silverlight 5 signing xap file

Question

I'm facing trouble with signing my Silverlight file (.xap) in a website. We're deploying this website in an intranet and, since we're accessing the usb port on the client, we definitely need to have elevated rights on the client machine.

I've read that it can be done by creating a certificate and install it on the client machine, and I followed the following article : http://msdn.microsoft.com/en-us/gg315158 . For tests purpose, I created a basic Silverlight control that display "You are elevated" or "You are not elevated" depending on the client configuration.

Now my problem is, I signed my xap file with my .pfx file, into Visual Studio, but I still don't have the elevated rights on the client machine. On my development machine, I receive the "You are elevated" message because of some dev configuration I guess...

I tried to install my certificate manually on my client machine but it still doesn't work.

When accessing my website, the silverlight control starts but display that I'm not in an elevated mode. It doesn't pop any message to ask the user to get the certificate or anything...

What am I missing ?

hey there! i am having the same problem (http://stackoverflow.com/questions/12142523/getting-a-system-net-sockets-socketexception-for-connect-operation) - could you find a solution for your problem? — , Aug 27 '12 at 14:05
I bought a certificate (verisign) and signed my xap file with it... I had to add the registry entries like Rumplin said in the answer below... Since it's signed by a certified authority you won't get any warning anymore... Did you try that? — Andy M, Aug 27 '12 at 19:55
the official certificate might be the problem :) however I do not get any warning with my self-signed certificate ... it's simply not working and spitting out *no* warning ... — , Aug 28 '12 at 05:25
btw ... do you need to install the officially signed certificate on each client? — , Aug 28 '12 at 06:09
You need to install the public (!!!) certif on each client and perform the registry entries on each client as well... I don't have my source code but i remember that, i had so much trouble because i didn't install my certif at the correct locations in the certificate store... — Andy M, Aug 28 '12 at 06:11
I remember that you need to put your certificate in a store called 'trusted publisher' on each client... Take care of the 32/64 bits system of you clients (it will change the registry entries locations )... — Andy M, Aug 28 '12 at 06:16
Have a look here as well : http://stackoverflow.com/questions/11678646/enabling-in-browser-elevated-trust?lq=1 — Andy M, Aug 28 '12 at 06:17
I've finally found http://www.pitorque.de/MisterGoodcat/post/Silverlight-5-Tidbits-Trusted-applications.aspx ... thanks for your information! awesome! — , Aug 28 '12 at 06:30
And yep - as long as you have GPO or manual cert-distribution you do not need to buy one ... :) — , Aug 28 '12 at 06:31

Rumplin · Accepted Answer · 2012-03-20T14:01:03.663

2

Go to your Certificates and find the tab Trusted Publishers, your certificate should be there

Every client should have the certificate there.

Once you checked this and can confirm that everyone has this certificate, you should run this registry (64bit):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Silverlight]
"AllowElevatedTrustAppsInBrowser"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Silverlight\Components]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Silverlight\Components\Debugging]

(32bit)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight]
"AllowElevatedTrustAppsInBrowser"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight\Components]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight\Components\Debugging]

Just save this into a .txt file and rename it to .reg and run it. This should fix your problem.

edited Mar 20 '12 at 14:01

answered Mar 20 '12 at 09:49

Rumplin

2,703
21
45

Thank for your comment. I indead have my certificate in this section. I used mmc to check this and in trusted publishers, I can see my certificate. It's still not working... any idea ? – Andy M Mar 20 '12 at 10:15
2

I updated my anwser with a registry patch I had to do on our intranet. – Rumplin Mar 20 '12 at 14:01
Thanks a lot again ! Unfortunately, still not working... Do I have to register my certificate on my dev machine ? Will it work only on a IIS Web Server ? I simply created my key following the tutorial, then I signed my xap file within Visual Studio and hit Ctrl+F5 to start my website... Then from another computer on my lan, I try to display my website, and therefore my xap file... The xap file starts but tells me I don't have the elevated rights... – Andy M Mar 20 '12 at 14:41
2

please loot at this demo: http://xamlgeek.net/2011/04/20/silverlight-5-elevated-trust-in-browser/ – Rumplin Mar 21 '12 at 06:58
When going in Visual Studio, properties of my Silverlight project, Tab "Signing" and clicking on the "More Details..." button, I get a warning displaying : "Windows does not have enough information to verify this certificate". How can I get rid of this ? Looks like that's the last thing to clear and it will work ! – Andy M Mar 22 '12 at 06:50
1

Well I do believe you have this problem: "The Security Certificate was issued by a company that is Not Trusted". So you need a certificate from a trusted source. – Rumplin Mar 22 '12 at 06:55
Thanks again for your help, I used another certificate delivered to me from my company network (probably from exchange) and it's indeed working... I've seen that there are autorithies in different countries that provide that kind of certificates... So, Do I absolutely need to buy a certificate ? – Andy M Mar 22 '12 at 08:35
1

I don't know, I work for a company that is a trusted certifcate publisher, I never tried any other certificate :) – Rumplin Mar 22 '12 at 08:52
Okay thanks, I'll keep you updated ! Many thanks for your help! – Andy M Mar 22 '12 at 09:05

silverlight 5 signing xap file

1 Answers1

Linked