I have developed an application that needs DLLs to run that go with it and I need the application to be Win 10 S compatible. When I run the application (EncLock) in Win 10 S mode (using test policies described here: https://learn.microsoft.com/en-us/windows/msix/desktop/desktop-to-uwp-test-windows-s) I get Code Integrity event logs
EncLock.exe attempted to load some.dll that did not meet the Custom 1 signing level requirements or violated code integrity policy (Policy ID:{a244370e-44c9-4c06-b551-f6016e563076}).
I have the app associated with the Microsoft app store and I do have the StoreKey.pfx which I used to Digitally Sign all the DLLs involved and the EXE. However, when I install the app on my local machine and run it while running the Win 10 S test Audit mode policy I am still getting the ...did not meet the Custom 1 signing level requirements... events in the Event Logger.
Any help would be appreciated.
I had to purchase a signing certificate to sign all the executables of EncLock including the DLLs shipped with it. Had to purchase the signing cert from one of the companies Microsoft trusts. There are a few of them but I went with Comodo. Only then was EncLock accepted on Microsoft app store.
Related
The desktop application I am developing (C#/.NET, WPF) uses a feature which requires connection to IMAP- and SMTP servers of the user. I am using a package called MailKit for this. Some of our users are using Microsoft365 and will require modern authentication in the future, as opposed to the basic authentication they are using right now. This is supported by MailKit and I am able to authenticate using OAuth2.0.
However, this requires a client secret, which expires after a certain amount of time (e.g. two years) after creation in Azure. This client secret is compiled with the application, after which the application is distributed. Does this mean the users need to update their installation at least every two years, so I can supply a new client secret? This is undesirable to our users. The best solution for me would be if I could refresh expired client secrets without the user having to perform any action.
Perhaps its a good idea to force the users to upgrade the software after two years? Like forcing them to buy an upgrade (business opportunity) or as a way to distribute fixes and updates to the application?
Most applications today you do update at least every year?
As per the document, the following conditions should be met in order to retrieve network info:
The app uses Core Location, and has the user’s authorization to use
location information.
The app uses the NEHotspotConfiguration API to
configure the current Wi-Fi network.
The app has an active VPN
configuration installed.
The app has an active NEDNSSettingsManager
configuration installed.
In our case, the application relies on point 3 i.e installed VPN profile. But, I observed that CNCopyCurrentNetworkInfo always returns null even though a VPN profile is configured. This works fine with iOS 14.x versions.
I also tried using fetchCurrentWithCompletionHandler API. But, ended up with the same result.
Any help/lead would be highly appreciated.
Thanks in advance.
My organization set up Cloud SQL as the default for Google App Maker about one month ago. In the last week, we have been unable to preview or publish apps that use Cloud SQL data sources, including the sample applications which worked perfectly before. The failure occurs during the authorization process. When previewing or publishing an app, Google App Maker displays a dialog stating "Deploying this app requires authorization". Next it prompts the user for their Google account and then requests approval for the necessary authorizations (e.g., "Manage the data in your Google SQL Service instances"). After approving the authorization, the prompts to authorize begin over with the dialog stating "Deploying this app requires authorization".
Observations:
We have repeated this problem on multiple different computers, networks, and four different user accounts.
In the SQL cloud console, our Cloud SQL instance shows new databases being created for each app along with new database-specific user accounts
All of the databases appear as expected when I log directly into the Cloud SQL database using phpMyAdmin
Other apps which don't use a Cloud SQL datasource work fine, including an app that uses a calculated data source which is hosted in the same Cloud SQL instance
The only errors in the Stack driver logs for the Cloud SQL database showed "INFO" level communication errors with the database (aborted connection...Got an error reading communication packets)
I'm unable to find Stack driver logs for the apps because I cannot preview or publish them (either option would provide a link to the Stack driver logs)
There are now approximately 20 databases in our SQL instance (mostly associated with simple app tests) and we have only used 1 GB of 10 GB of space in our SQL instance
I haven't seen any related problems on the Google Issue Tracker for Google App Maker
I'd appreciate any help or suggestions on what to check in order to resolve this issue.
I posted an issue to Google Issue Tracker and Google corrected the problem. They also provided a workaround if this problem happens again.
Here is the response from the Google development team posted on Google Issue Tracker: https://issuetracker.google.com/issues/145345198
It's great to hear your up and working again! We are aware of this issue and are working through a longer term fix. The specific bug appears to be related to some changes made in the Google Cloud session policy control that may have rolled out to your domain recently interacting with AppMaker in a way that was not expected. We've spent time diagnosing the underlying issue and we beleive we know the root cause. I suspect your domain admin did a version of the workaround below.
Without getting too far into the details, the specific bug is that for a Deployer of an AppMaker application, if the Google Cloud Session policy is set with any expiration time, the returned token AppMaker sees is invalid, triggering a loop in AppMaker trying to generate a valid security token. Historically, these session tokens never expired but recently there was beta feature launch that allowed domain admins to set them to expire. We strongly suspect your domain recently set this expiration policy explicitly and that's what is causing the bug.
The good news is that these policies are overridable per Organizational Unit and we have tested that OUs which have the original classic Never Expire setting do, in fact, allow AppMaker to work.
My suspicion is that your domain admin has reverted recent, local changes to your organizational policy under the admin.google.com console, specifically under Security > Google Cloud session control (Beta).
If this happens again, here the workaround we would recommend. Note you don't need to do this if you're currently up and working. You will need the help of someone with admin.gogole.com powers, specifically User and Organizational Unit powers at your organization. It is a slight increase in security risk but it restores some classic behavior that was standard until recently.
The summary of the workaround is to override the Google Cloud session control expiration setting such that individuals who need access to AppMaker deployments can have it. To mitigate systemic security risk, this is best done by creating a limited purpose Organizational Unit with just that setting different than the parent OU settings.
The workaround is to:
Contact someone in your domain with Admin powers for your Google for Business license.
Have your admin proceed to https://admin.google.com. The actions below need to be performed by a domain admin.
Under the Users section, identify the specific user account that needs the ability to deploy AppMaker Apps.
Identify the Organizational Unit of that Appmaker dev user and make a note of it.
Under the Organization Units settings, locate the Organization Unit you identified above.
Create a new Organization Unit underneath that user's current Organizational Unit with some descriptive identifying it as special w.r.t AppMaker. So for Developers, make something like DevelopersWhoAreAlsoAppMakerDevs.
Back under the Users tab, locate the user from step 3. Move this user into the new Organizational Unit you've just created. This change can take a while to propagate.
-Interlude- At this point, you've made a new Organizational Unit for just that individual and added them to it. You can certainly add multiple people to that OU, especially if they're already in the same parent OU. Use your discretion as to what amount of Organizational rework you wish to pursue. You may not be using OUs at all or you may decide to just turn off this control for the whole domain. It's up to you.
Under admin.google.com's Security settings, locate the Google Cloud session control (beta) settings.
Under this panel, from the dropdown menu on the left, locate the Organization Unit you just created.
Be sure to select ONLY the OU you intend to change.
Change the "Google Cloud Console and Google Cloud SDK session control" from expiring to "Session Never Expires".
Save your changes.
The account you selected in step 3 should now be able to deploy AppMaker apps.
It appears this OU change is only necessary for the deployer of an AppMaker app, not an individual user. Note also that if you have multiple AppMaker developers who all have different current OU settings, you may need to create multiple daughter OUs to avoid a sudden radical shift in OU settings for an individual account.
I am new to asp.net. I have a project working. I need to send different mails every day at 12 am to different users. I need to know how to implement the method that will wake up every day at a certain period. Please help me with as much details possible as I am a complete beginner
Use Quartz.NET.
Quartz.NET is a full-featured, open source enterprise job scheduling system written in .NET platform that can be used from smallest apps to large scale enterprise systems.
You can use Windows Task Scheduler as well, but you need some specific windows permissions to do that on production server.
You can create a Windows Service that will be executed automatically at the time you want. The windows service should contain the code to send email.You can check out these links on Simple Windows Service Sample and Simple Windows Service which sends auto Email alerts. You can also implement a timer in your application that can manage it. If you want to do it this way then check this article.
I need to support DoD issued CAC-based authentication in my web application deployed in JBoss. Could someone give me pointers on where to start, the steps involved, etc?
Also, which JCE provider should I go with (OpenSSO, BountyCastle, etc)? I tried to google for a list of (active/current) providers but couldn't really find it. Is there a list of JCE providers that are most popular (by virtue of their underlying security algorithms? Thanks.
I haven't worked with CAC cards, but PKI integration is typically handled by PKCS#11 middleware installed on the client CPU. On the server, you may need to intercept the request at the apache module level to enable PKI/SSO, here's a slideshow with more info on how they did it for forge.mil:
http://www.slideshare.net/rbulling/enabling-web-apps-for-dod-security-via-pkicac-enablement-forgemil-case-study
If you need to do other web based interactions with the card (non PKCS11 functions like if you want to talk to one of the other apps installed on the card from your web app, or install an applet on the card) you'll need some kind of browser plug-in to send raw APDUs or higher level commands via PCSC. My company makes a plug-in for this purpose, it's available at https://cardboss.cometway.com.
Finally, I like bouncycastle... I doubt you will find any lists of JCE providers sorted by popularity.