Solved: Re: Code signing of Revit Addins - Page 3

harrymattison · ‎01-10-2016

Considering the new requirement in 2017 for Revit Addin signing, does anyone have recommendations

Which vendor to use to buy the certificate (presumably someone listed at http://social.technet.microsoft.com/wiki/contents/documents/2592.windows-root-certificate-program-me...
What is the "right" certificate to buy?

For example, how about the "CODE SIGNING CERTIFICATE" for $170/yr (if you buy 3 years)?

Validates and secures your code

Eliminates security warnings during download and installation

Protects with your choice of SHA-1 or SHA-2 encryption

https://www.godaddy.com/web-security/code-signing-certificate

neil.smithline · ‎11-17-2016

Hmm... That's a bit surprising. Those extensions load fine on my computer. I also checked each of the 6 Roombook DLLs from your error messages on my computer and they are all signed (see image below). Can you check to see if they are signed on your computer? Open up the Windows explorer, go to C:\Program Files\Autodesk\Roombook Areabook Buildingbook for Revit 2017\Roombook\Program, right-click on RrxCommon.dll, and check the Digital Signature tab. (You probably only need to check one, I suspect that they'll all the same.) If they are not signed, then you have bad add-ons. Maybe you got a beta copy somehow? I'm not really sure, but removing them and reinstalling them should fix things. Let me know and I'll tell you next steps if you're still having problems with this.

Neil Smithline

Revit Software Security Architect

Anonymous · ‎11-17-2016

Went to that path and the roombook folder does not exist. So I went to my C: drive and searched for rrxcommon and it returned nothing as well. Funny thig is I do not have the roombook addin in my ribbon now that I look at it.... I guess I will uninstall and reinstall.

What about the DBLink and others?

Anonymous · ‎11-17-2016

I created a .addin file for an addin that doesn't exist and got the same "unsigned add-in" warning. Seems like it should check if the .dll even exists before it checks if it's unsigned or not. Here is the addin file to generate an unsigned add-in warning.

<?xml version="1.0" encoding="utf-8"?>
<RevitAddIns>
  <AddIn Type="Application">    
    <Assembly>
      C:\DoesNotExist\Nope.dll
    </Assembly>
    <AddInId>502fe383-2648-4e97-adf8-5e604af9ac39</AddInId>
    <FullClassName>aafbc</FullClassName>
    <VendorId>ADSK</VendorId>
    <VendorDescription>Autodesk, www.autodesk.com</VendorDescription>
    </AddIn>
</RevitAddIns>

Jason,

Go to your "C:\ProgramData\Autodesk\Revit\Addins\2017" folder and delete all the .addin files that you no longer need or are causing issues. That should stop the dialog.

Anonymous · ‎11-17-2016

I ran the the installer and "repaired" the installation and now the files are correct.

The roombook stuff is fixed. Now its all the other addins I have installed. I do not want to have to try to contact each publisher. It would take me a whole day to ask for their certificates....

Anonymous · ‎11-17-2016

Thanks. However my problem is I use all of them ha!

neil.smithline · ‎11-18-2016

Thanks for noticing the spurious unsigned error messages on incorrectly installed add-ins mwilson1. I've filed a bug report.

Neil Smithline

Revit Software Security Architect

Anonymous · ‎11-18-2016

While you're fixing that, make it so Revit checks addins and all that jazz AFTER it checks to see if a network license is available. There is no point in checking anything if Revit is just going to kick me out 15 seconds later for no license available. 😃

neil.smithline · ‎12-14-2016

I logged the issue REVIT-103815 [Customer reports spurious unsigned add-in message for non-existent add-ins] with our development team for this. Please make a note of this number for future reference.

You are welcome to request an update on the status of this issue or to provide additional information on it at any time quoting this change request number.

PS: Sorry for not replying earlier. I filed the bug report in November, but forgot to update this thread.

Neil Smithline

Revit Software Security Architect

neil.smithline · ‎12-14-2016

@Anonymous wrote:

While you're fixing that, make it so Revit checks addins and all that jazz AFTER it checks to see if a network license is available. There is no point in checking anything if Revit is just going to kick me out 15 seconds later for no license available. 😃

OK. I filed REVIT-105268 [Customer reports that prompts for loading add-ons appear even if the license check will fail afterward].

Neil Smithline

Revit Software Security Architect

Anonymous · ‎04-21-2017

I have signed my add in following the instructions on this link (and having used makecert). Note that my addin is for use in my firm, and not generally available. I have the certification added to windows (using certmgr). When I run revit I first get the dialog to "always load" and then I get an error that RevitAPIUI is not loadable (it is showing as not signed in my project, and a warning that it does not have a strong name). So the only way I can use my addin is to not sign it, and always deal with the extra step dialog. What is going on here? I have tried both debug and release for AnyCPU but still get the same error and failure if I sign my add in.

peacejoya · ‎10-26-2017

Thank you there for us always !!

neil.smithline · ‎11-02-2017

@peacejoya - I'm not sure why you think that the problem is related to add-in signing. It looks to me like a straight add-in configuration problem. Do you have some reason to think that this is related to add-in signing? If not, you'll probably get a better response if by creating a new post. You can do that by clicking the "Create A New Post" button on this page.

Neil Smithline

Revit Software Security Architect

Anonymous · ‎11-20-2017

None of that explains why you should have to tell Revit REPEATEDLY that you trust an addin. That's like (in your analogy) saying you don't trust a weatherman who has given the correct forecast every day for a year. This used to be worse in the first release of 2017, where it NEVER remembered that you trusted your own addin. Now it will simply forget on the next boot, or randomly when it simply decides "you've trusted it long enough, so you have to tell me again you trust it". Code signing is poorly implemented, plain and simple.

Anonymous · ‎12-05-2017

hey neil

could you get any further on this? did it finally work?

would be awesome to know if this still doesnt work.

thanks.

Moritz

neil.smithline · ‎12-19-2017

@Anonymous - I do not think that most people see that behavior. I know that we do not see it internally. The only time that I have seen repeated requests for authorization to load an add-on is when the add-on is misconfigured and failed to load. When that happened in Revit2017, it would ask you to authorize the add-on, then fail on each Revit startup. Very annoying. I believe that we fixed that in one of the dot releases for 2017 (I can't find the exact version). So if you're seeing this behavior in 2017, it is probably due to a misconfigured add-on.

What version of Revit are you seeing this in?

If you feel comfortable sharing your add-on with me, I'd be happy to test it. You could post it to Dropbox or another cloud drive service and then send me a private message from my profile page with the link.

Neil Smithline

Revit Software Security Architect

Anonymous · ‎12-20-2017

for now i could get the choice to "stick" by deleting all entries within HKEY_CURRENT_USER\Software\Autodesk\Revit\Autodesk Revit 20XX\CodeSigning

then restarting Revit and choosing "always load" again. Held up a few weeks now with Revit 2017.

neil.smithline · ‎12-20-2017

That sounds like a clever fix, but I'm sorry that you had to do that. If the problem happens again, I'd be happy to work with you to try to figure out what caused it so that we can implement a bug fix.

Neil Smithline

Revit Software Security Architect

neil.smithline · ‎12-20-2017

@Anonymous and @Anonymous - I have filed a bug report, suggesting that we try to detect and repair broken registry entries. That said, I'm not sure how far we'll be able to get as we haven't seen this problem in our testing. So we may spend time on this but make no progress. Without more information, that's the best that we can guarantee. Hopefully we'll find the problem.

If you discover more data related to the problem, you can post it to this thread or private message me. Just for your reference, the ticket is REVIT-124577.

Thanks for your patience,

Neil

Neil Smithline

Revit Software Security Architect

Anonymous · ‎01-16-2018

hi neil,

sadly the error keeps occuring again after a while. my fix only stuck for so long. we would like to get your help on this. What can we do to help you help us?

neil.smithline · ‎01-16-2018

Sorry to hear that you ran into more problems. Can you shoot me an email at neil.smithline at autodesk.com? I just need your email address. Then we can figure out how to proceed from there.

I'll keep this post updated with any resolutions we reach for the benefit of others.

Neil Smithline

Revit Software Security Architect

Code signing of Revit Addins

Code signing of Revit Addins

Forums Links

Post to forums