Windows >
Windows Forms Forums
>
ClickOnce and Setup & Deployment Projects
>
Generate MSI Install for Certificates...
Generate MSI Install for Certificates...
- Well,
So here it is. I have found that the ability to create Setup (deployment) projects is very limited in Visual Studio, but all other methods that involve the "special" needs i have cost money, and I'd rather not do that if I can.
I have already a project that is designed to Install my GAC assembly. It's a base assembly that is best served as a part of the GAC, since not only do all my applications use it, but it's integrated into the configuration(my settings) system and I simply prefer it there.
I'm developing my projects for only Internal Company use (we are not a software company, but we have many things that need a little special assistance from someone with my skills), which means we aren't going to pay for a root certificate authority just to run our own internally developed applications. So I've created two self-generated certificates that so far have resolved all our issues with that regard. (I can create excel macros, .net applications, and sign them with our Software certificate which is based of our Root Authority certificate, and voila no more annoying dialogs).
However, running around to everyone's computer (including the ones that are several States away) is not plausible, and thus I wanted to make a simple "installation" that will install my GAC assembly as well as the two certificates in their appropriate Certificate Store. (I grant there may be some warning messages that WIndows pops up, but that is fine, i am not concerned if the user has to click an extra button).
So: How do I do it?
I've got the Setup project, with the one dll listed under the GLobal Assembly Cache Folder in the project so that part works, but now, how do I get these certificates installed.
Granted I could use the certmgr.exe tool that comes with .Net (or is it Windows 6.0 sdk, these things are all in my path so I forget specifically where they come from) but how would I:
A) Create a Temp Installation folder that runs the CertMgr (or a batch file that does so) but then deletes the temp folder when completed?
or
B) Install the certificate in some other fashion with either c# code or vb code?
Thanks
Jaeden "Sifo Dyas" al'Raec Ruiner
"Never Trust a computer. Your brain is smarter than any micro-chip."
All Replies
- What is the issue you're trying to solve with certificates? The reason why certificates are used is that they verify that you (or you code) is who you say you are. If you cert-sign an assembly it will attempt to go to the internet to verify the certificate (to somewhere like Verisign). Example: I can't simply supply you with a certificate that says that I am Microsoft and install it on your system. It must be verified with a 3rd party asnd that would say you can't trust this because this is not really a Microsoft certificate. Since you don't actually want an actual real certificate from someone like Verisign, I'm wondering what problem test certificates are solving, because they certainly aren't verifying anything about the code or where it comes from.
See this: Authenticode Signatures and network access:
http://blogs.msdn.com/shawnfa/archive/2005/12/13/502779.aspx
and keep in mind that on first load some caching of the certificate takes place, and that's what "installs" the certificate on a client system.
http://digital.ni.com/public.nsf/allkb/18E25101F0839C6286256F960061B282
Phil Wilson - well, i had this whole reply written and formatted out, but as usual i just sought out my own solution, utilizing the X509Certificates namespace and voila, I have a console application that installs my certificates. Granted the Pop up warning comes up, but that is expected and just fine. the idea is to stop the darned "Some programs can be harmful" warning every time one of my own company's users runs one of the applications I was requested to write. and since these are apps in the company, for the company, and by the company, there is no need to PAY another company for the privilege of not being harassed by windows security. so I fixed it using the above namespace, and now i'm good.
What I'd really like to know though, which was somewhat part of this question, is how I can now take that app that installs the certs and put it in as a custom action or something in the MSI setup project.
Thanks
Jaeden "Sifo Dyas" al'Raec Ruiner
"Never Trust a computer. Your brain is smarter than any micro-chip." Hi JaedenRuiner,
You said that you have an console application to install the certificate files. Based on my understanding, we can follow the steps below to install the certificates:
1. Add the console application and certificate files to the Application Folder in the File System view of the Setup Project.
2. Add a custom action to the Install node in which we can call the Process.Start method to call the console application to install the certificates.
These are some documents:
· How to add files to Setup Project:
http://msdn.microsoft.com/en-us/library/z11b431t(VS.80).aspx· How to add a custom action:
http://msdn.microsoft.com/en-us/library/d9k65z2d(VS.80).aspx· Process.Start method:
http://msdn.microsoft.com/en-us/library/system.diagnostics.process.start.aspxLet me know if this helps or not.
Aland Li
Please mark the replies as answers if they help and unmark if they don't. This can be beneficial to other community members reading the thread.- Okay, that sucked. (the editor here really does toast too many posts that I have to rewrite).
Anyway, yes, the custom action info will be most useful. However, one question:
What if there are no application files?
This installation project is designed to install my universal libraries, ones that will not be changing anytime in the near future, so it installs them into the GAC. System.Configuration.Dynamic contains a settings provider and a derivative of the ApplicationSettingsBase class which basically affords the programmer the ability to Create run-time dynamically created Settings to be saved into the User Settings config file, as well as a few other tweaks i've added to make the My.Settings architecture more robust. So this one dll is listed in the Global Assembly Cache Folder in the deployment project. So even utilizing the Custom Action, is there a method of defining an "Installation Dependency" or something to that effect, which would install this assembly (in either applicaiton or assembly dll format) and run it during the installation process and then remove the "dependencies".
Basically when the Installation is finished the only thing on the computer should be:
A) GAC Installed Assembly
B) Installed Certificates in the appropriate stores.
Thanks
Jaeden "Sifo Dyas" al'Raec Ruiner
"Never Trust a computer. Your brain is smarter than any micro-chip."
