locked
Certificate installation for Full Trust RRS feed

  • Question

  • I have a XBAP application that requires full trust to run. For this I need to install a certificate. I understand how to create it, and how to manually install it on the client machine so that my application runs.

    What I can't find out is how to get the certificate installed automatically. What I would like to do is have something like when you install Flash for the first time. It comes up at the top that a plug-in needs to be installed, and then runs through the setup. Or it comes up that a certificate needs to be installed and then installs it.

    Before anyone tries to convince me that running the app in full trust is not a good idea, I have had a look at this, and full trust is the only way that I can go. The application is a full document management system, with scanning and image manipulation. The only way I can get the scanning and image manipulation working is through full trust. There is just no other way. The application will be installed on a corporate intranet, but with access granted to the internet for specific users.

    Can anyone tell me how to do this?

    Tuesday, January 5, 2010 6:29 AM

Answers


  • You can write an application that does this for you.  In fact, it's not particularly hard to write a WPF ClickOnce .application that does it, THEN launches your Xbap after completion and exits itself.

    This page is useful for code snippets adding certificates to the user store: http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.add.aspx

    Another option that will soon be available would be to wait until .NET 4.0 comes out, then migrate your project to VS 2010.  In .NET 4.0, full-trust Xbaps coming from the Intranet or Trusted Sites zones can show a trust prompt just like a typical ClickOnce .application does.

    A final option, which may or may not be useful, is to automate a call to certmgr.exe using a .bat/.cmd file to add certificates to the store.  This is part of the .NET SDK though and may not be appropriate to distribute; but if this is for internal use, it may be the easiest solution.

    Hope this helps,
    Matt

    SDET : Deployment/Hosting
    • Marked as answer by RobAfrica Wednesday, January 6, 2010 2:38 PM
    Tuesday, January 5, 2010 9:03 PM

All replies


  • You can write an application that does this for you.  In fact, it's not particularly hard to write a WPF ClickOnce .application that does it, THEN launches your Xbap after completion and exits itself.

    This page is useful for code snippets adding certificates to the user store: http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.add.aspx

    Another option that will soon be available would be to wait until .NET 4.0 comes out, then migrate your project to VS 2010.  In .NET 4.0, full-trust Xbaps coming from the Intranet or Trusted Sites zones can show a trust prompt just like a typical ClickOnce .application does.

    A final option, which may or may not be useful, is to automate a call to certmgr.exe using a .bat/.cmd file to add certificates to the store.  This is part of the .NET SDK though and may not be appropriate to distribute; but if this is for internal use, it may be the easiest solution.

    Hope this helps,
    Matt

    SDET : Deployment/Hosting
    • Marked as answer by RobAfrica Wednesday, January 6, 2010 2:38 PM
    Tuesday, January 5, 2010 9:03 PM
  • Thanks Matt,

    I will see if I can get this working. By the time my application is fully developed, .NET 4.0 might already be out. So I may wait foir that.

    Robert
    Wednesday, January 6, 2010 2:38 PM