In short, I get an exception when trying to upgrade a click-once application after having published a new version with a new certificate.
Here's the background:
I'm about to create a WPF application (.NET Framework 3.5) which will be distributed using ClickOnce. Each customer using the software will place the ClickOnce application on an IIS in their network, and then install it on a couple of PC's. The PCs does normally not have a keyboard or a mouse connected to them. During the initial installation, a sysadmin will connect a mouse to the PC and install the software. The people using the PC's aren't "trusted" - they are not expected to install / upgrade software on the computers. Hence, I must do the update of the application programatically and can't rely on the built-in ClickOnce-upgrade check during/after start-up.
Problem:
I created a simple WPF application which I published. This test application calls ApplicationDeployment.CurrentDeployment.CheckForUpdate() to initiate an update. This works fine - until I publish a new version of my software with a new certificate. If I sign my application using another certificate and publish it, calling CheckForUpdate on an already deployed versionwill trigger a "Object reference not set to an instance of an object"-error. At first I assumed this was an error in my code, but when looking at the exception stack trace, I see that it's thrown within the System.Deployment-namespace, more precisly at:
at System.Deployment.Application.ApplicationTrust.RequestTrust(SubscriptionState subState, Boolean isShellVisible, Boolean isUpdate, ActivationContext actCtx, TrustManagerContext tmc)
at System.Deployment.Application.DeploymentManager.DetermineTrustCore(Boolean blocking, TrustParams tp)
at System.Deployment.Application.DeploymentManager.DetermineTrust(TrustParams trustParams)
at System.Deployment.Application.ApplicationDeployment.CheckForDetailedUpdate(Boolean persistUpdateCheckResult)
at System.Deployment.Application.ApplicationDeployment.CheckForUpdate()
at WpfApplication1.Window1.button2_Click(Object sender, RoutedEventArgs e)
Questions:
- I can't recall having seen anything under the System-namespace throw a System.NullReferenceException before. Why would CheckForUpdate throw this exception just because the certificate of the new application has changed?
- I want to use a purchased certificate (not a self-signed / <project>_TemporaryKey.pfx-certificate). After 1-3 years,this purchased certificate will expire and I will run into the problem above. Is there a workaround to this? I did not experience any exception when relying on the built-in ClickOnce update-check but remember that my application must not require any user interaction, so I can't do it that way. I also understand that CA's such as Verisign and Thawte won't set the expiry date more than 1-3 years into the future.
I understand that these question may have been posted here before. In particular, I've read the following information on the subject. However, it's not clear to me whether some of the statements made in them relate to updates made using ApplicationDeployment.CurrentDeployment.UpdateAsync(); or the built in ClickOnce-update
index > ClickOnce and Setup & Deployment Projects > Certification expiration & programmatic updates