Click Once deployment and VS2013 Update 3

As many of you know, I still answer the occasional question about Click Once deployment. This is a deployment feature that lets you host a client or console application deployment on a webserver, share, or even in Azure blob storage, and perform automatic updates when there are changes.

For the benefit of all those who used this technology, I try to keep up with what Microsoft’s doing with it. That’s not as hard as it might seem, as they rarely do anything with it. (I can sense you all nodding your heads.) However, there are a couple of changes in Update 3 for VS2013 that are pertinent specifically to Click Once deployment. I’ve known about this for a couple of months, so I’ve already gotten over the shock. If you need a few minutes to recover, please go ahead. I’ll be here when you come back.

Problem using WinRT APIs in a WPF application

The first thing is the problem referenced here. Scott Hanselman had a blog entry showing how to call WinRT APIs in Windows 8 from C# Desktop Applications (WPF), but nobody could get it to work. The error was “Resolve Manifest Files task failed” when trying to build the WPF application. To eliminate this problem, go to your project’s Properties, go to the Publish Tab, and then select Application Files. Set the publish status of all “*.winmd” files to “Exclude” as displayed in the following image:


Signing a .NET 4.0 or lower app with a SHA256 code-signing certificate

The second issue shows up when you use one of the new SHA256 code-signing certificates to sign an application that targets .NET 4.0 or earlier. When you do this, the hash for the deployment manifest (.application file) is generated using the SHA256 algorithm, which can not be understood by .NET 4.0 and below. When running the application on a machine that only has .NET 4.0 or below, this would result in exceptions like “The application is impropertly formatted”, “The manifest may not be valid,”, “Manifest XML signature is not valid,” or “Signature Description could not be created for the signature algorithm supplied”.

With Update 3 in VS2013, Microsoft has updated the built tasks to generate the hash using the SHA1 algorithm if the target .NET version for the application is below .NET 4.5, but still use a SHA256 hash for .NET 4.5 and above. So you no longer have to install .NET 4.5 just because you’re using a SHA256 certificate.


In this article, I discussed a couple of issues they have fixed in Click Once deployment with VS2013 Update 3. If you have seen any of the issues mentioned above, please install the update and let me know if you still have any problems.


3 Responses to “Click Once deployment and VS2013 Update 3”

  1. Dane Vinson Says:

    We use an automated process and mage.exe to build and sign our ClickOnce deployments. Do you know if this fix exists in one of the .NET SDKs (where mage is located)?

  2. Pascal Says:

    I would also like to know if you found a solution. I have the same issue, I’m unable to get mage to use sha1 instead of sha25.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: