Manual update for signed ClickOnce app throws TrustNotGrantedException

Question

I have a ClickOnce deployment which is signed by a certificate obtained from Symantec. The security warning prompt after starting the setup shows the publishers name. So it's trusted. But when calling

ApplicationDeployment.CurrentDeployment.CheckForDetailedUpdate()

I get the TrustNotGrantedException - User has refused to grant required permissions to the application.

If I add my certificate to the Trusted Publishers Store on my machine the exception is not thrown and the CA of Symantec is also added to the store. But obviously I can't add the certificate to the Trusted Publishers Store of our clients who use the app.

The app is first installed from disc and at every start it checks an online update url. And if I remove the certificates from the Trusted Publishers Store afterwards the manual update still works if I try it again. Are these information also stored elsewhere?

If I don't sign the published ClickOnce app the manual update works. If I sign the published ClickOnce app with a self signed certificate made with makecert the manual update works. So there's probably an issue with the certificate?

How can I determine if there's a certificate issue and which steps should I do next?

Answer 1

We are using the InPlaceHostingManager Class now. It's made for installing or updating a ClickOnce deployment. GetManifestAsync() fires the GetManifestCompleted event, which gives you the version number. Then you can call DownloadApplicationAsync() and handle the DownloadApplicationCompleted event. So far this works and no TrustNotGrantedException is thrown.