Add a new code group based on a .snk file by using the caspol command line
For one of my projects, I needed to be able to give the FullTrust permission to my smart client applications. Since all the applications created at the client are signed using the same strong name key, I've used this to set up the security requirements.
Normally I would use the ".NET Framework 2.0 Configuration" but not all the user's have the .NET Framework SDK installed (which includes the configuration tool), I used the caspol.exe command line to set the security permissions.
Since it took me quiet some time to get all the parameters right, I thought to give you a head start by posting the commands.
Steps to follow to add a new code group that gives fulltrust to all applications signed by a given snk file. In order to add the strong name to the security policies, you either need to have a signed dll/exe or the snk file. The below sample uses an .snk file.
- Extract the public key from the .snk file (in this case Sample.snk) by using the sn.exe tool:
sn -p sample.snk sample.pk
Open HxD.exeOpen the sample.pk file and copy the hex value.
3. The following command creates the new key in the machine security policy:
caspol -machine -addgroup 1 -strong -hex "0024000004800000940000000602000000240000525341310004000001000100DDEEAD8B27321D3FB0E872FABDFA62627CCA03864AF3F7A19C6D978788F5DCD89BEFD1B897BAC5C74253091FB6747E2723D5239B802F074B1AC930A9C187D52FCF3ED65AF467F4F656F392CF5E6E2FF69071C398EA931B2EB862F6CE832350B24A6524F06F9F5F630A2B00B30F59A87BC847989D2D09DDD7A49BE92FE2EFB5B2" -noname -noversion FullTrust -name "Code Group Name" -description "Code Group Description" -exclusive on
The hex key can not contain any spaces or carriage returns so you need to remove them from the copied result.
References:
1 comments:
to get the public key use this command:
sn.exe -tp _YOURpubKEY.pub_
Post a Comment