Deploying LOB Store Apps (via Sneaker Net and beyond)
As a consultant, I run into weird one of a kind situations from time to time. Hopefully this post will help the next person from trying to figure things out from scratch.
Situation: You have written a Universal Windows App (C#/JS does not matter). This app needs to be deployed to devices. You can not use store deployment since the app will not be distributed via the stores. The app will be distributed to devices not in the same domain and not controlled by traditional admins.
So I scratched my head a number of times and spun anround the tracks for a while before I came up with the following working solution:
Create your UWP Package
Step 1. Write your UWP (Test etc).
Step 2. Once the app is ready, we have to sign and create the app for deployment. You need to get an official code signing cert from a trusted certification provider. Digicert comes to mind. Take your .pfx and import it to the machine. You can do so by double clicking on the .pfx file and following instructions.
Step 3. Now, go back into the visual studio project and select the newly imported certificate to sign your app. (package.appmanifest file)
Step 4. Save the project and build the project from command line using the following command:
MSBuild MyApp.csproj /p:Configuration=Release;AppxBundle=Always;AppxBundlePlatforms="x86|x64|ARM" /p:BuildAppxUploadPackageForUap=true
Step 5. That will create a fully signed and ready to go package.
Deploy the package
In order for us to deploy the package, we have to do a few things. Make sure that the device that you are deploying is going to be in developer mode. Import the .cer file to the machine and finally installing the package.
Step 1. Developer Mode.
You can manually set the developer mode from settings app or set the registry keys from any traditional desktop app. Following code block sets the developer mode on a 64bit machine.
var basereg1 = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64); var reg1 = basereg1.OpenSubKey(@"software\microsoft\windows\currentversion\appmodelunlock", true); reg1.SetValue("AllowAllTrustedApps", 1, RegistryValueKind.DWord); reg1.SetValue("AllowDevelopmentWithoutDevLicense", 1, RegistryValueKind.DWord);
Step 2. Import the cer certificate.
To import the certificate run the following code block. The runas verb will require admin access to the machine.
string cmdExe = "certutil.exe"; string path = "PathToYourUWPApp\\UPW APP.cer"; string cmdParm = "-addstore TrustedPeople " + path.ToString(System.Globalization.CultureInfo.InvariantCulture); Process myProcess = new Process(); myProcess.StartInfo.FileName = cmdExe; myProcess.StartInfo.Arguments = cmdParm; myProcess.StartInfo.UseShellExecute = false; myProcess.StartInfo.CreateNoWindow = true; myProcess.StartInfo.Verb = "runas"; myProcess.Start();
You are esentially running this in command:
certutil.exe -addstore TrustedPeople PathToYourUWPApp.cer
Step 3. To install the app, you have to run the following command via powershell:
Add-AppxPackage -path PathToYourAppxPackage.appxpackage -ForceApplicationShutdown
That command set can be run via code as follows:
string cmdExe = "powershell.exe"; string path = "PathTOYourUWPApp.appxbundle"; string cmdParm = "Add-AppxPackage -path '" + path.ToString(System.Globalization.CultureInfo.InvariantCulture) + "' -ForceApplicationShutdown"; Process myProcess = new Process(); myProcess.StartInfo.FileName = cmdExe; myProcess.StartInfo.Arguments = cmdParm; myProcess.StartInfo.UseShellExecute = false; myProcess.StartInfo.CreateNoWindow = true; myProcess.Start();
Notice that add-package command does not require admin access so you can run it from any user as long as step 2 was done with admin user.
That should do the job. At this point, you can overwrite it with updated packages if needed by using lines in step 3 over and over again on the machine with updated appxpackage. If desired, you can even "phone home" and fetch an update and update or use a USB stick with a simple WPF/WinForm/CommandLine app and appxpackage for future distributions and updates.