
  Option 3. Get a full-fledged Level 3 Authenticode certificate from Verisign, Thawte, InstantSSL, etc. Manifests and assemblies signed by these companies will be recognized by I.E. as "trusted" therefore validating the publisher and allowing a user to install the program with no hassle. (Note: Signing the assembly will prevent the user from seeing some scary message during installation. Since that is the whole purpose of these certificates in the first place. :)
  
  Note: I choose InstantSSL because they only charged $99/yr instead of the $400/yr Verisign charges. Remember, this certificate is for you the publisher and not the software, so you can use it over and over for all your software you release.
  
  I hope this helps clear some things up for people.
  
  - Please correct me on anything I got wrong. ;)
  
  

• wapmill

  Is it the applications or the pop-up blocker displays this message, disable your pop-up blocker, check your security zone in internet explorer, if xp sp2 disable popup also.
  
  HTH   
  

• Bigbyte

  Can anyone clafify this please
  

• soulfhd

  This is by design in Beta2. App coming from the Internet zone are blocked.
  
  One option to workaround this issues is to get a code signing certification from Verisign, Thawte etc and sign the manifest with the certificate.
  
  If you don't want to buy a certifcate and re-sign the manifest you can relax the security settings on the client as follows
  
  1. Create the following registry key
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\TrustManager\PromptingLevel
  2. Add a new String value and name it Internet
  3. Set the Value data to Enabled.
  
  The above three steps need to be done on the client machine where the app is going to run.
  
  We are going to relax the prompting in the next version so these steps would not be necessary.
  
  
  
  
  
  
• app from website - not trusted?