EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Silverlight 5 Elevated TElWinCertStorage

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#23108
Posted: 01/09/2013 15:45:09
by Luis Martinez (Basic support level)
Joined: 01/09/2013
Posts: 6

hi, we are testing SecureBlackBox in Silverlight, but when we try to instance the object "TElWinCertStorage" we get the problem in the image1 attached.

The second image2 show the configuration in silverlight.

I hope you can help me ..

regards

[code] if (!Application.Current.HasElevatedPermissions)
{
MessageBox.Show("No elevated permission set");
}
else{
SBPDF.Unit.Initialize();
SBPAdES.Unit.Initialize();
SBPDFSecurity.Unit.Initialize();
m_Handler = new TElPDFAdvancedPublicKeySecurityHandler();
certStorage = new TElWinCertStorage();
certStorage.StorageType = TSBStorageType.stSystem;
certStorage.AccessType = TSBStorageAccessType.atLocalMachine;
}
#23109
Posted: 01/10/2013 01:36:22
by Ken Ivanov (EldoS Corp.)

Luis,

Thank you for contacting us. I am afraid there are no images attached to the message. Could you re-post them please?
#23118
Posted: 01/10/2013 09:00:55
by Luis Martinez (Basic support level)
Joined: 01/09/2013
Posts: 6

Image 1


#23119
Posted: 01/10/2013 09:01:37
by Luis Martinez (Basic support level)
Joined: 01/09/2013
Posts: 6

Image 2


#23123
Posted: 01/10/2013 09:36:14
by Ken Ivanov (EldoS Corp.)

Luis,

Thank you for the details, now the pictures are all right.

Is the application you are development an in-browser or an out-of-browser one? Note that you should take extra care when running in-browser application with elevated permissions. We suggest that you have a look at this forum topic, which explains the details of configuring elevated Silverlight applications.
#23129
Posted: 01/10/2013 10:21:09
by Luis Martinez (Basic support level)
Joined: 01/09/2013
Posts: 6

Hello,

I've read the website and is summarized in the following steps:

1. Elevated trust for out-of-browser applications can be set at the project properties page (a check box on the 'out-of-browser settings' dialog, 'Silverlight' tab). This is enough.

2. Configuring an in-browser application is a bit more sophisticated task. The following steps should be taken:
- the corresponding checkbox must be switched on on a 'Silverlight' tab of the project properties,
- the XAP file and referenced third-party assemblies must be signed with a certificate, which should be added to the 'Trusted Publishers' system store,

the above two steps are enough for running and debugging in-browser applications originating from the 'localhost' address (and ONLY THEM). If you need to run/debug Silverlight applications residing on remote web sites OR LOCALLY (file:///...) you must perform an additional step:

- set the AllowElevatedTrustAppsInBrowser (DWORD) value of the HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\ registry key (use the relevant Wow6432Node key for 64 bit SL environments) to 0x00000001.

We already did those steps.. in the code we have the following validation ("if (!Application.Current.HasElevatedPermissions) ") checks to ensure whether the application is running as elevated or not.. When we run the application we see that says "Elevated = true", but when we try to instantiate the class "certStorage = new TElWinCertStorage();" It tells us that no elevated permissions..


- the XAP file and referenced third-party assemblies must be signed with a certificate, which should be added to the 'Trusted Publishers' system store..
We sign the XAP file, but We have to sign SecureBlackbox dlls? and how we do it ??

Regards
#23130
Posted: 01/10/2013 10:58:56
by Ken Ivanov (EldoS Corp.)

Although the application may run as elevated in general, untrusted assemblies may still cause it to fail. Please sign both your application's assemblies and all the referenced SecureBlackbox assemblies with a trusted certificate (that is, a certificate residing in the Trusted Root system store). This should resolve the problem.

You can use the .NET SignTool utility to sign assemblies with certificates.

And I assume that your application is an in-browser one, isn't it?
#23135
Posted: 01/10/2013 15:31:01
by Luis Martinez (Basic support level)
Joined: 01/09/2013
Posts: 6

Hello,

we signed the dlls "SecureBlackbox" but we still have the same problem. signed the dlls with the same certificate used to sign the XAP .. Then add the new Dlls signed to the project, but we still have the same problem on the same line of code "" ...

We're going crazy trying to implement the signing of PDF with silverlight ..

Is there anything else we can do?

yes the application is in-browser..

Regards
#23148
Posted: 01/14/2013 00:59:25
by Ken Ivanov (EldoS Corp.)

Luis,

Signing the assemblies is only a partial requirement - it is also vital that the signing certificate appears in the 'Trusted Publishers' system store. Have you installed the signing certificate in that store?

On the other hand, is it a requirement for your application to use system certificates when signing PDFs - i.e. maybe it makes sense to remove TElWinCertStorage from your application at all? Note that you will have to ask all users of your application to install the certificate that signs the assemblies to their Trusted Publishers stores to make the application work in browser.
#23193
Posted: 01/15/2013 10:16:55
by Luis Martinez (Basic support level)
Joined: 01/09/2013
Posts: 6

hello,
yes, we understand that we have to copy the certificate to each user's computer, that's no problem.

The problem is that the code at runtime does not work ..

This problem occurs as you can see from the development machine, this machine already has certificates in the 'Trusted Publishers' and 'Trusted Root Certification Authorities' in 'My User account' and 'Computer Account', but still does not work. .
We are very interested in acquiring licenses SecureBlackbox, but we need the application to work ..

The purchase licenses depends on the success of these tests

We really need all the help possible..

Regards
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 2631 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!