I have an addin (Outlook) and set the Updates option to "Never check for updates" and deployed it via Clickonce - locally.

At first i received "User has refused to grant required permissions to the application."

I then found to overcome this problem is to run the below script:

caspol -m -ag 1 -url "http://localhost/ApplicationName/*" FullTrust -exclusive on

The error message above now disappears.

I then publish a new update to the same location, close outlook 2007, open Outlook 2007 and receive "The customization cannot be installed because another version is currently installed and cannot be upgraded from this location."

Im trying to have a button which allows the user to check for updates, rather than the system. If an update is available then the user can decide if they need to install it or not.

The code i have to check for updates (but NOT install them yet) is:

Public Shared Function NetworkDeployed() As Boolean
Return ApplicationDeployment.IsNetworkDeployed
End Function

Public Shared Function UpdateInformation() As UpdateCheckInfo
If NetworkDeployed Then
Return ApplicationDeployment.CurrentDeployment.CheckForDetailedUpdate
End If
End Function

I believe this code is correct, but i would like to know how to overcome the error "The customization cannot be installed...." but not by uninstalling the original installation, or how to work around it or if i have done this incorrectly i would like to know the correct procedure?

Secondly i would like to know if i have to execute the caspol script on a PC for it to become trusted, how could i do this either via code or how would i configure a server to accept this application as being safe, for possibly 100+ users?

Thanks

Okay, let me try to explain this. (This bites me in the a** all the time.)

Did you run the solution in Visual Studio? If so, it registers the exe/outlook add-in as pointing to that folder. So if after that you try to install a version from localhost or somewhere else, it will give you the error you have above.

In order to get it to stop doing that, you have to do Build/Clean Solution, which will un-register the add-in at that location. THEN you can install it from localhost.

So Office Add-Ins are a special instance, probably because of all of the viruses and so on that have impacted Office products. You have to either purchase a certificate and sign the deployment with the certificate, OR you can install the certificate that you created with Visual Studio on the use's machine, and then it will recognize the (same) one you used to sign the deployment and let the user install it.

You don't have this problem installing on localhost because that is the Intranet Zone (plus you have the certificate in your certificate store). Installing off of the Internet Zone is forbidden.

It doesn't matter if you're doing updates or not. This is true of the initial installation.

RobinDotNet

---

Click here to visit my ClickOnce blog!
Microsoft MVP

Are you using a certificate purchased from a certificate vendor, such as Verisign, or are you creating your own test certificate in Visual Studio?

Office Add-Ins must use a purchased certificate OR you must install the test certificate on the user's machine, in order for the deployment to be trusted.

My guess is that Office Add-Ins require a higher level of authority because there have been so many viruses and malware written around them.

The reason it would give you the error about already being installed is because it doesn't recognize the second version as an update to the first.

RobinDotNet

---

Click here to visit my ClickOnce blog!

Thanks for your reply:

No im not using a purchased certificate. I believe, i allow VS to create the certificate for me. Ive come to this conclusion by going into my project's properties, click Signing and i have a tick in Sign the clickonce manifests.

How would i get this certificate so i can go onto a test PC and see what happens when i install it? and
Why would the update not be recognised as an update to the first? The only thing i have done is made a minor change (to distinguish if the update is installed) and then published it?

Finally, are there any tutorials to talk me through how to use a certificate for this purpose if we were to purchase one?

Thanks again

When you create a test certificate, it creates a file with the file extension of pfx and adds it to your project. So you should see the file in the same folder as your project file. You should be able to copy that over to the user's machine and double-click on it to add it to the user's certificate store.

The update wouldn't be recognized because of something you changed; it may have something to do with running caspol, which it may not have applied the way you thought it would. I've never see it used in that manner (which doesn't mean you can't do it, just means I've never seen it).

If you do purchase a certificate, buy it from Verisign and not thawte. thawte uses intermediate chained certificates, and ClickOnce does not handle that, so you will be right back where you started.

For a couple of years, we got a .cer file (certificate) and .pvk file (privatekey) from Verisign. If you get those files, you can use pvk2pfx (which is in your windows sdk folderunder program files) to create a pfx file out of it. This year, we got an actual pfx file.

After you have your pfx file, you just go into the Signing tab and choose "Select from file" and go pick the pfx file, and it will add it and use it to sign your deployment.

RobinDotNet

---

Click here to visit my ClickOnce blog!

The update wouldn't be recognized because of something you changed; it may have something to do with running caspol, which it may not have applied the way you thought it would. I've never see it used in that manner (which doesn't mean you can't do it, just means I've never seen it).

Just to step back and understand what your saying here. What could have i changed? The most i have issome code checking for updates. Then i received the error"User has refused....". Looking at this blog http://blogs.msdn.com/karstenj/archive/2005/11/29/498061.aspxi dont seem to have the security tab but i think that is aimed at other types of applications and not Outlook?

So would there be any other way to make this application full trust or do i have to get a cert and that would make it a full trust once installed on the users PC? I seemed to have got over the other error message by deploying the app to another machine and not on my dev machine.

Am i right in saying that a certificate is only needed when updating the application from a server - reason why i ask is before implementing this feature i had no issues for updates (it was set to automatically check on startup).

Thanks

Okay, let me try to explain this. (This bites me in the a** all the time.)

Did you run the solution in Visual Studio? If so, it registers the exe/outlook add-in as pointing to that folder. So if after that you try to install a version from localhost or somewhere else, it will give you the error you have above.

In order to get it to stop doing that, you have to do Build/Clean Solution, which will un-register the add-in at that location. THEN you can install it from localhost.

So Office Add-Ins are a special instance, probably because of all of the viruses and so on that have impacted Office products. You have to either purchase a certificate and sign the deployment with the certificate, OR you can install the certificate that you created with Visual Studio on the use's machine, and then it will recognize the (same) one you used to sign the deployment and let the user install it.

You don't have this problem installing on localhost because that is the Intranet Zone (plus you have the certificate in your certificate store). Installing off of the Internet Zone is forbidden.

It doesn't matter if you're doing updates or not. This is true of the initial installation.

RobinDotNet

---

Click here to visit my ClickOnce blog!
Microsoft MVP