|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Tool for clickonce maifest and application signature validationIs there a tool (command line or otherwise) that can be used to validate the
signature of a ClickOnce manifest or application file? Thanks in advance! Jediah L. Hi Jediah,
When a ClickOnce appliacation is installed on a machine, ClickOnce Authenticode will validate the signature of the ClickOnce manifest and application files. IMO, there may be no such a tool to validate the signature of a ClickOnce manifest or application files. Could you please tell me why you want to do this with a tool? Sincerely, Linda Liu Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Because I'm about to write one, but I don't want to, if I don't have to. :)
In troubleshooting clickonce application failures, it's good to be able to click a few buttons (or run a quick script) that will validate the signature of the manifest or application files. It would also be beneficial for development teams in my organization to be able to validate the signatures; sometimes we've been finding for no apparent reason that a signature will not be valid, even though it was applied and compiled right through the .Net 2005 IDE - I'm just looking for a tool that can do the validation; otherwise I'll end up writing one. Show quote "Linda Liu[MSFT]" <v-l***@online.microsoft.com> wrote in message news:AxjCIsqIIHA.4200@TK2MSFTNGHUB02.phx.gbl... > Hi Jediah, > > When a ClickOnce appliacation is installed on a machine, ClickOnce > Authenticode will validate the signature of the ClickOnce manifest and > application files. > > IMO, there may be no such a tool to validate the signature of a ClickOnce > manifest or application files. > > Could you please tell me why you want to do this with a tool? > > Sincerely, > Linda Liu > Microsoft Online Community Support > > ================================================== > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > ications. > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues > where an initial response from the community or a Microsoft Support > Engineer within 1 business day is acceptable. Please note that each follow > up response may take approximately 2 business days as the support > professional working with you may need further investigation to reach the > most efficient resolution. The offering is not appropriate for situations > that require urgent, real-time or phone-based interactions or complex > project analysis and dump analysis issues. Issues of this nature are best > handled working with a dedicated Microsoft Support Engineer by contacting > Microsoft Customer Support Services (CSS) at > http://msdn.microsoft.com/subscriptions/support/default.aspx. > ================================================== > > This posting is provided "AS IS" with no warranties, and confers no > rights. > Hi Jediah,
Thank you for your prompt reply and detailed explanation! I am consulting this issue in our inner discussion group. As soon as I get an rely, I will get it back to you. Thank you for your understanding and patience! Sincerely, Linda Liu Microsoft Online Community Support I appreciate it - and look forward to a response - in the mean time, I
started a tool to do this - however, after getting into it, I found very little documentation in regards to the technical side of the manifest and it's various signatures and digests. I've put it on hold for the moment, as I have more pressing matters - but any additional information you could provide would be great! Thanks! Show quote "Linda Liu[MSFT]" <v-l***@online.microsoft.com> wrote in message news:iGARbIOJIHA.360@TK2MSFTNGHUB02.phx.gbl... > Hi Jediah, > > Thank you for your prompt reply and detailed explanation! > > I am consulting this issue in our inner discussion group. As soon as I get > an rely, I will get it back to you. > > Thank you for your understanding and patience! > > Sincerely, > Linda Liu > Microsoft Online Community Support > Hi Jediah,
I get a reply from our product team. In fact, there're two reasons why a ClickOnce application fails to launch. One reason is the mainfest signature is not valid and the other reason is that the hash of each file listed in the manifest doesn't match the actual file being deployed. To verify the signature on the manifest itself, .NET 3.5 ships with some classes that do this for you. You can use the System.Security.Cryptography.ManifestSignatureInformation class in the System.Core.dll assembly to do manual verification of a manifest signature. To verify the hashes of the manifest, you can refer to the code provided by an expert from our product team. The code reads the manifest and verify the hash of each file as listed in the manifest matches the actual file being deployed. You can run the code inside of VS as a post-build step, so that if the manifest contains bad hashes, the publish process is stopped. Please send an email to me to let me know your email address. As soon as I know your email address, I will send the code to validate the manifest hashes to you. To get my actual email address, remove 'online' from my displayed email address. Sincerely, Linda Liu Microsoft Online Community Support in 3.5 there is an API for that - that would allow to build a command line
tool.... you can also try MAGE.exe (part of the FX SDK) - not sure if this provides the needed functionality... ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) Show quote > Is there a tool (command line or otherwise) that can be used to > validate the signature of a ClickOnce manifest or application file? > > Thanks in advance! > > Jediah L. >  
Other interesting topics
|
|||||||||||||||||||||||
