Sharing an app package locally (Windows Store apps)

  • Article

After you develop a Windows Store app, you might want to install it on one or more local computers so that you or others can test it. Before you can install a Windows Store app on another computer, you must create an app package and then run a Windows PowerShell script.

Create an app package

Before you can install your app, you must first create an app package. For information about how to create a package, see Creating an app package.

The app package that you create is located in the output folder that you specified for the package location and is named PackageName_Test. The folder contains an .appx file, a security certificate, a Windows PowerShell script, and other files.

Install the app package for testing

  1. In the Visual Studio output directory, find the Add-AppDevPackage PowerShell script alongside your .appx file.

  2. On the shortcut menu for Add-AppDevPackage.ps1 file, choose Run with PowerShell.

    Important

    If you are a member of the Administrators security group on the local machine but you don't have permission to access the network share where the Add-AppDevPackage.ps1 file is located, an error message that the script file doesn't exist might appear. To work around the access issue, copy the contents of the output folder to your local machine before you run the script.

    The script performs the following steps.

    1. Displays information about the certificate that the script will install. The script also displays a warning message about the risks of changing the execution policy on your local machine. The execution policy helps protect you from scripts that you don't trust. If you change the execution policy, you might be exposed to the security risks that about_Execution_Policies describes.

      Note

      If you launched the script directly from PowerShell instead of by using the shortcut menu, no warning will appear about the risks of changing your execution, and the script will fail. To work around this issue, change the execution policy manually and then run the script again.

      You must confirm that you want to change the execution policy by entering Y. If you enter N, you'll skip this operation and proceed with the next operation. If you enter S, you'll pause the current pipeline and be returned to the command prompt. If you enter the word exit, the pipeline will resume.

    2. Verifies whether you have a developer license. If the script doesn't find one or your current license has expired, you're prompted to get one.

      To get a developer license, you must have a Microsoft account. For more information, see Get a developer license (Windows Store apps).

    3. Verifies whether an app package and any required certificates are present. If items are missing, a message asks you to install them before this developer package is installed. For example, if the developer certificate is missing from the local machine, you’ll be prompted to install it. You’ll also be warned that installing a digital certificate to your machine's Trusted People certificate store carries a serious security risk and you should do it only if you trust the originator of this digital certificate. When you’re done using this app, you should manually remove the associated digital certificate from the machine's Trusted People certificate store. For information about how to remove a certificate, see How to use the Certificates Console. You must confirm whether you want to continue.

      The signing certificates must contain the following values:

      • Enhanced Key Usage: Code Signing (required)

      • Basic Constraint: Subject Type=End Entity (required)

      • Lifetime Signing EKU (optional)

      Any other EKUs will invalidate the certificate. If the script doesn't find the required values, an error appears.

    4. Verifies the presence of any required dependency packages.

    5. Installs any dependency packages and then the app package.

      When the app package has been installed, displays “Your developer package was successfully installed.”

  3. On the Start screen, choose the tile that shows the name of your app.

    The app starts.

Security noteSecurity Note

If the PowerShell script won't run and no error message indicates the reason, the user access control (UAC) on the machine might have been changed. The default UAC setting is Notify me only when apps try to make changes to my computer (default), but it can be changed to Never notify me. If you use a standard user account to log on to a machine whose UAC is set to Never notify me, any changes that require administrator permissions are automatically denied. Under these circumstances, the PowerShell script starts but requires adminstrative permissions to continue. The UAC dialog box doesn't appear, and Windows automatically prevents the script from making changes. To resolve this issue, either change the UAC setting or run the script as an administrator.

When you run the Add-AppDevPackage.ps1 PowerShell script, Visual Studio uses the Get-AuthenticodeSignature function to determine whether it should install the TEST Visual Studio Certification Authority test signing certificate. If the test signing certificate is already installed in the node Certificates – Current User > Trusted Root Certification Authorities > Certificates, the function returns a value that indicates that that the signature is valid. However, deployment of the package will still fail because Windows doesn't trust the certificate. For Windows to trust the certificate, the certificate must be located in either the Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates node or the Certificates (Local Computer) > Trusted People > Certificates node. Only certificates in these two locations can validate the certificate trust in the context of the local machine. Otherwise, an error message that resembles the following string appears: “Add-AppxPackage : Deployment failed with HRESULT: 0x800B0109, A certificate chain processed, but terminated in a rootcertificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)error 0x800B0109: The root certificate of the signature in the app package must be trusted.” If this error appears, move the test signing certificate into either of the two Certificates (Local Computer) nodes just described. For information about how to move a certificate, see How to use the Certificates Console.

See Also

Concepts

Signing an app package (Windows Store apps)

Building an app package at a command prompt (Windows Store apps)