LightSwitch Application Client Configuration and Signing

As I mentioned in an earlier entry, LightSwitch Beta 2 added the ability to sign an application. This can be accomplished on the "Specify a Certificate" page of the publish wizard. But why would anyone want to sign their application? What good does it really do? In this entry, we talk about application types and why signing would be useful.

Types of LightSwitch Applications

The application run by a user which was published from LightSwitch is a Silverlight application. This client application can take one of 2 forms: Desktop or Web. As the property pages and publish wizard state, a Web application runs in the user's browser and is not be able to access other programs. This means that to run the application, a user will have to point their browser to an IIS (or Azure) server which is hosting the application. The server will then serve up the LightSwitch application (packaged as a .xap file) which will run in Silverlight's partial trust sandbox. Whether the application server type is IIS or Windows Azure the experience of running the application client should be fundamentally the same. This type of application is known as a 3-Tier browser application: client, database, and server.

On the other hand, a Desktop application "runs on the user's desktop and can access other programs". So, a desktop application is not ultimately run in the browser (although to initially get to the application, a user may have to use the browser). Instead, it is run in by the Silverlight Out-of-browser Launcher, a tool installed with Silverlight. A desktop application is installed on the client computer, and can be uninstalled using Add/Remove Programs. Once installed, the application is launched from the user's desktop or Start menu. Most notably, the application runs in partial trust. This means that the application can interact with other programs, provided there are entrypoints for those applications. For example, you could have an application write out invoices to Microsoft Word. When you choose a desktop application, LightSwitch modifies the OutOfBrowserSettings.xml file in the client project to tell the Silverlight runtime that the application requires elevated permissions.

Desktop applications come in two forms, depending on the application server type: 2-tier applications or 3-tier applications. A 2-tier application is deployed as a ClickOnce application. The client and server tiers are the same in this case: the user's machine, kind of like what is done when the application is debugged in the LightSwitch IDE. A handy feature within ClickOnce is that the application can be automatically updated when a newer version of the application is available.

A 3-tier desktop application is also hosted on either IIS or Windows Azure, and the experience of running that application should be the same, regardless of which is chosen.

When to Sign

How does signing relate to the application's trust level? It doesn't. The application does not need to be signed to run in elevated trust (that is, to be a desktop application); the trust level is dictated by that OutOfBrowserSettings.xml file that is hidden away. This is handy when debugging your application: you are under no obligation to specify a signing certificate to F5 your application.

Signing is only used for one deployed application type: 3-tier desktop applications. Signing is relevant during the install and update of the application. The application user will be prompted with a security warning prior to installation of the application. The level of the warning can vary based on the state of the application signature. Once installed, the application will automatically detect if a newer version of the application has been published. If so, the application will attempt to install the latest version of the application. However, in order for the auto-update to work, the latest version of the application must be signed with the same key as the previous version.

How to Sign

Application signing is now built into the publish wizard. You can go to the "Specify a Certificate" to turn on application signing by checking the "Specify a certificate" checkbox. There are 3 ways to supply a certificate for the application singing. You may

  • "Select a certificate from the computer's store" shows you the set of relevant certificates that are available on your computer
  • "Browse for a certificate" allows you to select a certificate file (.pfx) that you may have on your computer
  • "Create a test certificate" creates a self-signed certificate used to sign the application. You must enter a password for the new cert, which will expire after 1 year

This wizard page also shows additional information about the cert you have selected. By default, the checkbox is checked only if you are application is a 3-tier desktop application.

Running the Application

Once your application has been published to a web server, a client who wants to run that application will navigate to the publish location. The application will start, and the user will be told to install the application by clicking on the Install button:

Depending on how the application was signed, the user will then be issued an installation prompt from Silverlight. For applications which have not been signed, or are signed with a self-signed certificate, the  user will be presented with an installation screen that looks something like this:

Or for a more trusted certificate something like this:

The user has the ability to choose if they want to install a shortcut to the application on their desktop, on the Start menu, or both, by clicking on the "More options" button on the installation dialog.

After installation, navigating to the publish location shows that a screen telling the user to launch the application from the Start menu. If there are subsequent updates to the application, the application will detect  and automatically install these updates:

Unless, that is, the original application was not signed, or was signed with a different cert. In that case, the update would fail, and you would have to uninstall and then re-install the application:

Signing your 3-tier desktop application helps ensure the application upgrade works.

Additional Resources
LightSwitch documentation: Signing a XAP File by Using a Certificate
Silverlight Out-of-browser support