Why does the "Sign the ClickOnce manifests" checkbox keep defaulting to checked on build?

c# msbuild vsto clickonce
Hydronium picture Hydronium · Jul 12, 2013 · Viewed 7.1k times · Source

Closely related to Sign the ClickOnce manifests checkbox keeps defaulting to checked on publish. None of the answers listed in this question have assisted me.

I have two projects in my solution, as well as other reference projects. One project is a C# Windows Presentation Foundation (WPF) (output type Windows Application), and when I uncheck "Sign the ClickOnce manifests" it remains unchecked after being built.

The second project, which is also the startup project, is a Visual Studio Tools for Office (VSTO) project (output type defaults to Class Library and cannot be changed). When I uncheck "Sign the ClickOnce manifests" in it and then build the solution (or just the project), the option is checked again after the entire build process completes.

I am not familiar with the XML data in the .csproj file, but I have found a few things that might be related:

1.

In the .csproj file for the VSTO project, there is a comment section which states:

This section enables pre- and post-build steps. However, in VSTO use
MSBuild tasks instead of these properties.

The section defines <SignManifests>, <SignAssembly>, and <ManifestCertificateThumbprint>. The first two are false. The second has some unique key.

2.

After finding the comment about MSBuild tasks, I later found:

<!-- Include additional build rules for an Office application add-in. -->
  <Import Project="$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v10.0\OfficeTools\Microsoft.VisualStudio.Tools.Office.targets" />

And this is a very large file with multiple references to signing and such. The project in which the Signing option remains unchecked does not have this <Import Project> line in its .csproj file.

Issue

Now, I'm not fully aware of what the .targets file is all about and am unwilling to go butchering it in search of a solution until I know what I'm after. Could this file be the cause of my problem? If so, how can I modify it to stop it from getting in my way? If not, has anyone encountered this before that can provide a solution?

Edit:

I just read How to not sign a ClickOnce manifest, which talks again about publishing. I am still curious if I can turn it off of my builds. I have no qualms about signing the application when I publish it, but I would prefer to build it without the default occurring.

Answer

Nick Vaccaro picture Nick Vaccaro · Jul 27, 2015

Here's an article by a VSTO team member. https://blogs.msdn.microsoft.com/vsto/2009/04/29/signing-and-re-signing-manifests-in-clickonce-saurabh-bhatia/

The explanation is that VSTO requires signing for ClickOnce deployments, because the add-in must run under a heightened security model. The article goes into much more detail.

Related questions

How do you get the current project directory from C# code when creating a custom MSBuild task?

Instead of running an external program with its path hardcoded, I would like to get the current Project Dir. I'm calling an external program using a process in the custom task. How would I do that? AppDomain.CurrentDomain.BaseDirectory just …

Read More
The CodeDom provider type "Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider" could not be located

It's a WebApi project using VS2015. Step to reproduce: Create an empty WebApi project Change Build output path from "bin\" to "bin\Debug\" Run Everything is working perfectly until I changed Build Output path from "bin\" to "bin\Debug\" In …

Read More
NuGet behind a proxy

I figure out that NuGet allows proxy settings configuration since 1.4 version. But, I can't find any command line example. I'm trying to run some build and NuGet can't connect. How do I configure the proxy settings on the command line?

Read More