locked
Programatically access Trusted Publishers list RRS feed

  • Question

  • Is it possible to programatically access the list of Office Trusted Publishers that one can see in the Excel Trust Center > Trusted Publishers dialog?

    I am writing an installer (In .Net) for a VBA/.Net add in.  The Addin is signed, but of course if the publisher is not trusted then it will not run.  And of course the user is not told why it will not run, I just get a support message "It don't go."

    <rant>

    All this Security Through Obscurity is very annoying.  It does nothing to stop real hackers, heck if my installer is running I am God anyway.  But it is a pain in the arse for honest developers.  And not providing clear error messages to users "to improve security" is particularly awful.

    </rant>


    Anthony

    Tuesday, March 12, 2013 1:36 AM

Answers

  • To access TrustedPublishers programmatically look like this. It appears that the API doesn't offer us "IssueTo" property directly. The Subject property is pretty much the replacement. Hope this help you.

    using System;
    using System.Text;
    using System.Security.Cryptography.X509Certificates;
    public class Dev
    {
        static void Main(string[] args)
        {
            var store2 = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);
            Console.WriteLine("TrustedPublisher:");
            PrintCerts(store2);
            Console.WriteLine();
        }
        static void PrintCerts(X509Store store)
        {
            store.Open(OpenFlags.OpenExistingOnly);
            foreach (var cert in store.Certificates)
            {
                Console.Write("{0} - {1}", cert.FriendlyName, cert.Subject);
                Console.WriteLine();
            }
        }
    }


    Forrest Guo | MSDN Community Support | Feedback to manager

    Thursday, March 14, 2013 9:26 AM

All replies

  • Hi Anthony,

    Thank you for posting in the MSDN Forum.

    I'll consult your issue with my colleague. You'll be informed if there's any update.

    Thank you for your patience and understanding.

    Best regards,


    Quist Zhang [MSFT]
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, March 14, 2013 6:22 AM
  • To access TrustedPublishers programmatically look like this. It appears that the API doesn't offer us "IssueTo" property directly. The Subject property is pretty much the replacement. Hope this help you.

    using System;
    using System.Text;
    using System.Security.Cryptography.X509Certificates;
    public class Dev
    {
        static void Main(string[] args)
        {
            var store2 = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);
            Console.WriteLine("TrustedPublisher:");
            PrintCerts(store2);
            Console.WriteLine();
        }
        static void PrintCerts(X509Store store)
        {
            store.Open(OpenFlags.OpenExistingOnly);
            foreach (var cert in store.Certificates)
            {
                Console.Write("{0} - {1}", cert.FriendlyName, cert.Subject);
                Console.WriteLine();
            }
        }
    }


    Forrest Guo | MSDN Community Support | Feedback to manager

    Thursday, March 14, 2013 9:26 AM
  • Hello Forrest,

    Yes, that looks OK.  Except the store should be StoreLocation.CurrentUser, not LocalMachine.

    Which raises the whole issue of having multiple stores.  Does Excel search multiple stores, or does the CurrentUser get all of them?

    Regards,

    Anthony


    Anthony

    Friday, March 15, 2013 4:40 AM
  • In my test, CurrentUser of two account hold the same Trusted Publishers. The two parameter StoreName.TrustedPublisher and StoreLocation.CurrentUser points to unique store, we should not go through other StoreName.

    Forrest Guo | MSDN Community Support | Feedback to manager

    Friday, March 15, 2013 5:48 AM