Windows 8 and ClickOnce : the definitive answer revisited

Since I posted the article titled Windows 8 and Click Once: the definitive answer, it became clear that it was not actually the definitive answer.

I got a ping on twitter from Phil Haack from GitHub telling me that this did not fix their Smart Screen filter problem.

After talking to him, and seeing his build and signing commands, I discovered they recently changed their signing certificate. For those of you who remember the early days of ClickOnce (2005) when you changed the signing certificate and everybody had to uninstall and reinstall the application, this seemed too likely an indicator to ignore.

Reputation

I didn’t talk in my article about “reputation” (and I should have, so I duly apologize here for that). In my first conversations with Microsoft, they mentioned that an application had a reputation, and this reputation had some bearing on the appearance of the Smart Screen Filter, and this reputation was built based on how many people had installed your application.

When I asked how many people had to install your application before the Smart Screen filter stopped interrupting the running of the application, I could not get a clear answer. Of course, this makes sense that they wouldn’t want to make their algorithm public, because you could publish your app, install it X number of times yourself, and make it reputable. (I’m not suggesting you do that, but if you do, please post back and tell us your results. Inquiring minds want to know.)

Since we’ve been in business for a few years, and have well over a thousand customers (probably thousands) who have installed the desktop application, this didn’t impact us. The reason I didn’t mention it in the blog post is because I created a new Windows Forms test application and deployed it solely for the purpose of testing the information in the article, and had no problem with the Smart Screen Filter. I installed the application maybe a dozen times while messing with the build commands, so I figured, “Wow, the number of installs required is pretty small.” Haha!

So on behalf of Phil, I pinged my contact at Microsoft, and he went off to investigate. After a bit of research, he found some information internal to Microsoft. I won’t quote it directly in case I shouldn’t, but the gist of it was this: The digital certificate information may be taken into account when determining the reputation of the application. A-HA! I thought to myself (and immediately started humming that song, “Take On Me”.)

So the problem at GitHub is probably due to the certificate being updated right about the same time they start signing their assembly for customers using Windows 8. I expect that fairly soon, as people install or get updates (if they are using automatic updates), their reputation will be sterling and nobody will ever see the Smart Screen Filter again when installing GitHub.

Knowing this, it makes sense that my test application didn’t get stopped even though it was a brand new application. I signed it with my company’s signing certificate, which has been in use for several months.

Which leads me to another issue I noticed when talking to Phil. I noticed that rather than using PostBuild or BeforePublish commands, he was using AfterCompile commands to sign his executable. I asked him about it.

PostBuild, BeforePublish, and AfterCompile, oh my!

Apparently when Phil signs his executable using PostBuild or BeforePublish commands, when the user installs it, he gets the dreaded “exe has a different computed hash than specified in the manifest” error. He found that using AfterCompile instead fixed the problem.

I went back to Microsoft, and they soon verified the problem, and said it is due to WPF applications having a different set of targets and execution order, so the standard AfterBuild/BeforePublish commands don’t quite work. So the bottom line is this: The signing of the exe doesn’t work right with BeforePublish or PostBuild if you are using VS2012 and you have a WPF application. In that case, you must use AfterCompile. So in the original post, use case #3, but put in AfterCompile instead of BeforePublish.

If you are using VS2010, OR you have a Windows Forms or Console application, you can use PostBuild or BeforePublish with no problem.

Hopefully we now have the definitive answer to handling the Smart Screen filter and signing a ClickOnce application that will be run on a Windows 8 machine.

Thanks to Zarko Hristovski and Paul Keister, who also reported the problem with the BeforePublish command, and who verified that AfterCompile worked for them. Thanks to Phil Haack for the answer to a problem I didn’t know existed yet. And thanks to Saurabh Bhatia at Microsoft for his help with Windows 8 and ClickOnce.

Tech Days San Francisco, 2-3 May 2013, through Azure-colored glasses

Living in the San Francisco Bay Area is awesome if you work in tech. There are so many companies springing up all the time and so many interesting places to work. The hard part of working in tech is keeping up with the current technologies and learning the new skills that can help you advance your career. A great way to do that is to keep your eyes open for conferences, dev days, tech days, etc., in your area, sign up and go. There are so many great opportunities being offered by the community leaders in your area.

A really interesting opportunity is coming up in the San Francisco Bay Area in early May – Tech Days SF. While primarily for IT Pros, there are also sessions that will be interesting to developers. What developer couldn’t benefit from knowing more on the IT Pro side? I was recently talking to another Azure MVP, and we agreed that now with all of the features in Windows Azure, it would behoove us to learn about virtual networks and some of the other IT-type features we never had to know when just doing software development.

There are some great speakers coming, which I doubly appreciate, because I managed to poach Glenn Block from Microsoft to speak at the Azure Meetup in San Francisco the night before (5/1) about mobile services (official announcement coming soon). And there is going to be a wide variety of topics; here is a random selection that just coincidentally seem Azure-related or Azure-useful:

• Windows Azure
• Managing the Cloud from the CmdLine
• Microsoft IT – Adopted O365 and Azure
• Windows Azure Virtual Machines (IAAS)
• PowerShell Tips and Tricks (You can use PowerShell scripts with Windows Azure)
• Manage Server 2012 Like a Pro or Better, Like an Evil Overlord (I like the title)

This is just one of many opportunities available to keep your skills up-to-date. So check it out, sign up, and go expand your knowledge!

(Reminder – There’s also a Global Windows Azure Bootcamp in San Francisco on 4/27!)

Global Windows Azure Bootcamp SF April 27th 2013

What is it?

On April 27th, the Windows Azure community is going to have a Global Windows Azure Bootcamp. This will be a one-day hands-on deep dive class for developers in locations all over the world. Last I heard, the count was up to around 80 locations.

The local Windows Azure experts will be in attendance to run the bootcamp in each location, provide training, answer questions, and provide support with doing the labs. I heard a rumor that there is also going to be a huge rendering project that each site can run that will test the power and capability of Windows Azure. It should be a lot of fun, so please sign up and attend the one closest to you.

What about the San Francisco Bay Area?

I will be organizing and running the event in San Francisco; registration is here. The event location is the Microsoft office in San Francisco (835 Market Street, Suite 700). This is adjacent to and above the Westfield Shopping Mall, so after the event, you can go to the Microsoft Specialty Store and get a new Surface Pro tablet, because you’ll love mine so much you’ll want your own.

Each bootcamp’s agenda and material are up to the organizer, so you will be at my mercy. I mean, I will be deciding what we’re going to do. Since it’s three weeks off, and everybody knows that developers usually don’t write talks until the night before the event, I haven’t decided on the agenda yet. (Don’t worry, this time I’m not going to wait until the night before.)

I’ve attended these in the past, and always think the leaders talk too much and the developers develop too little, so I am going to try to focus on the development rather than the talking. I’ll do introductory talks with overview information, and then provide a corresponding lab that we can do to understand the topic. Since I live in the San Francisco Bay Area, and there are a lot of non-Microsoft developers, my current thinking is that I will focus on Windows Azure Web Sites, Infrastructure as a Service (IAAS), and Mobile services, which can be used by everybody.

What do I need to bring?

You need to install the prerequisites BEFORE the class. It can take a couple of hours to get set up, so if you don’t do it ahead of time, you won’t get nearly as much out of the class and will probably be concentrating so hard, you will miss some of my crackling jokes and dry witty comments. Also note that your Commodore 64 will probably not work with Windows Azure’s SDK.

Here’s what you need to have on your system to make the most out of the day:

• You’ll need a Windows Azure Subscription. If you don’t have one, you can sign up for a 90 Day Trial or if you have a MSDN Subscription you can use your Azure Benefits. You will need to provide a credit card to sign up, but both the Trial and new MSDN benefit Azure Subscription have a default spending cap of $0.00, so unless you remove the cap you will not be charged. The credit card is just to verify that you’re a real person and not a bot. You’ll use this subscription while working on the hands-on labs.
• A computer or laptop with:
  • Microsoft Visual Studio 2012 (full version or Visual Studio Express 2012 for Web) or Microsoft Visual Studio 2010 with SP1 installed (full version or Visual Studio Express 2010 for Web) – do note if you use Express Edition you may not be able to complete all of the labs.
  • Install the Windows Azure Tools for Visual Studio
  • Install the Windows Azure Training Kit

This should be a lot of fun, and will be a great introduction to some of the cool things you can do with Windows Azure. (For more information about how much fun I’ve had with Windows Azure, check out this blog post.) Sign up for the event closest to you and have a great time!