ClickOnce refusing to launch, claiming the application is unsigned - c#

Background: ClickOnce app that is bundled with the web server of an embedded device. Customers access the web interface, like you would access your router's configuration pages, and hit a button there to launch the ClickOnce app.
Problem: One customer claims he is getting signing error "Cannot continue. The application is improperly formatted. Contact the application publisher for assistance." And in the details, "Your Web browser settings do not allow you to run unsigned applications." This happens before ClickOnce even gets to the part where it downloads the app. Just click the "launch" button and the error is immediately thrown. Customer is running Windows XP and IE8.
The application and deployment manifests are both signed with our VeriSign Class 3 Code Signing certificate. I have check and retested a dozen times with different IE settings, and every time it downloads the application, successfully verifies, and launches. We've had him reflash his device and same thing. No one else has this problem, just him, so I can only conclude that there is nothing wrong with the manifests or their signatures.
His IT department is freakish about security so I strongly suspect that he has some IE settings interfering with ClickOnce, either trying to enforce stricter signing requirements, or blocking it altogether. What could be causing this? Are there some group policies somewhere that are maybe shutting him down?

Try clearing the browser cache.

Go to Internet Options -> Advanced, then click Reset...

For me worked check in Internet Options -> Advanced -> "Allow Software to run or install even if the signature is invalid"

Related

Xamarin.Mac - Issue submitting to Mac App Store

We are in the process of submitting our app for the Mac App Store. I get the following email from Apple when submitting to the store:
Dear developer,
We have discovered one or more issues with your recent delivery for "YourApp". To process your delivery, the following issues must be corrected:
App sandbox not enabled - The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list. Refer to the App Sandbox page for more information on sandboxing your app.
• YourApp.app/Contents/MacOS/YourApp
Once these issues have been corrected, go to the Version Details page and click "Ready to Upload Binary." Continue through the submission process until the app status is "Waiting for Upload." You can then deliver the corrected binary.
Under Project Options->Mac OS X Application, I have:
Enable Entitlements – checked
Some iCloud stuff auto-filled out
Enable App Sandboxing – checked
Allow outgoing network connections – checked
Under Mac OS X Packaging – I manually selected an App Store distribution certificate as well.
To submit, I’ve been using Build->Archive and submitting from inside XCode. If I “validate” inside XCode, there are no errors.
Any ideas?
Sent this issue to Xamarin Support, and they figured it out.
They send me a new version of Xamarin to install that fixed the issue.
Should be an update soon if other people have this issue.

How to prevent application being marked as suspicious

I have a .NET application written in C# using Visual Studio 2012. I'm promoting the application through my own website and have it available for download. When downloading it in Chrome I get a message stating that my application is "not commonly downloaded and could be dangerous". Additionally, when I download my own application and execute it Avast sees it as suspicious and wants to run it in the sandbox.
Is there anyway I can prevent this from happening (without purchasing a certificate for signing)? I don't want potential users to run into this issue.
Edit: I am not doing anything malicious or using any hooks in my application. The application is just a small simple tool as you can see here.
Either you code-sign the App or you wait until a few thousands of people download your App, install it, not report it as garbage and then you get good-will grant from providers.
Even if your application is signed with a certificate issued by one of the CA's participating in Microsoft's Trusted Root Certificate Authority program, it could still face some issues unless you use an EV Authenticode code signing certificate and/or continue to renew the same certificate in perpetuity. See "IE9 SmartScreen Warning, Despite Following All Recommendations" for an example. In short, you're paying for reputation as a software publisher.

Silverlight 5 with elevated privileges in browser using clientaccesspolicy.xml

I am trying to get my silverlight application running with elevated privileges in browser. However, no matter what I do, it doesnt get elevated.
I have tried to add registry key AllowElevatedTrustAppsInBrowser (as DWORD with value 1), and signed the XAP file using VS 2012. I also came across a blog that mentioned the clientaccesspolicy.xml file, but I was not able to allow elevated privileges with this either. I put the xml file inside the web project hosting the html file that displays the XAP.
Has anyone actually managed to get this to run?
I also tried following this: http://mtaulty.com/CommunityServer/blogs/mike_taultys_blog/archive/2011/04/27/silverlight-5-beta-rough-notes-trusted-apps-in-the-browser.aspx but im unsure about where to run the commands he runs on windows.
There is a good summary on how to enable in-browser elevated trust by Mister Goodcat here, where he also provides some troubleshooting tips:
One thing to keep in mind is that even if your application runs as trusted in-browser app, it is still subject to the security restrictions the browser itself imposes. That means that its possibilities may be much more restricted than if they ran out of browser, for example by Internet Explorer's Protected Mode. In addition, the Silverlight runtime itself restricts use of certain features for in-browser trusted apps, for example you cannot use the Window class and/or create additional windows when you're running in the browser.
If none of the above applies to you and you still run into problems, one thing to do is check whether your certificate(s) have been installed correctly. There's a snap-in for the management console for this. Here is an article that describes how to get there (note that you should add a snap-in for your user account, not the computer account as in this description).
You can also check whether your registry key is actually and successfully queried, for example by using a tool like Process Monitor from the Sysinternals Suite. Watch for operations of type "ReqQueryValue" of your browser executable that access the key we created above, and make sure the Result is "SUCCESS".

Run .exe on client system from server-side c# code

I want to run an exe on client system from my c# asp.net website. When I use Process.Start()
it throws an error:
The requested operation requires elevation.
How do I set permissions to run that exe?
You can't spawn processes on the client machine from server-side code.
When you use Process.Start in server-side code, it is attempting to execute the process there, on the server where the website is hosted. If you wanted to create processes on the clients computer then you would need to expose a download for them (and not in employing subterfuge, like malign sites might do to install software - supply it gracefully, and normally (and with permission)), or a Silverlight application or something along those lines.
The bottom line is that the code you want to execute (even if that is just to spawn a process) must reside on the client, and be executed there.
You can't run an application from a web server like that. You will have to have the user download the application by supplying the EXE, a setup file or using ClickOnce.
Or you can develop an ActiveX control that you can have the browser automatically download from a Trusted Internet Zone.
Once downloaded, proper signing with a certificate (signed from the trusted (corporate) root certificate) will avoid the user getting a prompt to ask whether he wishes to allow the ActiveX control to install/be activated -
The ActiveX control can subsequently do anything the interactively logged on user could. This means that to actually install a program you'd need to elevate (UAC on Vista+); But if the goal was just to run a standalone executable, you should be good to go.
This all assumes white-hat purposes in a (larger) corporate setting, because it relies on PKI infrastructure and central browser policies, to name just two.**
This would, really, lead to some excellent questions on serverfault or superuser
I noticed you said you wanted to run an exe file on the client, but you didn't say explicitly that the exe is on the server and you want to push it to the client. Everyone seems to be assuming that is the case.
You CAN accomplish this fairly easily with a small JavaScript if you have a few prerequisites:
The executable is already present on the client machine.
All of your clients are running IE
You can enforce a policy to put your site in the Intranet or Trusted
Sites zone.
So basically this means it's a corporate intranet application. I am assuming this is probably the case since, well, if you were expecting to do this with a public app, I would be surprised.
For the script to accomplish this, please see my answer to this question:
How can I get a program on a client machine to run from an ASP.NET page?

Can't get my .Net Console App to run on a Server "The Publisher Could Not Be Verified"

I've written a simple C# console app that gets executed by SQL Server Integration Services as part of a datawarehouse load (on Windows Server 2003).
Unfortunately the step that calls the .exe is failing because a Open File security warning dialog "The Publisher Could Not Be Verified. Are you sure you want to run this software" is shown.
I think I need to sign my console app, but this seems a little overkill for an internal application. Can I sign it without having to get an externally recognised certificate?
Thanks.
Yes, signing is easy, Just look up Project|Options|Signing. The combobox will let you pick a key-file or create one. It is always a good idea.
But signing may not be enough, the server may impose stricter rules so that you will need a certificate. I'm not 100% sure but you may be abkle to create your own and tell the server to trust it.
But try the signing first.

Categories