blog community
Alex van Beek » Silverlight 4: Digitally signing a XAP with Visual Studio 2010
Silverlight 4: Digitally signing a XAP with Visual Studio 2010

I’ve found multiple posts on the web explaining how to sign a XAP file, including this one. In Silverlight 4, a XAP file must be signed in order to let an out of browser application update itself and to show the user a more friendly installation dialog when installing an elevated trust application. The  process for digitally signing a  XAP file explained on the web, includes using a post build event in which “signtool.exe” is called. With the new Silverlight 4 RC2 tools for Visual Studio 2010, there is another way to sign your XAP file…

 

Signing your XAP file from Visual Studio 2010

As mentioned earlier, you need to install the new Silverlight 4 tools RC2 for Visual Studio 2010, which you can get here. Then you can create a new Silverlight 4 project. After creating the project, right click on the project in Visual Studio (the Silverlight project, not the Web project) and select "properties". This brings up the following screen:

 

image

Click on the “Signing” option, highlighted above. The screen changes to the following:

image

If you already have a certificate, you can use one of the “select” buttons to select it, after selecting the “Sign the Xap file” option. If you don’t have a certificate, you can use the “Create Test Certificate” button to get a test certificate for development purposes. After completing the wizard when the “Create Test Certificate” button is clicked, a new .pfx file is added to your project:

image

You can install this certificate in the "Trusted Root Certification Authorities" store by double clicking it from Windows explorer, for development purposes. You should remove it of course after you’re done with it. After installing it in the "Trusted Root Certification Authorities" store and enabling elevated trust on your Silverlight application, the installation dialog looks like this:

image

You can see on the image above that the certificate used to sign this XAP file, is trusted either directly or indirectly, because the dialog has a blue-ish color. Just for reference, here is the dialog if your XAP file isn’t signed or is signed but the certificate is not trusted:

image

The above yellow-ish dialog looks a lot more unfriendly of course :).

Posted 10-05-2010 8:47 by Alex van Beek
Filed under: , , ,

Comments

DotNetShoutout wrote Silverlight 4: Digitally signing a XAP with Visual Studio 2010 - Alex van Beek - blog community
on 10-05-2010 9:29

Thank you for submitting this cool story - Trackback from DotNetShoutout

DotNetKicks.com wrote Silverlight 4: Digitally signing a XAP with Visual Studio 2010
on 10-05-2010 9:30

You've been kicked (a good thing) - Trackback from DotNetKicks.com

Servefault.com wrote Silverlight 4: Digitally signing a XAP with Visual Studio 2010 - Alex van Beek
on 10-05-2010 9:32

Thank you for submitting this cool story - Trackback from Servefault.com

Community Blogs wrote Code signing certificates
on 05-07-2010 11:25

If you need to sign a piece of code - eg. a Silverlight application, like I did with Sesame , an EXE

Heath wrote re: Silverlight 4: Digitally signing a XAP with Visual Studio 2010
on 01-09-2010 3:09

Thank you, you made Tim Heur's post on this subject look archaic in comparison.  You rock!  Tim, why didn't you create a video on doing this, it would have saved me at least 2 hours.

Add a Comment

(required)  
(optional)
(required)  
Remember Me?
Enter code (required)
Powered by Community Server (Commercial Edition), by Telligent Systems