ClickOnce is a popular way to deploy and keep applications up to date without hassle. After being published to the server, these applications are downloaded to the end user’s machine so they can easily be decompiled and reverse-engineered like other .NET applications.
Protecting an application that is deployed via ClickOnce is usually very complicated. After protection, the application and deployment manifests must be manually updated using the Mage tool. Signing of manifests and assembly files must be done manually, as well.
With Dotfuscator, we’ve worked to make this process much simpler.
In 4x versions, Dotfuscator accepted the ClickOnce .application as direct input. It would re-generate the obfuscated assemblies along with the updated application package. The updated deployment manifest and protected binaries would then be copied to the ClickOnce deployment server to be downloaded by the end-user.
Starting with version 6, we’ve made this process even easier. We must integrate Dotfuscator into our application’s project file (.csproj, .vbproj).
Doing so triggers Dotfuscator to run before the packaging steps of our Release build. Protected binaries are then automatically packaged for deployment with no additional steps required.
We’ve worked with customers that deploy through ClickOnce, and also create an installer for offline installs. This process allows us to do both without any additional steps.
Here, you can download a simple ClickOnce project with Dotfuscator integration. A release published of this project generates obfuscated binaries. Double-clicking the .application manifest simulates the ClickOnce application’s download and installation on the client’s machine.
If you have feedback on this topic or other topics you would like us to discuss in the Support Corner, please contact our Support Department.