我的问题是:如何阻止我的 .NET 1.1 应用程序在无法访问 Internet 的环境中尝试验证数字签名?
我的问题的背景:
我在客户处安装了一个基于.NET 1.1 SP1 的产品。客户站点无法访问 Internet。这会导致应用程序启动延迟,在某些情况下会导致我的 Windows 服务因超时而无法启动。
启动时的延迟似乎是由应用程序尝试验证数字签名引起的。这在其他帖子中有详细记录,正常答案是在 app.config 文件中包含generatePublisherEvidence = false,如此处记录http://support.microsoft.com/kb/936707
似乎使用generatePublisherEvidence = false对.NET 1.1应用程序没有任何影响,这似乎与MSDN一致(http://msdn .microsoft.com/en-us/library/0kk0kk35(VS.71).aspx 没有提及该元素)以及我上面提到的针对 .NET 2.0 应用程序发布的修补程序。
我向客户发布的下一个版本将基于 .NET 3.5 SP1 构建,并且在该版本的 .NET 框架上使用generatePublisherEvidence 没有任何问题,但我目前无法简单地将客户更改为该版本 - 我仍坚持使用 .NET 1.1 SP1 - 所以我正在寻找一个答案,而不是简单地使用更高版本的 .NET 框架。
My question is this: How can I stop my .NET 1.1 application from trying to verify the digital signature in an environment where there is no access to the Internet?
Background to my question:
I have a product installed at a customer which is based on .NET 1.1 SP1. The customer site has no access to the Internet. This causes a delay in application startup which in some cases causes my Windows services to fail to start because they time out.
The delay when starting appears to be caused by the app attempting to verify the digital signature. This is well documented in other posts and the normal answer is to include generatePublisherEvidence=false in the app.config file, as documented here http://support.microsoft.com/kb/936707
It seems that using generatePublisherEvidence=false doesn't make any difference to .NET 1.1 apps, which seems to agree with MSDN (http://msdn.microsoft.com/en-us/library/0kk0kk35(VS.71).aspx does not mention the element) and with the hotfix I mentioned above, which was released for .NET 2.0 apps.
My next release to the customer will be built on .NET 3.5 SP1 and I have no problems with using generatePublisherEvidence on that version of the .NET framework, but I currently cannot simply change the customer to that release - I am stuck with .NET 1.1 SP1 - so I'm looking for an answer other than to simply use a later version of the .NET framework.
发布评论
评论(1)
我今天刚刚为供应商提供的应用程序解决了这个问题。我假设他们的应用程序是用 .net 编写的,但我没有确认。由于该子网无法访问 Internet,因此我从具有静态地址的本地计算机上的 TCP/IP 设置中删除了 DNS 服务器条目。对于 DHCP 提供的地址,我从 DHCP 范围中删除了 DNS 服务器选项 (006)。
I just solved this for a vendor-supplied application today. I assume that their application was written in .net, but I did not confirm. Since the subnet did not have internet access, I removed the DNS server entry from the TCP/IP settings on the local computers that have static addresses. For addresses supplied by DHCP, I removed the DNS server option (006) from the DHCP scope.