Some time ago Google finally pulled NPAPI support from Chrome, nuking the ClickOnce support in Chrome altogether. Still Chrome is a popular browser, and ClickOnce is very convenient for users. Therefore I am trying to come up with a deployment user experience for ClickOnce apps (specifically VSTO add-ins for Outlook) and Chrome that does not suck.
Here are alternatives I tried:
- Recommend users install ClickOnce Chrome extension (Meta4 ClickOnce launcher, Windows Remix ClickOnce handler, CacheNet ClickOnce for Chrome, etc). All of these actually install a click handler application that launches .NET handlers for .VSTO files. As of Chrome 55.X all these no longer work because Chrome also blocked .exe installers that used to come with these. Even when those are fixed, this means a user will have to download and install 3rd party .exe file, which basically renders the use ClickOnce pointless: I could have packaged my own installers as .exe too (see next).
- Make users download and run bootstrapper file (setup.exe) instead. The file gets generated with the ClickOnce app, it is exactly one file to download and it pulls the rest of the stuff from net. As of now, however, Chrome, SmartScreen and whatever antivirus users have will likely yell at setup.exe being downloaded despite it is being signed by proper CA (unless you have millions of downloads). Which, again, is a deal killer.
- Make application manifests runnable locally. OK, Chrome doesn't know how to handle .VSTO manifests, but at least it downloads them. What if I somehow cook .VSTO manifest so that when user double-clicks it, it just starts the deployment? Well, we are 80% there, except as of today this exact scenario results in "Deployment and application do not have matching security zones.". It looks like ClickOnce assumes that if the file is launched from the local hard drive it is automatically "local" and entire deployment should be "local" too. So this is option is dead too.
- Ask users to open the link in IE. Last resort is basically to admit your defeat and do ye olde thing circa 2001 - ask the user to open the link or the whole download page in IE.
Last option works but this sort of user experience is an embarrassment by 2016 standards and my PMs will likely say "to hell with it ClickOnce, grab wix or IS, do a regular installer".
Hence the question:
Am I missing some options (something that you may have tried that worked) or is this correct assessment of the current situation with ClickOnce?
UPDATE: if someone from MSFT reads these: guys, ClickOnce has a great potential for deployment and updates. Can you please consider removing the damn TargetZone feature from manifests or at least make sure it still can run when you just launch the manifests files with double-click. I think without it option #3 could have worked, which wouldn't render the whole thing unusable for 60% of internet... ;-)