tags:

views:

100

answers:

1
Q: 

.NET Publisher Certificates

I'm using a book for studying for .NET certification, and I'm stumped on the issue of publisher certificates.

Background:

Windows Vista Home Basic SP2 Visual Studio 2008 .NET 3.5 SP1

Goal:

Write a simple C# console application that has its permission to read from a specific text file determined by the application's certificate.

Symptoms:

I am able to read from the file despite assigning the Nothing permission set to the code group that is conditioned by the application's certificate.

Steps taken:

  1. Wrote C# console application that uses StreamReader to read the file and output to the console. The application works as expected.
  2. On the application's properties, I used the Signing tab, set ON the checkbox for "Sign the ClickOnce manifest", clicked the Create Test Certificate button, and entered passwords.
  3. Next, I clicked the More Details button, navigated to the Details tab, selected the Public Key row, and clicked the Copy to File button.
  4. In the Certificate Export Wizard, I chose not to export the private key, chose the DER encoded binary X.509 format, and provided the path of the .CER file.
  5. Next I rebuilt the application.
  6. I opened the .NET Framework 2.0 Configuration tool.
  7. I navigated to My Computer > Runtime Security > Machine > Code Groups > All_Code
  8. Right clicked All_Code, and selected New to begin the Create Code Group wizard.
  9. Gave the new code group a name, then selected the Publisher condition type.
  10. Clicked the Import from Certificate File button, then selected the newly created .CER file.
  11. Next I selected the Nothing permission set.
  12. When running the application, which should now be a member of the new code group, it still works the same. I would expect that if it's a member of the Nothing permission set that it couldn't read the file.

Thanks for any insight you can provide. I'm probably missing one little detail. I wonder if this has anything to do with using Vista Home Basic.

A: 

Can your application read the file in question w/o any certificate?

Adding Nothing to a set of existing permissions won't change much.

Henk Holterman  2009-09-01 16:34:39
Henk, in step 1 I was writing and running the program without a certificate. I didn't add that until later.I was under the impression that Nothing would keep the executable from executing if it were found to be a member of the new group, so it was my test to see if .NET was including it as a member. Am I off base on understanding Nothing? Is there a better existing permission set to use to test whether .NET is including the executable as a member of the new group. I'd like to make sure the inclusion is working before pointing it to a new permission set of my own making. Thanks!
Clint  2009-09-01 18:27:02
You do understand Nothing, but the 'matching evidence' process is additive, you are adding your Nothing group to the normal rights. To investigate you should create a Folder where the app can't wirite w/o the certificate, then Add rights to the group.
Henk Holterman  2009-09-02 20:26:59
I finally found a page that explains what I needed to know. My problem was with the creation of the certificate. As indicated in the original question, everything I was trying was on the signing tab of the application's properties page in Visual Studio. It appears that creating the test certificate here is not enough to have that certificate work as a Publisher condition. Briefly, the steps were MakeCert, Cert2spc, SignTool, and CertMgr. Afterward I continued at step 6.http://www.c-sharpcorner.com/UploadFile/ankithakur/PublishersBasedSecurity12012006061621AM/PublishersBasedSecurity.aspx
Clint  2009-09-04 15:32:52
The other thing I finally found was the Evaluate Assembly tool in the .NET Framework 2.0 Configuration tool. This proved that my application was not being found in the code group I had created until I took the steps outlined on the site.<br><br>My question now turns to this: Functionally speaking, which of the steps from the web site are omitted from the original steps. I'm trying to understand the difference between the Visual Studio approach versus the command line approach. Obviously the UI is different - just trying to understand the functional difference.
Clint  2009-09-04 15:45:33
Clint, you probaly should see how far you get and maybe ask a new question.
Henk Holterman  2009-09-04 16:07:54

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?