I have a Silverlight application executed within a browser that uses the scanner by WIA, I configured my server and my client (I allowed Silverlight to elevated trust in browser,
I signed the xap after I installed the certificate into Trusted Editors and Trust root (into the machine store) , change the registry value,etc all wich it's specified in http://support.leadtools.com/CS/forums/40466/ShowPost.aspx) and when I've published in my local IIS and I load the test page from the same machine: the application works but when i've tried to access to the page from another machine (with internet explorer with a low secured settings and Runned as administrator) I got the exception with the message this operation is not supported in the current context.
what's wrong?
can you help me?
Thanks in advance!
Here is the official Microsoft guide for allowing elevated trust in browser:
http://msdn.microsoft.com/en-us/library/gg192793(v=vs.95).aspx
See: 1.Configure the target computers to allow trusted applications inside the browser by setting the following registry key:
And I don't think you can use a self signed certificate.
Maybe you have to install the certificate on each individual machine you intend to use the app on?
The certificate may work fine run from local host as it uses the test certificate, but is different when accessed from the server.
This would make sense as the elevated trust setting is made for enterprise use.
Check this blog post out, it's a really good guide on how to set up a trusted app.
Silverlight 5 Trusted applications
Related
I am deploying a WPF application, in my local computer its works fine but when I deploy in a production server I have an error "Trust not granted". I changed of certificate and I set all of a recommendations in Stack Overflow suggestions buy I have no permissions in my IE to run of application.
In production server I set the truth level in full(Internal), but it is not working.
Any suggestions?
I was able to solve my problem following this link:
how-to-run-wpf-xbap-as-full-trust-application
Be sure Import certificate file from "Trusted Root Certification Authorities" tab
and from "Trusted Publishers" tab
The application just can be opened with Internet Explorer, using another browser we must copy dlls and make some changes that not apply to this question
I have a problem with my web application. I develop using VS 2013 (run as Administrator) and Windows 8.
When I debug using IIS Express - everything works fine, without any errors (I run VS as Administrator). When I change project properties to use Local IIS (it's installed) - I cannot use external library which is placed in GAC (Microsoft.FlightSimulator.SimConnect). Also I run VS as Administrator.
Thrown error: "HRESULT E_FAIL has been returned from a call to a COM component" - this says nothing to me. This is thrown during creating new SimConnect object:
var simconnect = new SimConnect(...)
OFC, to use SimConnect, firstly Microsoft Flight Simulator should be launched (and it's started). This was proposed reason of the problem which I found in the Internet - second one was granting permissions (described below).
Details:
I have two projects in solution: library project (which is used to connect to the FSX) and web project (MVC - to present the results).
1) I tried to move whole library project content to the MVC project - nothing.
2) I used IIS manager to publish my website (with the seperate AppPool) - result the same as for Local IIS.
3) I granted permissions to the folder (where projects are placed) for my own AppPool and also for IUSR, IIS_IUSR and DefaultAppPool - full access. And nothing.
4) I ran FSX as Administrator - also nothing :/
I found the workaround: I moved the library project to the another project - console application where I used HttpSelfHostConfiguration to host that. And later, I call this api from the main project (MVC). For this solution everything works fine (I tested for Local IIS [debugging] and also for IIS Manager). I have to only run the Host Api project as Administrator.
I'm very curious what is the reason of the exception. And additionally: how to resolve that :)
It seems like the problem with the permissions - but I granted to the every used AppPool.
Can be the reason lack of permissions for dll in GAC? I don't think so, but I have no idea what to do. If yes, how to grant permissions for dll in GAC (or how to copy that)?
#Krzyrok, Had the same issue recently on my one of my projects where I used external libraries. After following endless crumbs I got it resolved. Change your application pool identity from "ApplicationPoolIdentity" to "LocalSystem". I also changed the sites Anonymous Authentication to "Application pool identity" from the specified IUSR but tested it and it can be left on IUSR. I also granted permissions to the folder for IUSR and IIS_IUSR.
If someone comes across this problem, it is possible that the problem is that you have not configured SSL for your localhost site. The site might be trying to communicate via https port 443 and it cannot find the site there. The site may be hosted only on the unsecure http port. To solve this problem,
Go to IIS Manager
Right Click on the Website
Click on Bindings on the right
Click on Add
Select https
Select the IIS Express certificate
Click OK
I was using the physical path of the \bin folder as the basic settings physical path of the web site in IIS. I forgot I had to publish the web service and use the publish path as the basic settings physical path of the IIS website.
I have created several applications, these are deployed on the server and will be opend by the user from the network.
Each time a user opens a application they get confronted with a security warning:
Open File - security warning
We can't verify who created this file. Are you sure you want to run this file?
Is it possible to supress this message by code?
I found an article that says I need to Sign the application but unfortunately this is not help. Another article I found says I need to manual change the security level, but that is not what I want.
I just want Windows to trust my applications.
You have to sign your application with an so called "Microsoft Authenticode Certificate". Furthermore you need to register the Certificate as Trusted Publisher on all affected machines (easy if you are in an business environment with an Active Directory).
You could use the Windows Certificate Snapin (press CTRL + R and type Certmgr.msc) to display all installed certificates on your machine. There you will find a folder named trusted puplisher. However this is only possible in business environments where you have some kind of control over the network (active directory etc.). If you're distributing your application over the internet you will have a hard time ;)
Remember, certificates are about trust and there is a reason for this warning because an *.exe file could indeed harm your computer.
EDIT:
helpful post about Microsoft Authenticode Certificates
I made a site using VS10 Ultimate [ASP.NET] and when I build & run it runs the severer locally, while I want to test it for security issues via Linux.
How can I run it globally ?
Thank you!
Your development machine probably has IIS installed. Copy the code or the compiled code to the web root of this installation. If you want to put it on another computer, then that will need to have IIS, relevant version of .Net installed.
It would also help if you can setup your local DNS to resolve the name for your computer within the LAN setup so that you can reache the machine using a name rather than the IP.
This will allow you to test the security issues that are client side. For Server side security issues, you will need to create a server in your LAN that is configured similar to the actual server where you would be hosting your site.
You need to set up the site in IIS Server installed in your Windows machine to run it locally
See the links to learn more:
http://www.beansoftware.com/ASP.NET-Tutorials/Set-Up-IIS-ASP.NET.aspx
http://support.microsoft.com/kb/323972
You need an ASP.NET hosting service.
We have an application that is distribute to a varity of customers. Sometime it is installed on a network share. Usually we can give that application access with caspol.exe and grant the LocalIntranet Zone FullTrust. Sometimes the customers admins do not manage to grant that application access due to some network settings.
When we launch the exe it opens for a short time and appears in the Client Task Manager and disappears silently... now the question is there a tool which gives me some debugging or tracing details on that. Is there a tool to debug security issues like that... I assueme that this happens before any of my code is executed... and I do not see anything in the event trace neither on the client nor on the server...
Any ideas?
Can I recommend - perhaps look at ClickOnce - a click-once application can be hosted on a network share, but has much better security deployment factors. You just run the .application rather than the .exe (VS2005 and VS2008 have all the tools you need to publish a ClickOnce application trivially).
Also - in one of the recent service packs (perhaps with 3.5 SP1), I believe that mapped shares get more priveleges - so \\foo\bar\my.exe would still error, but f:\my.exe (to the same location) should work.
We're having similar issues with our applications which are usually placed on a network share. We're solving this issue by:
signing and timestamping all application components with Microsoft Authenticode certificate issued by Thawte.
deploying msi package containing security policy granting full trust to applications signed by our certificate.
If your company will not / cannot buy code signing cert, you can install a CA somewhere and issue cert for that purpose only ( I think it will work altough this cert will not resolve to trusted root. )
The other option, with a lot more hassle would be to strong-sign all assemblies, and grant full trust to all assemblies signed with that key.
Both approaches result in performing procedure once per workstation ( updated applications will still work ). I think it can even be propagated throughout the enterprise somehow, but never did that and don't know details.