A ClickOnce application or a WPF XAML browser application displays no notification that asks whether you want to run the application when you try to run the application in the Internet Zone in Internet Explorer

Article ID: 2562394 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario:
  • You browse to a page that has a ClickOnce application or a WPF XAML browser application (XBAP).
  • The application is configured to run in "online-only" mode.
  • You try to run the application in the Internet Zone in Internet Explorer.
In this scenario, the application does not display notification that asks whether you want to run the application.
Back to the top | Give Feedback

CAUSE

This issue occurs because by default, ClickOnce applications and WPF XBAPs do not display notification dialog boxes when you run the applications in "online-only" mode.
Back to the top | Give Feedback

RESOLUTION

To resolve this issue, install the specific security update for your system that is described in Bulletin MS11-044. For more information, visit the following Microsoft webpage:
http://www.microsoft.com/technet/security/bulletin/MS11-044.mspx
(http://www.microsoft.com/technet/security/bulletin/MS11-044.mspx)
Back to the top | Give Feedback

MORE INFORMATION

The signature-verification process for ClickOnce applications and for WPF XBAPs is updated to help you recognize when you are running untrusted applications from the Internet Zone. After you install the MS11-044 security update, you see an Application Run dialog box that is typically encountered when you use Internet Explorer to access an application over the Internet.

If existing ClickOnce applications or WPF XBAPs are expected to run from the Internet in online-only mode without dialog boxes being presented, changes may have to be made to those applications for the applications to continue to run correctly after MS11-044 is installed. 

To revert to the application's start behavior after you install the update, use one of the following methods:
  • Add a trusted publisher
  • Add a trusted site

How to add a trusted publisher

  1. Obtain a digital certificate from a certification authority (CA). For more information about how to obtain a digital certificate, visit the following Microsoft Developer Network (MSDN) website:

    Introduction to Code Signing
    (http://msdn.microsoft.com/en-us/library/ms537361.aspx)
  2. In Internet Explorer, click Internet options on the Tools menu, click the Content tab, and then click Publishers.
  3. Click Import, and then follow the Certificate Import Wizard instructions.
For more information about how to add a trusted publisher, visit the following MSDN website:
How to: Add a Trusted Publisher to a Client Computer for ClickOnce Applications
(http://msdn.microsoft.com/en-us/library/ms172241.aspx)

How to add a URL to the Trusted Sites list

  1. In Internet Explorer, click Internet options on the Tools menu, click the Security tab, click Trusted Sites, and then click Sites.
  2. Type the URL of the site into the Add this website to the zone text box, and then click Add.
For more information about how to add a URL to the Trusted Sites list, visit the following Windows Help website:
Security zones: adding or removing websites
(http://windows.microsoft.com/en-US/windows-vista/Security-zones-adding-or-removing-websites)

Also in this update

In addition to the changes that are listed in the "Vulnerability Information" section of bulletin MS11-044, this security update also deprecates ClickOnce support for MD2 and MD4 hash. After the update is applied, applications that are signed with an MD2 or MD4 hash will no longer run.
Back to the top | Give Feedback

Properties

Article ID: 2562394 - Last Review: June 14, 2011 - Revision: 1.0
APPLIES TO
  • Microsoft .NET Framework 4
  • Microsoft .NET Framework 2.0 Service Pack 2
Keywords: 
kbprb kbhowto kbinfo kbsurveynew kbexpertisebeginner KB2562394
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top