3

So this is a Visual Studio 2008, .NET, WPF, XBAP, Windows 7 question, regarding .NET trust policies.

At work, we have several Web Browser Applications (.XBAP files) developed with Visual Studio 2008 (so .NET 3.5) that we deployed internally. These required a .NET FullTrust policy, we found a way to make a .MSI that adjusted the policy on individual stations, everything worked great. Users love in-browser apps.

This was last year and on Windows XP. This year our company started upgrading users to Windows 7, and now none of our Web Browser Applications work. The error message is "Trust Not Granted", as if the policy-changing .MSI had not been run.

Other details: I can confirm that our apps work on Windows XP for Internet Explorer 7 and Firefox, and do not work on Windows 7 for Internet Explorer 8 nor Firefox.

I must admit that .NET security policies mystify me. Still, I could not find any mention of this problem on the Net at large or on this site.

Did anybody else encounter this problem? Any and all help welcome.

Benoit J. Girard
  • 33
  • 5
  • possible duplicate of [How do I run a Full Trust XBAP on intranet?](http://stackoverflow.com/questions/654392/how-do-i-run-a-full-trust-xbap-on-intranet) – Hans Passant May 28 '10 at 01:24
  • Not a duplicate - the method described in that post no longer works on Windows 7; that is exactly the source of my problem. I have yet to try the "really complicated method of installing certificates on the target machine" also mentioned, but what I really want is to get the "simple" method to work on Windows 7! – Benoit J. Girard May 28 '10 at 01:35
  • I don't see what ClickOnce has to do with it with Web Browser Applications or security policies. Could you elaborate? – Benoit J. Girard May 28 '10 at 13:51
  • I assume you've read http://msdn.microsoft.com/en-us/library/aa970910.aspx – Daniel Moore Jan 12 '11 at 15:31

1 Answers1

1

We've encountered this exact problem. Fixing this requires signing your click-once manifest with a a code-signing certificate, preferably a VeriSign certificate. You could probably also create your own certificate and then add it to the "Trusted Root Certificate Authorities" on your client machines, or create it with your own Certificate Authority. Once signed, you will need to import the public key for your certificate into the "Trusted Publishers" store on the client machines.

Bob Wintemberg
  • 3,212
  • 6
  • 34
  • 44