[02/03] Secure File Download and Digital Signing Problem
I just got a digitial certificate so I can sign my exe's that people download from my website.
So instead of the "Publisher Can't be Verified" message in Windows XP, when they run a downloaded file, they get our company name as the publisher, and can view the cert, etc...
So anyway, One of my downloads is delivered over a secure connection because they have to pay for it.
I use this approach, because my webhost (3rd party ASP.NET hosting) allows me to set folder level permissions. So I basically turn of anonymous access to where my download exe is, and stream it out via the ASPNET account instead. Adding HTTP headers to indicate the data being streamed is a download..
Everything has been working just fine for doing the file downloads. However if I sign the exe and then download it via the secure method, it won't run. It says it can't verify the publisher and there is a problem with the file. If I download the same exact file directly from a URL (by allow anonymous access for testing purposes) it runs as expected, and displays the correct Publisher.
Odd thing is if you right click the exe that won't run, and view its certificate, you can see its there and intact.
I am wondering if I need something else implemented? An HTTP header or something to indicate that the exe is digitally signed or something?
I tried a few other approaches, like trying to impersonate an ID to access the file instead of writing it out in a byte stream, but that didn't work (assuming its not allowed by my host)
Any ideas?