Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
When you create an elevated trust application, it is granted more privileges on the local computer. This presents a dilemma to your users. Should they trust you and your application? To help them make that decision, Microsoft shows them one of two dialogs. The yellow dialog, which signifies a riskier choice, is the default elevated trust prompt. As you can see, it asks the question at the top, "The publisher could not be verified. Are you sure that you want to install this application?" And then in the Publisher section, it says Unverified.
This is to show the user that they should think twice about clicking the Install button. The blue dialog is shown to the user if you digitally sign your XAP file. Just a reminder, XAP files are usually pronounced ZAP files. When you look at the blue dialog, you can see that it's more friendly. It says "Do you want to install this application," and then in the Publisher section, it shows Fourth Copy Corp. and also it shows a logo from the company. In order to sign your XAP file, you must acquire a signing certificate.
So, what exactly is a certificate? A certificate is supposed to prove to your end user that you have done a few things. One, your company has gone through a vetting process, that you have purchased that certificate from a valid vendor, and the code has not been altered since it was digitally signed. In the Windows operating system, certificates are known as Authenticode. A certificate is always signed by a public and a private key. Somewhere in the certificate chain is a trusted certificate authority, sometimes called a CA.
They provide a public key and you then buy a private key from them. When a browser goes to a site that has a signed Silverlight application, it traces the authority back through the certificate authority to see if it is a valid certificate, and then it shows either the yellow dialog or the blue dialog to the user, based on whether it can verify that that certificate is valid. There are a few certificate vendors out there. I've listed the main ones on this page. When I talk about certificates, I usually get asked these questions.
How long will it take to get certified? In my experience, it takes about two days to go through the certification process. The cost of a certificate ranges anywhere from $100 up to around $400. When you buy the certificate, you pick the expiration date. You can pick a 1-year or a 2-year certificate. The default is usually 1-year. It might be that you don't want to purchase a certificate. In that case, you can create what's called a testing certificate. That will work on your developer computer but it won't be usable on a real web site.
There are several tools for making those testing certificates. I'm going to show you the one that's inside Visual Studio 2010, and let's see how to do that. I'm going to switch to Visual Studio. I have this project opened called SigningTheXap. It's a normal out-of-browser application. Let's verify that. We'll go to Silverlight. It's an out-of-browser app, and I'm going to click on the Out-of-Browser Settings button and make sure that it's required elevated trust. It is. And when I run the application-- press F5--you'll see the yellow dialog when I go to install it.
Okay, now I want to digitally sign the certificate. It's a convoluted process to create these certificates. I've got a folder full of batch files that shows you how to do that. I'm going to go to Windows Explorer and I'm going to go to this folder called Bat Files. There are four different certificates in here and each one of them is one of the steps in creating a certificate. Let's take a look at this first one. Here's the MakeCert command and a bunch of parameters. I'm not going to spend the time in this movie talking about the details because Visual Studio makes it much easier for you to create the testing certificate.
If you are interested, there are four different bat files for you to look at. I'll return to Visual Studio, and here is how I would create a testing certificate in Visual Studio. I'm going to go to the Signings tab and then I'm going to click the Sign the XAP File. Next, if I had purchased a certificate, I would've installed it on this computer. I would then go to Select from Store, and I would pick my certificate from this list. I don't have a certificate yet, so I'm going to click on Cancel. And then I'm going to come down here and click the Create Test Certificate button.
I have to provide a password. Be sure and choose one that you'll remember, like so. And now when I go Select from Store you'll see that it's added this certificate from my computer and my logon credentials. It's also created this pfx file inside the project, and if I want to, I can click in this More Details to read about the certificate. It gives me the information. It says, "This is not a trusted certificate." It can't find a valid CA Root certificate.
It gives me more details about the serial number and things like that. If I close this and go out to Internet Explorer, which I'll have to launch, here's Internet Explorer. In Internet Explorer, I can go to Tools > Internet Options > Content > Certificates and see all of the installed certificates through the browser configuration. I've got my certificate. Now I'm ready to build the application. Close these dialogs and return back to Visual Studio, and at this point all I need to do is re-build the application.
Let's choose Build or Ctrl+Shift+B or however you like to compile the application, and then you can press F5 and Install. Now, due to the quirks of working with the browser cache, you may not see your certificate update immediately upon signing the XAP file. Trust me though, it does work. Check out the other movies in this chapter to see more features on the elevated trust applications.
Get unlimited access to all courses for just $25/month.Become a member