|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Help How to add publisher condition ??Dear all,
What is the way to add a publisher condition in ALL_GROUP at machine level under Framework security. I have heard this is used to prevent to run unauthorize .NEt software on a machine. I wouzld like to test that stuff. Any good procedure to test this, as well as creating test certificate ? Thnaks for our info or links regards serge April 6, 2005
Hi Serge! I believe you mean All_Code. You can use the .Net Framework Configuration Tool, but you won't be able to realisticly use the publisher condition in the way you want. If you specify this for All_Code then all code that has not been signed with your Authenticode certificate will not be able to run. You are not allowed to sign assemblies that you do not own and developed yourself. There is no "shortcut" for blocking authorized code. The publisher condition would be better if you were deploying an assembly that your company created and it needed special permissions. I hope this helps and I hope you have a great day! Joseph MCAD Show quoteHide quote "serge calderara" wrote: > Dear all, > > What is the way to add a publisher condition in ALL_GROUP at machine level > under Framework security. > I have heard this is used to prevent to run unauthorize .NEt software on a > machine. > > I wouzld like to test that stuff. > Any good procedure to test this, as well as creating test certificate ? > > Thnaks for our info or links > regards > serge HI josepgh,
We are definitly everywhere :-) Yes I mean ALL_CODE The idea is that I would like to test how this stuff behaves by signing some of my test assembly and see by implementing that publisher certificated our they are working. I remember things as long as I have seen it working by myself, as most of us. So for this what is the procedure? Ok signing an assembly seems not a big deel with sgen.exe but how to generate this Authenticode certificate ?? regards serge Show quoteHide quote "Joseph MCAD" wrote: > > April 6, 2005 > > Hi Serge! I believe you mean All_Code. You can use the .Net Framework > Configuration Tool, but you won't be able to realisticly use the publisher > condition in the way you want. If you specify this for All_Code then all code > that has not been signed with your Authenticode certificate will not be able > to run. You are not allowed to sign assemblies that you do not own and > developed yourself. There is no "shortcut" for blocking authorized code. The > publisher condition would be better if you were deploying an assembly that > your company created and it needed special permissions. I hope this helps and > I hope you have a great day! > > > Joseph MCAD > > > > "serge calderara" wrote: > > > Dear all, > > > > What is the way to add a publisher condition in ALL_GROUP at machine level > > under Framework security. > > I have heard this is used to prevent to run unauthorize .NEt software on a > > machine. > > > > I wouzld like to test that stuff. > > Any good procedure to test this, as well as creating test certificate ? > > > > Thnaks for our info or links > > regards > > serge April 7, 2005
You have two options... 1) Obtain one from a CA like Verisign 2) Create a test one or for internal use To go with number... 1) Create a X.509 certificate 2) Package it into a .SPC file 3) Sign your assembly with the .SPC file ..Spc files are just collections of X.509 certificates, but they are what you need to sign your assembly. You need to use the following command line programs. Be sure to use the command prompt that came with Visual Studio 2003 so that you don't have to add these programs the the path varible. 1) MakeCert.exe 2) Cert2Spc.exe 3) SignCode.exe I haven't memorized the parameters for these programs, so I will copy them here from my security book... Makecert -n "CN=My Certificate" -sv MyPrivateKey.pvk MyNewCertName.cer You have to put the -n with the "CN=WhateverYouWant" format. You have to already have a private key to embed in the certificate. Cert2Spc MyNewCert.cer MyCompanyCerts.Spc Signcode is the tricky one... SignCode -spc MyCompanyCerts.spc -v MyPrivateKey.pvk -n "My Signed App" -$ individual -t http://timestamp.verisign.com/scripts/timestamp.dll MyTestApplication.exe I don't really know what all of those parameters are for, so if anybody else here know, I am sure we both would be interested! Hope this helps and have a great day! :-) Joseph MCAD Show quoteHide quote "serge calderara" <sergecalder***@discussions.microsoft.com> wrote in message news:43849AC7-0571-418E-88BD-EC9320DFCF95@microsoft.com... > HI josepgh, > We are definitly everywhere :-) > > Yes I mean ALL_CODE > The idea is that I would like to test how this stuff behaves by signing > some > of my test assembly and see by implementing that publisher certificated > our > they are working. I remember things as long as I have seen it working by > myself, as most of us. > > So for this what is the procedure? Ok signing an assembly seems not a big > deel with sgen.exe but how to generate this Authenticode certificate ?? > > regards > serge > > "Joseph MCAD" wrote: > >> >> April 6, 2005 >> >> Hi Serge! I believe you mean All_Code. You can use the .Net >> Framework >> Configuration Tool, but you won't be able to realisticly use the >> publisher >> condition in the way you want. If you specify this for All_Code then all >> code >> that has not been signed with your Authenticode certificate will not be >> able >> to run. You are not allowed to sign assemblies that you do not own and >> developed yourself. There is no "shortcut" for blocking authorized code. >> The >> publisher condition would be better if you were deploying an assembly >> that >> your company created and it needed special permissions. I hope this helps >> and >> I hope you have a great day! >> >> >> Joseph MCAD >> >> >> >> "serge calderara" wrote: >> >> > Dear all, >> > >> > What is the way to add a publisher condition in ALL_GROUP at machine >> > level >> > under Framework security. >> > I have heard this is used to prevent to run unauthorize .NEt software >> > on a >> > machine. >> > >> > I wouzld like to test that stuff. >> > Any good procedure to test this, as well as creating test certificate ? >> > >> > Thnaks for our info or links >> > regards >> > serge 
Other interesting topics
local admin security question
AzMan threading problems How to run aspnet with system account web application can not access event log Difference between VS2003 / VS20005 causes CRYPTO BAD DATA excepti Cannot Run Application on Windows Server 2003 Cannot run program from network drive Rijndael decryption succeeds SOMETIMES User's Privileges ?cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttri |
|||||||||||||||||||||||
