How to: Move an Application to a Different Server

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. To create client business applications using current Microsoft technologies, see patterns & practices' Prism.

When developing an application that will be deployed with ClickOnce, you should regularly test the ClickOnce functionality of your application on your local computer. Frequent and regular testing allows you to confirm that you are not making design or implementation choices that will not work as expected during ClickOnce execution.

At some point, you need to allow other audiences, such as Quality Assurance (QA) personnel or end users, to gain access to your published application. In an enterprise environment, this is not a straightforward process. For example, you might not have direct access to the QA servers or production servers; therefore, you cannot directly publish your application to them. (Release best practices should prevent you from doing that anyway.) When you use Visual Studio to initiate publication, the first thing Visual Studio does is rebuild the application. As a result, each time you build an application, you have a set of executables that is different from the set you used for previous tests, and your application could potentially not work correctly after it is rebuilt.

It is not sufficient to copy the manifests and application files to a new server that will host the published application. One of the ClickOnce security protections places the deployment provider URL (labeled Install URL in Visual Studio and Start Location in Mage) in the deployment manifest. This ensures that if someone manages to obtain your published application files, the files cannot be installed on an unauthorized server from which unauthorized users can launch the application.

When you move your published application to a different location, you have to update the deployment provider URL in the deployment manifest to reflect the new location. Because this changes the contents of the manifest and the manifest contains a digital signature, you must also sign the revised deployment manifest with a publisher certificate.

In a large enterprise environment, it is unlikely that you will use your company's production publisher certificate when you are developing your application. To sign a ClickOnce deployment manifest, you need a .pfx file that contains both the public keys and private keys for the publisher certificate. Typically, in large organizations, access to the private keys for company certificates is closely controlled to avoid exploitation by former or malicious employees.

As a result, in addition to updating the deployment provider URL when you move the application to a production server, you might also have to sign the updated manifests. Both the application manifest and the deployment manifest must be signed with the same publisher certificate. The deployment manifest contains an application reference that includes the public key token of the application manifest. Therefore, if you use a new certificate when you sign the application manifest, you also have to update the application reference in the deployment manifest, in addition to updating the deployment provider URL, and then sign the deployment manifest.

Note:

If you are using a .NET Framework version that is earlier than 4.0, you might encounter a problem if you use a different publisher certificate than the installed version when you publish updates. If you are targeting .NET Framework 3.5 SP1 and using automatic updates or if you are targeting .NET Framework 4.0, this problem does not occur. For help with other versions or for more information, see the MSDN article, Certificate Expiration in ClickOnce Deployment (http://msdn.microsoft.com/en-us/library/ff369721.aspx)

To summarize, when you move an application to a new server, you will perform one of the following two procedures.

Using the Manifest Management Utility

To move the application and use the Manifest Management Utility to sign the revised manifests

1. Copy the contents of the application's publish folder to a folder on the new deployment server. You can use any file copy mechanism to do this.
2. Open the deployment manifest and update the deployment provider URL to the URL that users will use to launch the application from the new server.
3. Sign the deployment and application manifests.
4. Update the deployment URL stored in the bootstrapper (Setup.exe file).

This example procedure, Moving an Application to a Different Server (Automated Process), also shows you how to set up and use a file share to deploy your application.

Using Scriptable Commands

To move the application to a different location by using scriptable commands

1. Copy the contents of the application's publish folder to a new local folder. You can use any file copy mechanism to do this.
2. Copy the signing certificate to be used and the command-line Mage tool (Mage.exe) into the same folder.
3. If you are using a new publisher certificate, use it to sign the application manifest.
4. Update the deployment provider URL in the deployment manifest.
5. If you are using a new certificate, update the application reference within the deployment manifest to the newly signed application manifest.
6. Use the publisher certificate to sign the deployment manifest. (The certificate can be either the original certificate or a new one.)
7. Update the deployment URL stored in the bootstrapper (Setup.exe file).
8. Copy the deployment manifest to the versioned folder under the Application Files folder.
9. Copy the deployment package to the new deployment location.

For detailed information about how to complete the preceding two procedures, see:

• Moving an Application to a Different Server (Automated Process)
• Moving an Application to a Different Server (Manual Process)