.NET 发行商证书
我正在使用一本学习 .NET 认证的书,但我对出版商证书的问题感到困惑。
背景:
Windows Vista Home Basic SP2 视觉工作室2008 .NET 3.5 SP1
目标:
编写一个简单的 C# 控制台应用程序,该应用程序有权读取由应用程序证书确定的特定文本文件。
症状:
尽管将 Nothing 权限集分配给受应用程序证书限制的代码组,但我仍能够读取该文件。
采取的步骤:
- 编写 C# 控制台应用程序,使用 StreamReader 读取文件并将其输出到控制台。该应用程序按预期工作。
- 在应用程序的属性上,我使用“签名”选项卡,将“签署 ClickOnce 清单”复选框设置为“开”,单击“创建测试证书”按钮,然后输入密码。
- 接下来,我单击“更多详细信息”按钮,导航到“详细信息”选项卡,选择“公钥”行,然后单击“复制到文件”按钮。
- 在证书导出向导中,我选择不导出私钥,选择 DER 编码的二进制 X.509 格式,并提供 .CER 文件的路径。
- 接下来我重建了该应用程序。
- 我打开了.NET Framework 2.0 配置工具。
- 我导航到“我的电脑”>“运行时安全>机器>代码组> All_Code
- 右键单击 All_Code,然后选择新建以开始创建代码组向导。
- 为新代码组命名,然后选择发布者条件类型。
- 单击“从证书文件导入”按钮,然后选择新创建的 .CER 文件。
- 接下来我选择了Nothing 权限集。
- 运行应用程序(现在应该是新代码组的成员)时,它仍然可以正常工作。我希望如果它是 Nothing 权限集的成员,则它无法读取该文件。
感谢您提供的任何见解。我可能遗漏了一个小细节。我想知道这是否与使用 Vista Home Basic 有关。
I'm using a book for studying for .NET certification, and I'm stumped on the issue of publisher certificates.
Background:
Windows Vista Home Basic SP2
Visual Studio 2008
.NET 3.5 SP1
Goal:
Write a simple C# console application that has its permission to read from a specific text file determined by the application's certificate.
Symptoms:
I am able to read from the file despite assigning the Nothing permission set to the code group that is conditioned by the application's certificate.
Steps taken:
- Wrote C# console application that uses StreamReader to read the file and output to the console. The application works as expected.
- On the application's properties, I used the Signing tab, set ON the checkbox for "Sign the ClickOnce manifest", clicked the Create Test Certificate button, and entered passwords.
- Next, I clicked the More Details button, navigated to the Details tab, selected the Public Key row, and clicked the Copy to File button.
- In the Certificate Export Wizard, I chose not to export the private key, chose the DER encoded binary X.509 format, and provided the path of the .CER file.
- Next I rebuilt the application.
- I opened the .NET Framework 2.0 Configuration tool.
- I navigated to My Computer > Runtime Security > Machine > Code Groups > All_Code
- Right clicked All_Code, and selected New to begin the Create Code Group wizard.
- Gave the new code group a name, then selected the Publisher condition type.
- Clicked the Import from Certificate File button, then selected the newly created .CER file.
- Next I selected the Nothing permission set.
- When running the application, which should now be a member of the new code group, it still works the same. I would expect that if it's a member of the Nothing permission set that it couldn't read the file.
Thanks for any insight you can provide. I'm probably missing one little detail. I wonder if this has anything to do with using Vista Home Basic.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的应用程序可以在没有任何证书的情况下读取相关文件吗?
向一组现有权限添加任何内容不会有太大变化。
Can your application read the file in question w/o any certificate?
Adding Nothing to a set of existing permissions won't change much.