• Article

Exercise 2 - Signing a XAP Assembly and Performing Silent Installations

The introduction of elevated trust out-of-browser applications in Silverlight 4 will enable developers to push the limits of what was previously capable in the plug-in and take advantage of platform privileges that are in-accessible to sandboxed Silverlight apps. Along with this privilege comes more risk for an application to do harm to an end user’s machine. XAP signing is introduced to offer protection from and educate end user’s on applications that may be potentially harmful.

XAP signing reassures end users of the authenticity of an application’s publisher and that the code has not been tampered with.  It has an effect on the app install experience and restricts the scenarios for update of elevated trust applications. Upon installation of an elevated trust application end user’s will be presented with dialogs as shown in Figure 4 and Figure 5.

Figure 4

Unverified Publisher Install Dialog

Figure 5

Verified Publisher Install Dialog

A XAP can be signed post-build using the SignTool.exe command line tool which is present in the Windows SDK, as part of Visual Studio 2010 and a handful of other packages. XAPs must be signed using code signing certificates.

In addition to XAP signing, Silverlight out-of-browser applications can also be installed silently using sllauncher.exe. This allows applications to be installed using a .bat file or from a CD or DVD. We'll create a silent installer .bat file in Task 2 of this exercise.

Task 1 – Signing a XAP File

In this task you'll go through the process of signing a XAP file using the SignTool.exe command line tool.

  1. Locate the Visual Studio Command Prompt by going to Start All Programs Visual Studio 2010 Visual Studio Tools Visual Studio Command Prompt.
  2. Right-click on Visual Studio Command Prompt and select Run as administrator.
  3. Type the following into the command window and then press [Enter] to go back to the root of the c drive:
  4. cd \
  5. Type the following into the command window and press [Enter] to create a self-signed root certificate using makecert.exe. If you get any type of arguments error after hitting [Enter] double-check what you typed against the text below.
  6. makecert –n “CN=My Root Certificate Authority” –r –a sha1–sr LocalMachine –sky signature –sv OOBRootCA.pvk OOBRootCA.cer
  7. When prompted for a password use P@ssw0rd. You'll be prompted to enter the password a few times – enter the same password each time.
  8. Type the following into the command window and press [Enter] to create a child certificate that can be used for code signing. It will be signed by the root certificate created earlier.
  9. makecert -sv OOBCodeSigningCA.pvk -iv OOBRootCA.pvk -n "CN=OOB Code Signing CA" -ic OOBRootCA.cer OOBCodeSigningCA.cer
  10. Enter P@ssw0rd for the password when prompted.
  11. Generate a PFX file (contains the password and the private key in one file for convenience). Note that the same password entered earlier is used. Enter the following into the command window and press [Enter]:
  12. pvk2pfx –pvk OOBCodeSigningCA.pvk –spc OOBCodeSigningCA.cer –pfx OOBCodeSigningCA.pfx –po P@ssw0rd
  13. Enter P@ssw0rd for the password when prompted.
  14. Copy all of the certificate files that were generated from the root c:\ folder to the lab's Ex02\begin\OOBWindows.Web\ClientBin folder.
  15. Navigate to the Ex02\begin\OOBWindows.Web\ClientBin folder in the Visual Studio Command Prompt window (example command syntax: cd [Lab Folder Path]\Source\Ex02\begin\OOBWindows.Web\ClientBin).
  16. Type the following into the command window and press [Enter] to sign the XAP file:
  17. signtool sign /v /f OOBCodeSigningCA.pfx /p P@ssw0rd OOBWindows.xap

  18. If the XAP was successfully signed you'll see verbiage similar to the following in the command window.

    Figure 6

    Signing a XAP using signtool.exe

Task 2 – Performing a Silent Installation

In this task you will create a .bat file that can be used to perform a silent installation using sllauncher.exe. Silent installs are useful for installing a Silverlight application directly on a machine using a .bat file or from a CD or DVD.

  1. Open Windows Explorer and navigate to the lab's Source\Ex02\begin\OOBWindows.Web\ClientBin folder.
  2. Right-click in the ClientBin folder and select New Text Document from the menu. Name the document SilentInstaller.bat.
  3. Start Visual Studio 2010 (close the existing solution if one is already open).
  4. On the File menu click OpenProject/Solution…
    1. Alternatively, from Visual Studio Start Page click “Open Project…
  5. At the “Open Project” dialog navigate to the Lab folder
  6. Navigate to “Source\Ex02\begin” folder
  7. Click the “OOBWindows.sln” file and then click the “Open” button
  8. Right-click the OOBWindows.Web project and select "Start as Startup Project" from the menu.
  9. Press F5 to run the project.
  10. Once the browser loads, note the port number that is being used in the URL.
  11. Go back to Windows Explorer, right-click on SilentInstaller.bat, and select Edit from the menu.
  12. Enter the following into the SilentInstaller.bat file and save the file when done. Adjust the /install switch path to point to the location of the OOBWindows.xap file and the URL defined using the /origin switch to use the port where your XAP file is hosted when the application is run in the browser.
  13. "C:\Program Files\Microsoft Silverlight\sllauncher.exe" /install:"C:\[Path to Lab Folder]\Source\Ex02\end\OOBWindows.Web\ClientBin\OOBWindows.xap" /origin:"https://localhost:49786/ClientBin/OOBWindows.xap" /shortcut:desktop+startmenu /overwrite
  14. Click the SilentInstaller.bat file in Windows Explorer to execute it. The OOBWindows application should be installed and an icon for it should show on the desktop.

< previous | next >

Contents