I'm writing a .NET 2.0 app
I want to deploy it in the net.
Apparently (due to an "unknow publisher warning" while downloading in the
browser) I have to give a strong name to my installer & my components.
My (.NET 2.0 beta2) project is a mix of C# & MC++.
- To authenticafe my MSI I need a .spc & a .pvk file
- To strongly named my C# assemblies with VS.NET 2005 I need to use a .pfx
file or a .snk file
- To strongly named my C++ assembly I guess I should use a .snk and the
assembly attributes
- Verisign could provide me certificate (is it a .cer???) from a .pvk file
- apparently I could create a .pvk file with makecert
- apparently I could create a .spc from a .cer with cert2spc
Now the questions are:
- how do I get a .pfx or .snk from, either, the .spc, .cer, .pvk files?
- I also tried (without success) all the 3 below line in my ManagedC++
project
[assembly:Assemb lyKeyFileAttrib ute("..\\..\\no vamind.snk")];
or [assembly:Assemb lyKeyFileAttrib ute("..\\novami nd.snk")];
or [assembly:Assemb lyKeyFileAttrib ute("novamind.s nk")];
but always get:
Error 2 fatal error LNK1256: ALINK operation failed (80040414) : Error
reading key file '..\..\novamind .snk' -- The system cannot find the file
specified. GnuStepCPP
what should I do?!?!
Now, could anyone give me simple direction!
I understand the concept! I just don't manage to put them into practice :-(
And the pratical documentation is awfully thin,
while the many article's author like to linger for an awfull number of pages
on the concepts it's very hard to find any practical implementation :-(
:-( :-(
which bring an other question:
I have found verisign, is there any other authentication 'registrar'?
--
NovaMind development team
NovaMind Software
Mind Mapping Software
<www.nova-mind.com> 2 5849
"Lloyd Dupont" <net.galador@ld > wrote in message
news:eV******** *****@tk2msftng p13.phx.gbl... I'm writing a .NET 2.0 app I want to deploy it in the net. Apparently (due to an "unknow publisher warning" while downloading in the browser) I have to give a strong name to my installer & my components.
There are two types of code signing used for .NET assemblies: strong name
signing and authenticode signing. The one that addresses the "unknown
publisher" issue is authenticode signing, not strong name signing. While
there's nothing preventing you from strongly naming your assemblies as well
(and there may be some potentially compelling reasons to do so), a strong
name is not necessary in this scenario.
My (.NET 2.0 beta2) project is a mix of C# & MC++. - To authenticafe my MSI I need a .spc & a .pvk file - To strongly named my C# assemblies with VS.NET 2005 I need to use a .pfx file or a .snk file - To strongly named my C++ assembly I guess I should use a .snk and the assembly attributes - Verisign could provide me certificate (is it a .cer???) from a .pvk file - apparently I could create a .pvk file with makecert - apparently I could create a .spc from a .cer with cert2spc
Let's ignore strong naming for the moment since it's adding unnecessary
complexity. For authenticode signing, you need a code signing certificate
and the private key that corresponds to the public key contained in that
certificate. Once you have the certificate and private key in hand, you
would use the signcode tool
(http://msdn.microsoft.com/library/en...igncodeexe.asp)
to sign your compiled assemblies. It makes no difference whether those
assemblies were originally written in C# or MC++.
While you can create test certificates with makecert, you should obtain your
production certificates from a CA (certification authority) that will be
recognized by your clients. If your application will be distributed outside
of a single enterprise, you will probably want to use a commercial CA like
Verisign or Thawte. (If you want a wider choice of CAs that are likely to
be trusted on Windows machines, a good place to start is the trusted root
CAs list on your machine.) If you are distributing your application only
within a single enterprise which runs its own CA, acquiring your
authenticode certificate from that CA may be more cost-effective.
As for delivered file formats and certificate application processes, these
can differ between CAs. The larger commercial CAs provide detailed guides
on both how to apply for their certificates (including the processes around
private key issuing), as well as how to use the files they will return to
your in order to actually sign your executables with makecert.
Now the questions are: - how do I get a .pfx or .snk from, either, the .spc, .cer, .pvk files?
You can use the pvkimprt tool
(http://www.microsoft.com/downloads/d...0-414BDFF679A7)
to either convert spc+pvk file pairs to a pfx file or a certificate (with
associated private key) in your certificates store. (The snk files used for
strong naming keys are not relevant to authenticode signing.)
- I also tried (without success) all the 3 below line in my ManagedC++ project [assembly:Assemb lyKeyFileAttrib ute("..\\..\\no vamind.snk")]; or [assembly:Assemb lyKeyFileAttrib ute("..\\novami nd.snk")]; or [assembly:Assemb lyKeyFileAttrib ute("novamind.s nk")]; but always get: Error 2 fatal error LNK1256: ALINK operation failed (80040414) : Error reading key file '..\..\novamind .snk' -- The system cannot find the file specified. GnuStepCPP what should I do?!?!
See http://blogs.msdn.com/shawnfa/archiv...14/438963.aspx. However,
keep in mind that you don't need to strongly name your assemblies simply in
order to use authenticode signing.
Now, could anyone give me simple direction! I understand the concept! I just don't manage to put them into practice :-( And the pratical documentation is awfully thin, while the many article's author like to linger for an awfull number of pages on the concepts it's very hard to find any practical implementation :-( :-( :-( which bring an other question: I have found verisign, is there any other authentication 'registrar'?
-- NovaMind development team NovaMind Software Mind Mapping Software <www.nova-mind.com>
Thanks, very interesting and well explained!
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. .. "Lloyd Dupont" <net.galador@ld > wrote in message news:eV******** *****@tk2msftng p13.phx.gbl... I'm writing a .NET 2.0 app I want to deploy it in the net. Apparently (due to an "unknow publisher warning" while downloading in the browser) I have to give a strong name to my installer & my components.
There are two types of code signing used for .NET assemblies: strong name signing and authenticode signing. The one that addresses the "unknown publisher" issue is authenticode signing, not strong name signing. While there's nothing preventing you from strongly naming your assemblies as well (and there may be some potentially compelling reasons to do so), a strong name is not necessary in this scenario.
My (.NET 2.0 beta2) project is a mix of C# & MC++. - To authenticafe my MSI I need a .spc & a .pvk file - To strongly named my C# assemblies with VS.NET 2005 I need to use a .pfx file or a .snk file - To strongly named my C++ assembly I guess I should use a .snk and the assembly attributes - Verisign could provide me certificate (is it a .cer???) from a .pvk file - apparently I could create a .pvk file with makecert - apparently I could create a .spc from a .cer with cert2spc
Let's ignore strong naming for the moment since it's adding unnecessary complexity. For authenticode signing, you need a code signing certificate and the private key that corresponds to the public key contained in that certificate. Once you have the certificate and private key in hand, you would use the signcode tool (http://msdn.microsoft.com/library/en...igncodeexe.asp) to sign your compiled assemblies. It makes no difference whether those assemblies were originally written in C# or MC++.
While you can create test certificates with makecert, you should obtain your production certificates from a CA (certification authority) that will be recognized by your clients. If your application will be distributed outside of a single enterprise, you will probably want to use a commercial CA like Verisign or Thawte. (If you want a wider choice of CAs that are likely to be trusted on Windows machines, a good place to start is the trusted root CAs list on your machine.) If you are distributing your application only within a single enterprise which runs its own CA, acquiring your authenticode certificate from that CA may be more cost-effective.
As for delivered file formats and certificate application processes, these can differ between CAs. The larger commercial CAs provide detailed guides on both how to apply for their certificates (including the processes around private key issuing), as well as how to use the files they will return to your in order to actually sign your executables with makecert.
Now the questions are: - how do I get a .pfx or .snk from, either, the .spc, .cer, .pvk files?
You can use the pvkimprt tool (http://www.microsoft.com/downloads/d...0-414BDFF679A7) to either convert spc+pvk file pairs to a pfx file or a certificate (with associated private key) in your certificates store. (The snk files used for strong naming keys are not relevant to authenticode signing.)
- I also tried (without success) all the 3 below line in my ManagedC++ project [assembly:Assemb lyKeyFileAttrib ute("..\\..\\no vamind.snk")]; or [assembly:Assemb lyKeyFileAttrib ute("..\\novami nd.snk")]; or [assembly:Assemb lyKeyFileAttrib ute("novamind.s nk")]; but always get: Error 2 fatal error LNK1256: ALINK operation failed (80040414) : Error reading key file '..\..\novamind .snk' -- The system cannot find the file specified. GnuStepCPP what should I do?!?!
See http://blogs.msdn.com/shawnfa/archiv...14/438963.aspx. However, keep in mind that you don't need to strongly name your assemblies simply in order to use authenticode signing.
Now, could anyone give me simple direction! I understand the concept! I just don't manage to put them into practice :-( And the pratical documentation is awfully thin, while the many article's author like to linger for an awfull number of pages on the concepts it's very hard to find any practical implementation :-( :-( :-( which bring an other question: I have found verisign, is there any other authentication 'registrar'?
-- NovaMind development team NovaMind Software Mind Mapping Software <www.nova-mind.com>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Rudi Groenewald |
last post by:
Hi there...
I use SQL server integrated security so when a user opens a database in
access it prompts the username & password in a small popup box on
connection, but I'd like to use my own customised form for the
authentication process, is this possible? I do know that this login popbox
is displayed before any forms are loaded, can it be said that on database
conenct that the form is opened? How will I transfer the values entered into...
|
by: Saravanakumar |
last post by:
Recently I have changed the VB Application for Authentication method
to connect to the SQL Server 7.0 database using the Windows NT
Authentication.
Later I had created permissions for Select, Insert, Update, Delete,
Exec everything based on the Windows NT Authentication on an Active
Directory Group based.
Now I am trying to use the application from the Windows 2000 machine.
It runs normal with the all rules applied.
|
by: Glen Scott |
last post by:
Hi, I'm writing an ASP app that administers an ISA server remotely.
The fact that it's an ISA server isn't my problem I believe.
My question? What is the security difference between disabling
anonymous access and using account X from the web client, versus
allowing anonymous access but using account X as the account that runs
the application?
When I configure my web application to allow anonymous access, but
set the anonymous process...
|
by: Champika Nirosh |
last post by:
Hi All,
We are about to develop a Content management system, that can view, edit
content online.
In our system, we have a file called "sample business letter"
workers... in ur system... are only allow to read (online through IE) what
ever the content they are permisionned to read
there are two workers named w1 and w2. who belong to the worker role
|
by: Dave Kolb |
last post by:
Is there any other solution for an ASPNET application to access
network resources other than running as SYSTEM, using delegation (a
nightmare to get to work) or the COM+ solution? I cannot seem to impersonate
a user and obtain network credentials using the DuplicateTokenEx call with
appropriate parameters even though the call seems to not fail. I check my
identity has changed but can only still do local commands.
I would consider...
| |
by: William F. Zachmann |
last post by:
A web site that will run on Windows Server 2003 and IIS 6.0 needs to provide
three levels of access, one for the public and two others for two levels of
subscribers. This is a port of a prior site that runs on an old version of
the Netscape Web server (which manages user authentication and access). The
three levels of access are currently served up by three different versions
of an ISAPI DLL, written in C++, also managed by the Netscape...
|
by: Jéjé |
last post by:
Hi,
I have a custom aspx page which access RS (Reporting Services) using the
webservice interface.
I'm using the delegation (defautcredentialcache) to send the user
authentication to RS.
RS and my web application are on the same server.
this works fine in 2 cases:
|
by: Roger |
last post by:
Hi,
I'm completely stumped with an issue of authentication.
I have an ASP.net application which is supposed to retrieve data from a
remote database. It is supposed to access the database using the domain
credential of the user that is accessing the page.
When I access the aspx page from a client, it generates an error: "An error
has occured: Login failed for user '(null)'. Reason: Not associated with a
|
by: serge calderara |
last post by:
Dear all,
How to configure in config file, the fact that all users get access to the
root web folder but only some of them to a restricted forlder
Any sample ?
thnaks for your help
regards
serge
|
by: TrinityPete |
last post by:
Hi all,
We have a web application that uses web services for data access and
retrieval. The web app and web services reside under IIS on the same
server(WIN2003). The virtual directories have been set for windows
authentication and both the ASP web application and the web services are
using windows authentication with impersonation of the logged on user. We
also set the web service credentials to CredentialCache.DefaultCredentials.
...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
| |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |