Rick Strahl's Web Log

What the heck is a `\\.\nul` path and why is it breaking my Directory Files Lookup?

Rick Strahl — 2025年12月08日 23:15:18 GMT

In the last few months my Markdown Monster Application Insights log has been inundated with a hard failure for lookups of a \\.\nul device error. In my logs this shows up as an error like this:

Figure 1 - Null device errors in the Application Insight logs

This error started creeping up in my logs a few months ago, and since then has gotten more frequent. The error always occurs in the same location in the code and it's related to the File and Folder Browser in MM that displays the files available on the file system.

Figure 2 - The File and Folder Browser in Markdown Monster that is the target of the error

This is a generic file browser, so it's very susceptible to all sorts of oddball user configurations and mis-configurations and this particular error likely is of the latter kind. However, after doing a bit of research this is not an uncommon error - there are a number of references to this although the cause of it doesn't appear to be very clear and can be related to various different things.

In my use case, the error itself is triggered by doing a fileInfo.Attributes flag check on a file name that was returned by the Directory.GetFiles() lookup originally. The file is not a 'regular' file but rather a 'device' and access to .Attributes.HasFlag() throws the exception. And yeah that's very unexpected.

Specifically the failure occurs here:

// System.IO Exception: Incorrect Parameter \\.\nul 
if (fileInfo.Attributes.HasFlag(FileAttributes.Hidden))
 item.IsCut = true;

This code sits inside of a loop that does a directory lookup then loops through all the files and adds them to the display tree model that eventually displays in the UI shown in Figure 1. The key is that the Attribute look up fails on this mystery 'null device' file.

This is doubly frustrating in that Attributes is an enumeration that apparently is dynamically evaluated so the only way to detect the invalid state is to fail with an exception when calling .HasFlag(). Bah 💩!

What the heck is `\\.\nul`?

My first reaction to this error was, yeah some user is doing something very unusual - ignore it. And yes, the error is rare, but there appear to be a number of different users running into this issue and more and more are starting to show up.

Thanks to several commentors on this post it appears that this problem is caused by Claude Code running Unix style Bash commands which produce invalid files on Windows. Quoting from Michael Christensen's comment response below:

I get this nul file all the time, in my case it's from Claude Code. The LLM has access to run Bash commands, and on Windows it uses Git Bash (presumably that was easier than getting it to use the windows command-line).

What happens is it wants to suppress output on a command, but it also knows it's on Windows, so it tries something like command > nul 2>&1. In Git Bash that creates the nul file that Windows has so much trouble with. It should be using /dev/null, which works properly.

This explains why this happens - since it's Bash under a Unix shell is running the command it manages to create a nul file, which is an illegal file name in Windows. Windows in turn interprets that file as the nul device which then doesn't behave properly for a local file - specifically missing attributes.

Before the comments, I started looking into this using several LLMs.

The first response is a standard explanation of a null device:

Figure 3 - Basic LLM definition of a null device in file context

Turns out nul refers to a the Windows nul device, which as the name suggests is a device sink that doesn't do anything. Apparently, it's meant to be used to pipe or stream STDIN/OUT to oblivion.

Under normal circumstances a nul file or folder can't be created in Windows:

Figure 4 - nul files and folders can't be created in Explorer or the Shell

But if you're doing it from the Bash shell apparently there's a way around that. Once the file exists the directory listing returns is and that's when the problem happens.

Working around

So given what we know now, there are workarounds.

Somehow (Claude) a file named nul is created
Directory Listing picks up the nul file
Windows treats this file as a Device, so some file features are not available (ie. Attributes)

So here are a couple of workarounds I've used for this:

Bobbing for Apples - eh Errors

This falls into the simplest thing possible bucket:

Wrap the failure into an exception. This is easy enough but I always hate try/catch wrapping shit willy nilly, because it's one of those one-off fixes that doesn't really address what's going on. But... it's the simplest thing and it works for obvious reasons:

try
{
 if (item.FileInfo.Attributes.HasFlag(FileAttributes.Hidden))
 item.IsCut = true;
}
catch {
 // if we can't get attributes it's some device or map we shouldn't show
 item.IsCut = true;
}

The idea here is that if attributes cannot be retrieved the file cannot be a 'normal' file that should be displayed and we can safely omit rendering it.

Filtered Directory Listings

The second solution handles this from the other end: It tries to ignore any non-file 'resources' or in this case 'devices'. It seems odd to me that Directory.GetFiles() would return a device as part of its default configuration, but apparently it does.

It turns out the default Directory.GetFiles() filter mode is rather liberal in what it retrieves using the default EnumerationOptions instance:

Figure 5 - Default enumeration mode doesn't skip Devices

It only skips over hidden and system files, but allows everything else including 'devices'.

The \\.\nul error is caused by a Device that is the nul file.

So, rather than using the default directory listing, we can use explicit EnumerationOptions and skip over devices, like this:

string[] files = [];
try 
{
	var opts = new EnumerationOptions { AttributesToSkip = FileAttributes.Hidden |
 FileAttributes.Directory | FileAttributes.Device |
 FileAttributes.ReparsePoint | FileAttributes.Temporary};
	if (config.ShowAllFiles)
		opts.AttributesToSkip = FileAttributes.Directory | 
							 FileAttributes.Device |
		 FileAttributes.ReparsePoint;
	files = Directory.Files(baseFolder, "*.*", opts);
}
catch { /* ignore */ }
foreach(var file in files) { ... }

This is a bit more verbose obviously, but it makes it real obvious that we're skipping certain files.

Keep in mind that this is for a widely used generic implementation so there's a extra safety built in here with the try/catch to protect against invalid user provided folder names etc. from throwing out of the app. In that scenario there's no file list returned.

The code above should prevent devices and reparse points - which is the likely the cause of the \\.\nul device errors I'm seeing in the log - to stop occurring as they are not being returned by the directory listing.

This is now making me a bit paranoid that I should be using explicit EnumerationOptions whenever I do directory listings, but I suppopse this is a pretty rare error that - unfortunately - will blow up unsuspecting code if it tries to get information about the 'nul' device file returned if it's not filtered out. Ugh.

Presumably Claude Code will get this sorted at some point and we'll probably never ever see this error again 😂.

Summary

Since implementing the second fix (without the explicit try/catch for the Attributes) the logs have been clean of these null file errors. Since I never had a repro scenario, I can only go off my logs though so I can't be 100% certain that the problem is solved yet, but using both the directory skip filter plus the exception handling around the Attributes retrieval most definitely will fix this issue - I'm leaving the latter try/catch out for now to see if the filtered directory list alone will fix the issue and so far it seems that way.

However, it's important to remember that there can be funky behaviors with filesystem behavior related to symlinks and remapped folders (like DropBox) and apparently funky files created outside of the Windows direct file system managers (ie. Bash or other Linux shell). For example, I just ran into another issue where FileInfo.Exists reports my Dropbox folder as non-existing where Directory.Exists() does. IOW, special and symlinked files and folders can have odd behaviors and in those scenarios it might be a good idea to explicitly specify the file attributes to avoid unexpected failures that can't be easily handled with predictable logic especially when using a generic file client that accesses user provided paths.

Posted in dotnet

Using the new WebView2 AllowHostInputProcessing Keyboard Mapping Feature

Rick Strahl — 2025年8月21日 03:17:34 GMT

The WebView2 control is a complex beast and when you're building hybrid Desktop/Web applications that do serious interaction between a WebView2 control and a Desktop interface, you're going to find that there are a lot of areas where the keyboard and focus behavior is not as natural as you want it to be. Probably the most glaring example of this for me in Markdown Monster has been key forwarding and specifically in handling the main window menu accelerators.

Markdown Monster is a Markdown editor that uses a JavaScript based editor control, running in a WebView. The editor control interacts in a million ways with the WPF desktop interface, primarily from .NET and WPF into the JavaScript editor, but also with some operations in the JS code triggering the WPF UI with content updates from the editor. There are tons of UI operations like popping up context menus, hot keys that trigger operations in the WPF app and so on.

For the most part this all works fine with most editor operations handled internally in the editor without ever forwarding keys into the host WPF application. So navigation keys and plain text input is all managed in the JS code.

The WebView natively also supports some forwarding of keyboard operations from the WebView into the host if the WebView doesn't handle the keys. This may or may not be the behavior that you want, but even then it's tricky: some key events don't forward to WPF because the browser overrides them or in some cases forwarded keys are not triggered quite in the same way as 'native' keys trigger in WPF controls.

What this means is that there's a lot of custom key handling to override default key behavior and some trial and error to figure whether keys need to be handled in JavaScript or in WPF. 😏

For me, one big issue has been correctly handling the main window menu accelerator keys in the WPF Window host. Accelerators are those 'highlighted' keys on buttons or the main application menu, which based on Windows conventions should activate when you press the Alt key. In any 'normal' Windows application pressing Alt anywhere, forces focus into the main menu bar, which in turn shows these accelerators like this:

Figure 1 - Accelerator keys show as underlines in menus and buttons and are typically triggered by pressing alt in the related context. Here alt-t brings up the Tools menu. Note the underlines in the main menu and submenu.

The issue here is that while some keys pass through to WPF, others like accellerators are not or not recognized as accellerators. I filed an issue on the WebView2 Feedback site many years ago and this has finally been addressed via a new feature that I describe below.

The old Hack

Prior to the recently introduced AllowInputToHostMapping feature in the WebView, automatic alt key forwarding did not work. Instead, I had to resort to some ugly workarounds that:

intercept alt-key presses
use specific timing in code to determine whether it's a key combo or treated like an accelerator key
manipulate focus explicitly and forward keys into WPF

It worked, but very badly. Alt-key combos often failed to activate the menu, or the menu would activate but required another hit of alt key to actually activate properly. Good riddance to that code!

WebView Focus Context is Internal

The reason for all of this WebView misbehavior is that by default the WebView control handles key events internally and maintains focus internally. Focus in the WebView control stays inside of the control unless you explicitly click outside of it into another control.

For a lot of scenarios that is actually the behavior you want - you don't want all events or even keystrokes bleed outside of the WebView. Focusing out adds overhead and can easily cause weird side effects where common browser operations trigger both in the browser and then also in the host.

Instead the WebView lets you handle events in JavaScript code, the WebView Shell (ie. things like ctrl-f Find, ctrl-r Refresh etc.) and then the .NET Wrapper exposes some of the events into the WPF host via the control wrapper. This works reasonably well for most things although it does mean if you need specific key sequences and shortcuts to work, you're likely going to have to build handlers both in JavaScript and in WPF.

For example, in Markdown Monster I have a ton of keyboard shortcuts that are user customizable, and those are configured through a KeyBindingManager which is configurable and has options to define where a particular key is handled:

In JavaScript Code via Command Name
In .NET Via an Command object
In some rare cases both

If this sounds extreme - it is due to the nature of this application which is highly customizable and because it's an editor it explicitly deals with many custom key combinations. Figuring out what to handle where is a bit of trial and error.

Generally speaking if you control the Html page, handling events in JavaScript is preferable as that's the fastest way to handle events. Calling into .NET is not exactly slow, but it does have more overhead than just running native JavaScript code and in my case calling editor APIs directly, rather than round tripping into .NET to something similar. So raw text operations are handled in the JS code typically while complex or UI heavy or input output related operations typically run in .NET handlers through the WPF interface.

For most hybrid applications this isn't a huge issue because you likely just have a few keyboard operations - if any - that need to be explicitly handled.

But one thing that almost every hybrid app has to deal with is the Main Menu handling, which is as described above is definitely not well behaved from within a WebView.

Enter CoreWebView2ControllerOptions.AllowHostInputProcessing

As of WebView .NET SDK 1.0.3351 and WebView runtime 1.0.1901.177 you can now have more of keyboard and mouse events bleed into WPF. This specifically fixes the default behavior of the Main Menu accelerator keys in Windows. When this option is enabled more keyboard events using 'special' keys bubble into the host interface where they previously did not.

But it doesn't come without caveats, especially if you've been handling keys the way that it has been working previously. Specifically AllowHostInputProcessing intercepts keys before they hit the WebView Control, which means that some Windows/WPF default behaviors now end up overriding keys in the WebView.

I'll have more on that a little bit later. Suffice it to say there are 'issues' you'll likely have to deal with, especially if you've handled keys based on the old behavior with WebView first key processing as was necessary before.

To enable the new AllowHostInputProcessing behavior, requires that you configure the CoreWebView2ControllerOptions.AllowHostInputProcessing which needs to be set up during the WebView environment setup. It's not very obvious as it's part of the WebView Environment setup which is optional - most applications probably don't do this setup by default - so if you want to use this feature a couple of extra steps are required.

I'm going to demonstrate this as part of a helper function (part of the Westwind.WebView library) as that shows the entire process and is probably a good way in general to instantiate an interactive .NET/JS based WebView control. This helper uses a shared WebView environment, so that multiple controls in the same application all share the same WebView environment without having to explicit configure each one.

First here's the relevant bit of code that's needed to use AllowHostInputProcessing:

if (allowHostInputProcessing)
{
 var opts = Environment.CreateCoreWebView2ControllerOptions();
 opts.AllowHostInputProcessing = true; 
 await webBrowser.EnsureCoreWebView2Async(environment, opts);
}

Essentially you need to create an instance of the Controller options and then assign it to an environment that is assigned when the Web view is initially created.

What this means is that you can't just simply instantiate a WebView and have this work - you need a bit of machinery to create an environment explicitly, which BTW is a good idea and highly recommended anyway.

I use a helper method that handles the entire WebView initialization for me with every WebView I use. This helper does the following important tasks:

Sets up a new WebView Environment in a specified (shared) path
(important because the default deploy folders often don't allow writing which can crash your app or make the WebView not render)
Reuses a previously created environment
If allowHostInputProcessing is passed, sets it on the environment
Calls and awaits the WebView Initialization (ensure that CoreWebView2 is available)

Here's this that wraps all this busy work into an easy to use function (part of Westwind.Webview source on GitHub)

public async Task InitializeWebViewEnvironment(WebView2 webBrowser,
 CoreWebView2Environment environment = null, 
 string webViewEnvironmentPath = null, 
 bool allowHostInputProcessing = false)
{
 try
 {
 if (environment == null)
 environment = Environment;
 if (environment == null)
 {
 // lock
 await _EnvironmentLoadLock.WaitAsync();
 if (environment == null)
 {
 var envPath = webViewEnvironmentPath ?? Current.EnvironmentFolderName;
 if (string.IsNullOrEmpty(envPath))
 Current.EnvironmentFolderName = Path.Combine(Path.GetTempPath(),
 Path.GetFileNameWithoutExtension(Assembly.GetEntryAssembly().Location) + "_WebView");
 // must create a data folder if running out of a secured folder that can't write like Program Files
 environment = await CoreWebView2Environment.CreateAsync(userDataFolder: EnvironmentFolderName,
 options: EnvironmentOptions);
 Environment = environment;
 }
 _EnvironmentLoadLock.Release();
 }
 // *** THIS HERE ***
 if (allowHostInputProcessing)
 {
 var opts = Environment.CreateCoreWebView2ControllerOptions();
 opts.AllowHostInputProcessing = true; 
 await webBrowser.EnsureCoreWebView2Async(environment, opts);
 }
 else
 await webBrowser.EnsureCoreWebView2Async(environment);
 }
 catch (Exception ex)
 {
 throw new WebViewInitializationException($"WebView EnsureCoreWebView2AsyncCall failed.\nFolder: {EnvironmentFolderName}", ex);
 }
}

That's a bit of code, but it ensures that you safely create a WebView instance with an attached environment and wait for it to initialize.

Important:
await webBrowser.EnsureCoreWebView2Async(environment, opts) waits until the WebView has loaded. This method also will not complete if the WebView is not visible. By extension the helper method which calls this method also does not complete until those criteria are met.

Using this code to initialize the environment, menu accelerators now work as expected. Pressing alt activates the main menu even from within the WebView control!

Yay!

New feature, new challenges! As with all such major changes in how things works there are changes that affect behavior. And it's often not immediately obvious...

Tab Key Handling

Once you set AllowHostInputProcessing=true keyboard behavior now passes through many things that you might not expect causing actions in the host WPF (or WinForms etc.) container. One of the things that is really noticeable is the Tab and Shift-Tab key which now moves focus to the next control. Again, this may be desirable for some scenarios, but in my editor scenario it most certainly is not: Tab is definitely a character that needs to apply to my text editing and not cause control focus change!

Without any intervention the behavior I now see is that the Tab key does fire inside of the editor, but ALSO causes the WebView to lose focus to another control (an editor tab in Markdown Monster's case).

The behavior is:

WPF event fires first
If not cancelled, event then fires in the WebView/Editor

It turns out that this leaves you with some very BAD choices:

Handle the key in WPF and cancel
no good because the key is not forwarded back into JS code to execute the tab behavior as expected.
Handle the key in WPF and don't cancel
no good because Tab fires and focus changes.

Luckily in my situation I can explicitly call back into the JavaScript code to perform the appropriate tab action. In the case of my editor, the workaround is to handle the tab key event in WPF and cancel the operation, and then explicitly call back into the editor to trigger the Indent/Unindent command behavior. Yeah - very roundabout, but it works!

Here's what that looks like in code:

Create a custom key Binding for Tab and Shift Tab
Create a custom command that handles the operation
Basically overrides the .NET WPF event default behavior (WPF KeyBinding does that internally)
Fires Tab operation back into JavaScript code
- For Tab simulates the Tab key
- For Shift Tab calls an Editor command directly

First add the key bindings (these are app custom bindings that wrap WPF KeyBindings but in the end they use the underlying WPF KeyBinding for the key handling)

// *** Special Bindings
// Tab Handling for the editor: Bind only the Tab control
// Forced to override Tab Handling here due to
// WebView2 ApplyHostToInputProcessing setting which handles
// Tab before it gets to the JavaScript handler.
KeyBindings.AddRange(
 new AppKeyBinding
 { Id = "EditorCommand_TabKey",
 Key = "Tab",
 Command = model.Commands.KeyBoardOperationCommand,
 CommandParameter = "TabKey",
 HasJavaScriptHandler = false,
 BindingControl = mmApp.Window.TabControl
 },
 new AppKeyBinding
 {
 Id = "EditorCommand_ShiftTabKey",
 Key = "Shift+Tab",
 Command = model.Commands.KeyBoardOperationCommand,
 CommandParameter = "ShiftTabKey",
 HasJavaScriptHandler = false,
 BindingControl = mmApp.Window.TabControl
 }
);

Then handle that with a custom Command handler:

void Command_KeyBoardOperation()
{
 KeyBoardOperationCommand = new CommandBase(async (parameter, command) =>
 {
 var action = parameter as string;
 if (string.IsNullOrEmpty(action)) return;
 
 if (Model.ActiveEditor?.EditorHandler?.DotnetInterop != null)
 await Model.ActiveEditor.EditorHandler.DotnetInterop.KeyboardCommand(action);
 }, (p, c) => true);
}
// inside of `KeyboardCommand` fire JavaScript handlers that forward to the editor
else if (key == "TabKey")
{
 // override so we don't tab out (AllowHostInput option)
 await JsInterop.Invoke("fireTabKey"); // explicit Tab injection so Ghost Text works!
}
else if (key == "ShiftTabKey")
{
 // do nothing but keep from tabbing out
 await JsInterop.ExecCommand("outdent");
}

Finally the js code to simulate a key event in ACE editor that is used for Tab key:

fireTabKey: function (e) {
 const event = new KeyboardEvent("keydown", {
 key: 'Tab',
 keyCode: 9,
 which: 9,
 code: 'Tab',
 bubbles: true,
 cancelable: true,
 shiftKey: false,
 ctrlKey: false,
 altKey: false
 });
 // Dispatch to ACE's hidden textarea
 te.editor.textInput.getElement().dispatchEvent(event);
},

shift-tab uses Ace Editor's built-in command via ExecCommand(outdent). But tab can't use that because there are several special use cases for tab in Markdown Monster. In addition to plain editor Tab behavior, Tab is also used for accepting Ghost Text suggestions. For this reason the explicit and more verbose tab injection is used.

For more generic DOM application the .dispatchEvent() approach can always be used to simulate key behavior after WPF has had its shot at it. While all of this seems like a circle jerk, it's effective and it works.

Here's a more generic version of a function to simulate a key:

fireKey: function (element, key, keyCode, shift = false, ctrl = false, alt = false) {
 const event = new KeyboardEvent("keydown", {
 key: key,
 keyCode: keyCode,
 which: keyCode,
 code: key,
 bubbles: true,
 cancelable: true,
 shiftKey: shift,
 ctrlKey: ctrl,
 altKey: alt
 });
 // Dispatch to ACE's hidden textarea
 element.dispatchEvent(event);
},

ESC

Another key that can cause problems is the ESC key which also bubbles up to the container. If you have the WebView on a form that uses ESC for closing the form for example, it'll do that from within the control now where it didn't before.

Again - this may be the very behavior that you want, but perhaps not. For me in MM and other apps that's not been a problem but just be aware.

If you do need to override the behavior it's the same scenario as I described with the Tab key - handle in WPF then fire back into the WebView if you need special handling for ESC.

This pretty much applies to any key that 'misbehaves' in this way.

Summary

Keyboard handling for special keys in a WebBrowser control always are and have been a bear to work with. It was a pain in the old IE based WebBrowser control and it's a bear now with the WebView2. Different issues with different behaviors, but similar scenarios. How this is handled is one of those damned if you do, and damned if you don't scenarios, because no matter which route you take there are some things that are not going to work the way you likely want them to work. The alt and tab key behaviors I've described here are perfect examples of that.

But where there's a will there's a way - and there are ways around this. Overall while AllowInputHostProcessing causes some new 'behaviors', for complex hybrid UI interactive applications, if you start with AllowHostInputHostProcessing setting on, it provides a better base state for keyboard handling than the default behavior as you get proper forwarding into the host container for Windows specific keyboard combinations and behaviors. Other than the tab key and potentially the ESC key I haven't noticed other abhorrent misbehavior even in Markdown Monster's extreme keyboard interop scenario. Hopefully with the information from this post - you can navigate your way more quickly through the issues you might run into, than I did.

Resources

this post created and published with the Markdown Monster Editor

Posted in WPF WebView

Fighting through Setting up Microsoft Trusted Signing

Rick Strahl — 2025年7月21日 00:56:23 GMT

So it's that time of year (actually, the time of several years) to renew my Code Signing certificate. I always dread this because it's a manual process, and invariably, if you're not intimately familiar with the complexities of public key cryptography, the terminology is enough to drive me batty. It's gotten easier since I made some decent notes last few times I went through this...

But all that's out of the window this time around because the CodeSigning rules have changed. Drastically! It actually happened a few years ago, but I was lucky and got my local, still exportable certificate just before the rules changed so I was able to free load for nearly 3 years on the old certificate plan.

The new rules don't allow for locally stored, exportable certificates. Instead certificates have to be served from one of a few certified online authorities, or the certs must be stored in a FIPS 140-2 Level 2+ compliant hardware security module (HSM). The keys cannot be exportable, so they effectively can't be copied and stored or used elsewhere. So you got the option of server provided keys or hardware keys.

The idea behind this is to stop keys getting high jacked and being used by the non-originating organization. So the new keys are one time generated and non-exportable, so that they are much more restricted. Online services issue certificates that are good for only a few days when you can use them to sign with, and then automatically roll over to a new certificate.

What all this means the complexity of getting a certificate has gotten exponentially worse, and along with that prices have gone up significantly. Base non-EV certs run in the 350ドル-500 range with fully verified EV certificates starting around 500ドル per year. What used to cost me 180ドル for 3 years, the same provider now wants nearly 1000ドル for. Yikes!

It all seems like a huge grift:

As it is the whole CodeSigning thing has turned into another scam of Enshittification of a captured audience.

If you're publishing software or even packages on NuGet now, you pretty much have to have a code signing certificate. Certificates that used to be ~100ドル-150 (or less for multi-year certs) a year a few years ago now cost 300ドル-400ドル for basic certs. The EV certs start at 500ドル and go up from there.

The validation rules for businesses haven't changed and you would think most of the the expense is all in that. But this isn't about security - it's about gate keeping and just one more hurdle for a small business to have to jump over.
— @RickStrahl on X July 18, 2025

Microsoft Is In the Game Too

Microsoft who requires these CodeSigning rules in the first place for Windows SmartScreen validation and also for other things like NuGet packages, is also providing an Azure service called Trusted Signing to provide CodeSigning services, so they are on both sides of that transaction (create problem → provide a solution?) To their credit their pricing is much better than what most traditional SSL Cert providers are now charging. Azure Trusted Code Signing is still in preview but then again, it's been in preview for well over 2 years but it looks like what you see and can sign up for now is in the final stages before going to a proper release as a service.

Microsoft Trusted Signing Certificate Pricing

One reason to look at Microsoft's solution - despite the potential pain and suffering - is that the pricing is quite good (as of time of this post):

Model type	Basic	Premium
Base price (monthly)	9ドル.99	99ドル.99
Quota (signatures/month)	5,000	100,000
Price after quota is reached	0ドル.005/signature	0ドル.005/signature

These are non-EV, base certificates that only do basic vetting. For fully vetted EV certificates you'll need to look elsewhere. This pricing which ends up at ~120ドル/yr for the single cert is cheap compared to most of the SSL vendors most of which start at ~300ドル for certificates with mailed hardware keys. So, you gotta give Microsoft credit here for keeping costs down and providing reasonable pricing.

United States and Canada for Business Only

Currently Azure Trusted Signing is only available for US and Canadian customers according to Microsoft, although I got several comments that people from other countries have been approved (may have been for earlier previews though). Currently it looks like only US and Canada are supported and the options for business validation in the drop down seems to bear that out.

The certificates issued by Microsoft are very short lived - with expirations that last only 3 days to aggressively thwart invalid signing attacks in case a certificate is compromised.

3 Day Certificates are not a Problem

Azure signing certificates are valid for 3 days only, and the certificate has to be used for signing a file in the 3 day window.

However, once a file is signed with a valid and unexpired certificate, it's valid indefinitely! In other words, end-users are not affected by the short certificate timeout.

Since the signing process goes through Azure's servers, Azure controls the lifetime of certificates and automatically renews certificates when they expire so you always get a short lived valid certificate.

Doing a bit of research out of all the bad options out there, Microsoft's Trusted Signing seems like the least bad solution that's also cheaper than traditional certs from various SSL vendors. The good news is that it works and pricing is reasonable. The bad news I wasted nearly an entire day trying to get it to work. Hopefully this post will help you reading this not to waste quite so much time 😄.

Navigating the Azure Jungle

If you end up going the Azure Trusted Signing route, plan on having to wade through the Azure dependency jungle of setting up several resources and trying to understand what all the mumbo-jumbo Azure jargon amounts to. If you're doing Azure all day then much of this infrastructure dance will be familar to you, but as someone (me!) who only occasionally jumps in for some very specific services like Trusted Signing, it's incredibly painful to deal with Azure security and the Resource dependencies and the endless nesting of services with badly defined and overlapping naming boundaries.

For Trusted Signing finding documentation via search engines was hit or miss - the docs for this are buried behind deeply nested links - perhaps because it's still in or just out of preview (even that's hard to tell since some prompts show preview, none of the headlines do) and, also because previous releases of this technology used a completely different publishing pipeline through the Azure Key Vault.

There's official documentation although it took me a bit to discover it here:

Microsoft Trusted Signing Documentation

This has everything you need, but the instructions require some... uhm... interpretation. The tools are terrible, and the docs don't make working with them a lot easier by making you figure out where to find files and dependencies and how to install tools.

Don't believe your lying AIs!

In this day and age of AI assistants and ChatBots you would think that things like Azure configuration instructions for setting up an Azure task would be readily available. Heck there's even an Azure Specific CoPilot Model that you can use from the VS Code CoPilot integration.

But that actually yielded surprisingly bad results and did not work well with Trusted Signing either for setup or for the signing part! Part of this might be because Trusted Signing is still in Preview or because the documentation for this is almost non-discoverable and because things have changed so much with the tooling.

Long story short: After a very pissed off day of going down many wrong paths I managed to get Trusted Signing to work for my projects, and I'll try my best to provide the details how I have this set up, hopefully sparing a few of you all the pain I ran into.

Setting up Microsoft Trusted Signing

Alright so let's talk about what you need to set up Azure Trusted Signing.

There are two parts to this:

Setting up the Certificate and all the Infrastructure for storing the Certificate
Signing the Certificate as it require special software

Remember these certificates are not exportable so the only way you can sign is by using the online certificate via a service call by the sign tool.

Structure

In their documentation Microsoft provides a high level resource overview of what's involved in the certificate creation process:

source: Microsoft

Here's a breakdown of the things needed to create on the Certificate creation side, and the Signing side:

For Certificate Creation

You will need an Azure account to do any of this. If you don't already have one, you can sign up for a account. Since we're signing up for a paid feature you will need to set up payment information.

There are lots of resources available online on how to setup an Azure account, so I won't cover that here. Once you're in the Azure portal you need to:

Create or use an existing Azure Resource Group
Create a Trusted Signing Account
Create a Trusted Signing Identity (Company Information)
Create a Trusted Signing Profile (Certificate)

For Signing

Azure Cli (to log in)
Azure CodeSigning SDK
SignTool (from Windows SDK)

Create a Trusted Signing Account

To start to to Azure Home Screen and you should see a Trusted Signing Accounts button at the top:

Select that then click on Create:

You can click through the Next options and click on Create or Review + create to create the account.

Next you need to create an Identity. The identity is your business information that identifies your business unit.

The first hurdle you're likely to run into is the following error:

Two things that need to happen for that:

Add the Trusted Signing Identity Verifier Role
Add a User to Roles for the Signing Account

Talk about terrible user experience as the Role selection is totally non-obvious. There are 3 other ways to look at roles, some with selections where you end up in this weird place where you have a role and user selected with no way to submit. The way shown above works with the weird role selection, which enables the Review + Assign button.

Next you should be able to add an Identity. Go back to the main screen of the Trusted Signing Account and click on Identity Validation again:

Here you provide your company/organization information that is used on the certificate. Make sure the Url and Organization are the correct entity names. You also need to provide some sort of validation in the form of a Duns Number, Tax Id or Business Number.

The email address is validated so make sure that's accurate. In my case the validation with a Duns number took only a few minutes before the validation email showed up so this is surprisingly fast. Unlike previous certificates it also didn't involve a phone number callback which I thought was interesting in that it's actually less strict than previous certs I've signed up for.

The final step then is to create a Certificate Profile which effectively is the Certificate. Gotta love the bureaucratic naming.

I didn't fill out here, this form because I couldn't actually create a new certificate since my account is already using the 1 certificate I'm allowed. Here you simply select the identity you set up previously, and the rest auto-fills into the certificate request form.

Click Create and you're off to the races. It'll take a few minutes for the certificate to be created.

Once that's all set and done you end up with a Certificate Profile entry which is your signing certificate:

While we're here the three pieces of information that you will need to sign a file are:

Signing Account Uri
you can find that on the Signing Account Page, something like:
https://eus.codesigning.azure.net/
The Signing Account Name
WestWindSigningAccount
The Profile Name
WestWindCodeSignCertificate

Congratulations, the certificate should now be ready to go.

Half the battle is done - and now we need to sign our binaries and it's not a whole lot easier.

Signing an Executable

You would think that with all the effort that goes into the Azure CLI that Microsoft would have figured out a way to make it easy to use a certificate from Trusted Signing to sign a file, but - again in perfect counter intuitive fashion - you'd be wrong!

Although there's a az trustedsigning addin to the Azure CLI that can be used to list and check for certificates, that same interface does not support signing using that certificate.

Note: now way to sign anything, but you can see what certs are installed.

Instead the recommendation from the official docs is to use a recent version of the good old Signtool.exe from the Windows SDK with - wait for it... an explicitly referenced DLL from the a separately downloaded and installed SDK.

Azure CLI

So, in order to use the signing tools you will need the Azure CLI so you can sign in to your Azure account.

winget install --id Microsoft.AzureCLI -e

Trusted Signing Client Tools

Next you'll need to have various tools installed which include:

Trusted Signing SDK (download and install)
.NET 8.0 Runtime
SignTool.exe

You can find Microsoft's confusing instructions here:

Installing Client Signing Tools

but I'll summarize it for you here.

Start with the SDK which you can install these via WinGet which is the easiest:

winget install -e --id Microsoft.Azure.TrustedSigningClientTools

Path to Codesigning Dll Required!

This SDK installs %localappdata%\Microsoft\MicrosoftTrustedSigningClientTools on Windows. This has everything you need, but I found this doesn't install the latest version of these tools. You'll need to capture the path to the codesiging DLL and use it on the Signtool command line.

By default, if you use the installer, the file you need to reference later with SignTool.exe lives here:
%localappdata%\Microsoft\MicrosoftTrustedSigningClientTools\Azure.CodeSigning.Dlib.dll

The docs on this are very confusing because the SDK downloads an old version of the SDK, and then later the docs mention downloading what appears to be the very same thing separately via NuGet. Except the NuGet package seems to be up to date with considerably newer versions than the SDK install.

The NuGet Package can be found here:

Microsoft.Trusted.Signing.Client NuGet Package

I'm not sure what else the SDK does so to be sure I install both:

Install the TrustedSigning SDK (as per above)
Download the NuGet package
Update the binaries in the %localappdata% folder with the NuGet binaries

Updating the Trusted Signing SDK to the latest version via downloaded NuGet package

Install or Find Signtool

Next you need to install Signtool.exe or - if you have Visual Studio installed you probably already have it locally installed as part of the Windows SDK (10.0.2261.755 or later). Personally I have a recent copy of Signtool.exe in my Utils folder that's on my path, or I copy it directly into my Install folder from which my installer is created and where the signing actually happens.

If you want to use the global SDK reference it typically lives in:

C:\Program Files (x86)\Windows Kits10円\bin10円.0.26100.0\x64\signtool.exe

Signtool and Windows SDK install instructions

Create a MetaData File with Azure Trusted Signing Information

The last step is to create a meta data file that references the Azure Trusted Signing account information so that the cert can be found. It's a simple Json file that looks like this:

{
 "Endpoint": "<Trusted Signing account endpoint>",
 "CodeSigningAccountName": "<Trusted Signing account name>",
 "CertificateProfileName": "<Certificate profile name>"
}

Filled out it looks something like this (SignfileMetaData.json):

{
 "Endpoint": "https://eus.codesigning.azure.net/",
 "CodeSigningAccountName": "MySigningAccount",
 "CertificateProfileName": "MyCertificate" 
}

I named mine the same name as the Powershell script I use to sign the file.

Ready to run Signtool to sign your Binary

So the actual signing operation is then done in two steps:

Signing into Azure
Signing the actual document

To make this a little easier I have a Powershell script that passes in one or more filenames to sign, then logs in if necessary and signs the file.

# dotnet tool install --global AzureSignTool
#winget install --exact --id Microsoft.AzureCLI
param(
 [string]$file = "",
 [string]$file1 = "",
 [string]$file2 = "",
 [string]$file3 = "",
 [string]$file4 = "",
 [string]$file5 = "",
 [boolean]$login = $false
)
if (-not $file) {
 Write-Host "Usage: SignFile.ps1 -file <path to file to sign>"
 exit 1
}
if ($login) {
 az config set core.enable_broker_on_windows=false
 az login
 az account set --subscription "Pay-As-You-Go"
}
$args = @(
 "sign", "/v", "/debug", "/fd", "SHA256",
 "/tr", "http://timestamp.acs.microsoft.com",
 "/td", "SHA256",
 "/dlib", "$env:LOCALAPPDATA\Microsoft\MicrosoftTrustedSigningClientTools\Azure.CodeSigning.Dlib.dll",
 "/dmdf", ".\SignfileMetadata.json"
)
foreach ($f in @($file, $file1, $file2, $file3, $file4, $file5)) {
 if (![string]::IsNullOrWhiteSpace($f)) {
 $args += $f
 }
}
.\signtool.exe $args

The script is pretty straight forward. The only oddity is the Signtool call with it's lengthy reference to the code signing DLL. Note that you need a recent version of SignTool.exe to support the /dlib and /dmdf parameters.

When you run this script in a new Terminal instance you will be prompted to login into Azure and if you have multiple subscriptions you have to select the subscription. Once the terminal session is active subsequent requests bypass the login and just go and sign.

If all goes well you should see something like this as your output:

And we have lift off!

You're looking for the Number of files successfully Signed: 1 (or more if you pass multiple files).

Not Fast!

One thing I am noticing is that the signing process is very slow:

You can see that it takes about 5 seconds for signing each file which seems pretty slow if it's only sending the Digest over the wire as the message is suggesting. The old local cert SignTool processing took less than second at most per file.

Oddly it also doesn't get any faster with multiple files sent to SignTool as each request apparently is sent after the previous one completes. No parallelization here.

Another issue - and that is likely my ignorance - is that I can't seem to get a hands off Azure login to run. az login prompts for a manual login and then also for selection of a subscription. I know there are options for using a Secret key, but I couldn't figure out how to set this up and get Azure recognize my user and subscription. The secret key is recognized but for some reason it complains that it's not linked to a subscription (which it is). Just more piece of bureaucratic bullshit that I'm going to leave for another day. This is just how it goes for me with Azure - you solve one problem only to run into yet another seemingly unrelated issue and soon you have 20 services you're dealing with to do one simple thing. It's a never ending rabbit hole.

I'm hoping that once everything is set up I can just let it be, but knowing Microsoft's propensity to keep moving the cheese around that's also very unlikely 😄

Alternatives: BYO Certificate and use Azure Key Vault

Initially I came to Azure mainly in order to save some money because the pricing of providers just seems ridiculous. Given the time I sank into this maybe that wasn't the best use of my money or time 😁.

However, it looks like there's another way you can still do this somewhat on the cheap by buying your own certificates and then importing them into Azure Key Vault. Much of the cost of third party CodeSigning certificates is due to the secure token device you have to buy on top of the certificate plus shipping which nearly doubles the cost of the entire affair.

Turns out you can however buy a certificate and have it issued directly to a certified provider of which Azure Key Vault is one.

I don't have the energy to go through the process of setting up Azure Key Vault which looks to be just as many long steps if not more than what I went through with Trusted Signing.

There are many step by steps that take you through this - here's one:

How to Create Key Vault, CSR, and Import Code Signing Certificate in Azure KeyVault HSM

As I got feedback for this post several people report using this successfully and one benefit apparently is that performance of Azure Key Vault singing is much better than Trusted Signing.

One benefit of Trusted Signing is that once set up, you never need to touch it again (assuming Azure doesn't change and break the process 😢) because certificates have a short lifetime and auto-renew automatically. As long as you pay your monthly bill, in theory you don't need to ever update your certificate - it'll always be up to date.

Summary

The process to do set up Trusted Signing was way harder than it should have been - in fact the entire process took me the better part of an entire work day. The server process is complicated primarily because the nomenclature is so crazy confusing and the dependency management on Azure is such a pain in the ass. The missing rights from the account to create an identity is particular maddening and how you fix it even more so! But it wouldn't be Azure if you wouldn't be cursing the thing every step of the way.

The signing process also is a pain in the ass with 3 different tool chains required. The fact that an az TrustedSigning CLI addin exists, but doesn't support actually signing is just ridiculous. With all the resources that are thrown at Azure it seems petty to not support the one feature that everybody is going to need without having to jump through hoops of managing several tool installation instructions.

But grudgingly I have to say that at the end of the day the process works, warts and all. Microsoft's pricing for the service maybe makes it worth it than most other services, and frankly the fact that I have my cert running as a service that hopefully doesn't need to be updated unless I quit the service is enticing. Yeah it costs more than it did last time around - I'm now paying almost as much per year what I used to pay for 3 years, but given the circumstances and required Enshittification of all that surrounds the CodeSigning process, this is the best that we can do for now.

I'm hoping writing this up is helpful to some, and that these instruction won't be obsolete in a few short months because Microsoft changed designs again as is so often the case.

As for Azure one would hope they fix:

Performance
5-8 seconds per file to sign with no parallelism for multiple submissions is bad
Self contained Tooling for Signing
For heaven's sake provide ONE tool that can handle the signing process in one pass without having to install 50 other things. Or better yet have it built-in to the Azure CLI with the trustedsigning addin that's already there.

One can hope some of this is due to the relative new-ness of Azure Trusted Signing. But... we shall see.

Resources

this post created and published with the Markdown Monster Editor

Posted in Windows Security Azure

Centering a WPF TreeViewItem in the TreeView ScrollViewer

Rick Strahl — 2025年7月16日 04:23:03 GMT

One of the annoying features of the TreeView in WPF is the inability to easily select and make an item prominently visible. While there is `TreeView.BringIntoView()` it doesn't do a good job dropping the item that the very bottom (or top) of the viewport with no way to center. In this post I show a few helper methods that facilitate this process and a few related tasks with some useful TreeView helpers.

Unpacking Zip Folders into Windows Long File Paths

Rick Strahl — 2025年6月22日 11:00:48 GMT

Ah, long file paths bit me again today - this time with `ZipFile.ExtractToDirectory()` not unzipping long path files, even when specifying long path syntax for the output folder. In this post I briefly review Windows long path issues again, and describe what doesn't work and how to work around this particular problem. While specific to `ExtractToDirectory()` a similar approach might apply to other batch file based operations.

Adding Runtime NuGet Package Loading to an Application

Rick Strahl — 2025年6月10日 04:40:37 GMT

It's not a common use case, but if you need need to dynamically add external code at runtime, NuGet packages are the most familiar way for developers to add that functionality besides old-school direct assembly loading. In this post I look at my LiveReloadServer local Web Server tool and how I integrated both external assembly loading and NuGet package support to allow extensibility for the Razor (and Markdown) scripting functionality of LiveReloadServer.

Distinguished Name on FileZilla Server Self-Generated Certs

Rick Strahl — 2025年6月06日 20:44:04 GMT

Renewing Filezilla certificates I've run into a 'huh?' moment a few times trying to renew the self-signed certificates for the Administration interface. Trying the obvious entries of putting in the DNS names results in an error that's not perplexingly is fixed by providing a full Common Name instead.

Configuring Microsoft.AI.Extensions with multiple providers

Rick Strahl — 2025年5月31日 08:56:33 GMT

Microsoft.Extensions.AI is the new base library for creating AI clients in an abstracted way. While the library does a great job with the abstraction of the interfaces it works with, the provider interfaces that create the intial abstractions like IChatClient are a lot less user friendly with hard to discover syntax based on extension methods and different syntax for each provider. In this post I review three providers and how to get them instantiated along with a small streaming example to use them.

Lazy Loading the Mermaid Diagram Library

Rick Strahl — 2025年5月11日 09:26:29 GMT

The Mermaid library is a large beast, and if you're using it selectively in your Web content you probably want to make sure you don't load it unless you actually need it, due to it's download footprint and load time. If you're loading Mermaid with server only code it's pretty straight forward, but if you use it on the client there you may want to delay loading the library until you actually need to display a diagram.

WebView2: Waiting for Document Loaded

Rick Strahl — 2025年5月06日 21:50:16 GMT

WebBrowser loading is always async and the WebView2 control is no different - in fact it's more complex as there a number of events that need to be handled in order to properly handle loading the control. In this post I describe how you can create a simplified load checking routine, or use the Westwind.WebView library and WebViewHandler to wait on content and process document access using linear `await` syntax.

Avoiding WPF Image Control Local File Locking

Rick Strahl — 2025年4月28日 22:01:46 GMT

WPF locks local images when referenced via a Source attribute. In this post I discuss why this might be a problem and how you can work around it using native XAML and custom binding converter that provides a consolidated approach that includes image caching for better performance of reused images.

The Strong ARM of .NET: Wrestling with x64 and Arm64 Desktop App Deployment

Rick Strahl — 2025年4月19日 08:35:43 GMT

.NET works great for cross-platform development making it easy to build apps that are cross-platform and cross-architecture specifically for x64 and Arm64. However, building a distributable application that can install and run out of box on both of these platforms, that's a bit more effort. In this post I discuss some of the gotchas and how to work around them to distribute apps that run out of the gate on both platforms.

Using Windows.Media SpeechRecognition in WPF

Rick Strahl — 2025年3月25日 04:33:00 GMT

Windows has a pretty capable SpeechRecognition engine built-in via Windows Media services. In .NET these features are accessible via the Windows SDK (WinSdk) that expose these Windows features to .NET applications. In this post I discuss how you can integrate these features into a WPF application, and discuss some of the pitfalls along the way that you have to watch out for related to the SDK integration 'features'.

Making Html Input Controls Truly ReadOnly

Rick Strahl — 2025年3月14日 20:26:04 GMT

A discussion of how to show readonly controls in user interface and ensuring that they are not UI activated. This post discusses readonly and disabled behavior and how you can make readonly behave better if you choose to use it over disabled.

Accessing Windows Settings Dialogs from Code via Shell Commands

Rick Strahl — 2025年3月13日 22:40:22 GMT

Windows has support for an `ms-setting:` Protocol Handler/Uri Scheme that allows you to directly open most Windows settings dialogs directly via simple Url based shell commands.

Resolving Paths To Server Relative Paths in .NET Code

Rick Strahl — 2025年3月09日 06:39:18 GMT

ASP.NET Core has support for resolving Urls in Controllers and Razor Pages via embedded `~/` links in Views and via `Url.Content()`. But, these features are tied to Controllers or Razor Pages - what if you need to resolve Urls elsewhere, in middleware or even inside of business logic? In this post I describe how you can build a couple of helpers that are more flexible and also provide some additional functionality of resolving site root and relative paths to full site root paths.

Inline Confirmations in JavaScript UI

Rick Strahl — 2025年2月27日 09:02:10 GMT

Confirmation dialogs or modal popups can be annoying in HTML applications. What if you could instead use an inline UI to confirm an operation? In this post I describe a simple way you can use an inline UI to confirm an operation that can be easily implemented with a few lines of code and a couple of binding directives.

Retrieving Images from the Clipboard Reliably in WPF Revisited

Rick Strahl — 2025年2月22日 08:09:36 GMT

The WPF Clipboard is notoriously bad for retrieving image data, mainly because of the funky behavior of the ImageSource control into which clipboard data is loaded. WPF cuts a lot of corners when retrieving images and there are many scenarios where Clipboard.GetImage() either crashes or doesn't render the supposedly successfully retrieved image. In this post I review some of the challenges and how you can work around the retrieving an ImageSource with an intermediary load of a bitmap in between to provide reliable image retrieval from the clipboard in WPF.

Comparing Raw ASP.NET Request Throughput across Versions: 8.0 to 9.0 Edition

Rick Strahl — 2025年1月19日 22:51:02 GMT

Once again I'm taking a look at the newish .NET release and how it compares to the previous release - this time .NET 9.0 from .NET 8.0. I'll run my simple load tests to compare performance and also discuss a number of anecdotes from running .NET 9.0 in production apps for the last couple of months.

Back to Basics: Using the Parallel Library to Massively Boost Loop Performance

Rick Strahl — 2024年12月27日 23:37:19 GMT

I recently had another occasion to add Parallel.ForEachAsync() into an application to improve performance of an Http look up operation drastically. When I tweeted a note on X there was quite a bit of response, so I thought I follow up and discuss Parallel use in this use case and when it makes sense to use Parallel in applications.

Getting the Current TabItem when the Tab is not selected in WPF

Rick Strahl — 2024年11月09日 09:10:44 GMT

There's no direct support in WPF to find the control that the mouse is hovering over in Items controls like the TabControl, so if you need to bring up context sensitive information like a context menu or tooltip it takes a little extra effort to get the correct item to work with in this case ContextMenuOpening.

Using SQL Server on Windows ARM

Rick Strahl — 2024年10月24日 21:59:54 GMT

I recently got a SnapDragon X Elite ARM device to play with and while I've been impressed with all things that work very well on it, one thing did not install easily: SQL Server. There's no ARM version of SQL Server and the x64 versions don't run on ARM devices. Docker images are also amd64 so that didn't work well either. Turns out you can use LocalDb onin emulation mode, but setting it up is anything but intuitive. In this post I discuss how to get SQL Server to run on a Windows ARM device.

Getting the ASP.NET Core Server Hosting Urls at Startup and in Requests

Rick Strahl — 2024年9月04日 09:31:35 GMT

Ever need to retrieve an ASP.NET application's hosting Urls? There are million ways to set these URLs but there's no easy fixed location where you can pick the addresses up from. Instead you have to go through a bit of a dance, and use one of two approaches depending on whether you need the addresses during startup or inside of a request.

Nuking Local Nuget Package Sources to show newly Published Packages

Rick Strahl — 2024年8月04日 23:52:12 GMT

Every once in while when I publish a NuGet package and then try to use the published package in another project I end up with a situation where the new package simply is not recognized. Most of the time it shows up after a few minutes, but on more than a few occasions I've stuck waiting for quite a while waiting for the package cache to refresh. Luckily there's a way to nuke the cache and force Nuget to re-read local packages and while that is the nuclear option that requires downloading a lot of packages it works to make your project compile - right now!

Create a .NET PlantUML Markdown Render Extension

Rick Strahl — 2024年7月29日 22:16:35 GMT

PlantUML is a Web based diagramming markup language that can be used to create diagrams using text descriptions that are rendered into images via a PlantUML server. In this post I describe how you can integrate PlantUML image rendering into your .NET application, specifically from a Markdown rendering perspective as Markdown documents are the most common mechanism that PlantUML output is delivered.

Back to Basics: Await a Task with a Timeout

Rick Strahl — 2024年7月25日 21:48:00 GMT

Sometimes it's useful to call async methods and be able to stop waiting after a given timeout period. Unfortunately there's no native support on Task to provide this. In this short post I show how you can simulate timeouts and provide a couple of helper methods to make the process generically available.

Work around the WebView2 NavigateToString() 2mb Size Limit

Rick Strahl — 2024年7月23日 07:53:44 GMT

The WebView2 control's NavigateToString() method has a limit for the string size of 2mb, which can be a problem especially for HTML pages with embedded content. In this post I'll describe how this problem can show up and show a couple of ways to work around the issue.

Dealing with Platform Specific Classes and Methods in CrossPlatform .NET

Rick Strahl — 2024年7月19日 07:02:59 GMT

If you deal with old .NET library code that is sprinkled with some Windows specific code in places you've likely run into places where the Windows specific code is throwing up unwanted compiler warnings. Sometimes that matters, but often times these warnings are annoyances as these methods are highly unlikely to get called from x-platform code. In this post I describe some annoyances, how you can work around them and eventually fix the issues without throwing everything out the window.

C# Version String Formatting

Rick Strahl — 2024年6月14日 06:12:37 GMT

I'm tired of trying to format versions for user facing interfaces after fumbling with it again and again. In this short post I show a small helper extension method that lets you configure how to form user friendly version strings to display to end users.

Mime Base64 is a Thing?

Rick Strahl — 2024年5月27日 07:50:45 GMT

Ran into an old legacy application recently that required that attached data was preformatted to Mime Base64 which I never even heard of before. Turns out it's a 'url-safe' version of base64 that replaces certain characters that can be present in base64 with 'safe' characters. In this short post I show a small helper that handles several Base64 Mime operations.

Speed up your Start Menu by disabling Web Search

Rick Strahl — 2024年5月04日 06:53:30 GMT

If you're like me, you've probably cursed the Windows Start menu from time to time, when it's either very slow to pop up, or in some instances fails to pop up at all when you press the Windows key. This simple tip can drastically improve performance of your Windows Start Menu by simply disabling Web search.

ASP.NET Core Hosting Module with Shadow Copy Not Starting: Separate your Shadow Copy Folders!

Rick Strahl — 2024年4月29日 01:06:35 GMT

I recently ran into a major failure related to Shadow Copying for an ASP.NET Web app on IIS which was caused by corruption of the Shadow Copy directories. The app starts with the dreaded white ANCM Error page and event log entries that point at missing application folders. It turns out that this is caused by interference of multiple applications using the same shadow copy folder. In this post I describe the problem and how to work around it.

Programmatic Html to PDF Generation using the WebView2 Control with .NET

Rick Strahl — 2024年3月27日 07:59:52 GMT

In this post I describe how to use the Microsoft WebView2 control to automate HTML to PDF generation generically for any kind of Windows application, including services. We'll look at the WebView and it's printing functionality and some of the intricacies that are involved in hosting the WebView control outside of a desktop application context to provide unattended mode even in service context.

Comparing Raw ASP.NET Request Throughput across Versions

Rick Strahl — 2024年3月08日 10:21:08 GMT

When I set up a new machine I usually use a small ASP.NET test project to get a feel of performance of the machine and when that happens I also take a moment to compare performance across recent versions of .NET to see how things are improving - and improved they have. Both due to the new hardware I'm using but also ASP.NET continues to bump up performance in every new version that comes out. In this post I describe a simple project with minimal do nothing requests to test the ASP,.NET pipeline locally and how to test these request as well as discussing the results.

Reading Raw ASP.NET Request.Body Multiple Times

Rick Strahl — 2024年2月20日 23:08:09 GMT

Some time ago I wrote about accessing raw request body content in ASP.NET Core which ended up being one of the most popular posts on this blog. But I failed to mention one major caveat: By default Request.Body can only be read once. In this post I discuss why frequently when you need raw Request.Body access you actually need to read the body more than once, and you can enable that functionality and deal with the caveats of doing so.

Sharing Tab Missing in Windows 11 Folder Properties

Rick Strahl — 2024年1月10日 22:54:27 GMT

For some unfathomable reason, Windows 11 has removed the Sharing Tab on the Explorer Properties Context menu by default. The Sharing Tab allows you to shared folders and drives for remote access. In this post I discuss how to get the Sharing Tab back and also touch on how to make sure your machine can actually accept remote connections so you can share your folders and drives.

Working around the WPF ImageSource Blues

Rick Strahl — 2024年1月04日 05:36:29 GMT

The WPF Image control and its ImageSource property can be problematic if you are loading a lot of images in a list. Depending on where you load images from, and how, you can very easily get bogged down with slow, blocking load operations, and memory leaks when the controls are released. In this post I describe a couple of specific problems I ran into loading a sizable list of images from files and show a few ways how to avoid the potential pitfalls related to ImageSource peculiarities.

Integrating OpenAI Image Generation into a .NET Application

Rick Strahl — 2023年12月21日 22:22:07 GMT

Image Generation AIs are proving to be very good at creating images that can be used for all sorts of purposes. In this article I discuss how you can integrate image generation right into your own .NET applications using the OpenAI REST API. In addition I'll show how you can integrated this functionality into a larger application and discuss some general thoughts on image AI usage based on some of the experiences from a developer/non-designer user perspective.

Embedding a minimal ASP.NET Web Server into a Desktop Application

Rick Strahl — 2023年11月28日 08:42:36 GMT

Did you ever need to embed a Web Server into a non-Web application? In this post I describe how you can use host ASP.NET in a non-Web application and specifically in a WPF desktop app. What do you need, how is it different and some of the issues that you need to consider if you want to use ASP.NET in your non-Web applications.

Save Files With Elevated Permissions on UnauthorizedAccessException

Rick Strahl — 2023年11月03日 19:48:56 GMT

If you have an application that generically allows you to edit and save files, you might on rare occasions need to save files in locations that where a regular user account does not have permissions to save. Rather than failing wouldn't it be nice to let the user know and optionally allow saving with elevated permissions? In this post I describe the workflow and implementation on how to do just that.

Caching your WebView Environment to manage multiple WebView2 Controls

Rick Strahl — 2023年10月31日 22:10:59 GMT

I've been struggling with rare WebView initialization errors in one of my applications, that have been difficult to debug and track down. After a lot of trial and error I discovered that the problem is related to WebView Environment instantiations that might be stepping on each other. In this post I describe the problem and a solution that involves creating a single WebView Environment and reusing it for all WebView initialization.

Rolling Forward to Major Versions in .NET

Rick Strahl — 2023年10月03日 08:12:27 GMT

.NET Core has sophisticated policies that allows your applications that are compiled to specific versions of the .NET Runtime can roll forward to newer versions. You can specify what part of the version to roll forward and that generally works well, except for preview releases which require an extra step.

IIS Error 500.19 with ASP.NET Core Application

Rick Strahl — 2023年9月19日 10:02:02 GMT

Running on IIS locally is pretty rare, but if for some odd reason you decide to run IIS locally on your dev machine you might find yourself getting a 500.19 error which relates to an issue in the web.config configuration. The solution is simple enough: Make sure the ASP.NET Core Hosting Module is installed. In this post I describe in more detail what the problem is and why you need a seemingly superfluous extra install to get IIS and ASP.NET Core to cooperate on local dev machine.

Dotnet Tool Component not found on the Mac

Rick Strahl — 2023年9月12日 02:05:47 GMT

I've run into this problem a few times: I install a new Mac OS and then install the .NET SDK. A bit later I install a dotnet tool using `dotnet tool install -g` and then try to run it, only to find out that the SDK is not able find it. This post is a note to self on how to fix the pathing for .NET tools to be found correctly and to be able to run your dotnet tools.

Map Physical Paths with an HttpContext.MapPath() Extension Method in ASP.NET

Rick Strahl — 2023年8月16日 02:02:14 GMT

ASP.NET Core doesn't have a Server.MapPath() method as classic ASP.NET had, and getting at the root path in Core is a little bit more involved than in those older versions. In this post I describe how to find the application Content and Web root folders and describe a MapPath() helper that simulates the old behavior.

A WPF Statusbar Control

Rick Strahl — 2023年8月08日 23:21:45 GMT

Statusbar controls are boring, but because of the way that they are used there are a number of caveats like ensuring the UI updates even in linear code, allowing for timeouts of status messages and resetting to default, and to provide some visual clues to draw attention to the status messages displayed. In this post I talk about a custom status bar control and helper that make it super easy to use a new status bar control or attach additional functionality to an existing status bar.

Getting the .NET Desktop Runtime Installed with a Custom Runtime Checker and Installer

Rick Strahl — 2023年6月22日 04:29:41 GMT

I've recently moved my Markdown Monster Desktop Application to .NET 7.0 and I had to make a decision on how to get the Runtime installed or packaged with my application. In this post I review the different deployment modes, the plus's and cons and the solution I ended up with which was to build a custom install wrapper that can check and install the runtime if not already present from an Installer or interactively.,

Getting .NET Library Projects to Output Dependent Assemblies

Rick Strahl — 2023年5月29日 22:16:40 GMT

Recent .NET Core versions have changed how .NET Core Library projects output dependencies into the build folder. The new behavior doesn't output depdencies, unlike full framework .NET projects which always automatically dumped dependencies into the build output folder. This isn't a common requirement, but when you need it, the options are sufficiently obscure and this post discusses how you can make your dependencies output into the build folder

Implementing Two-Factor Auth using an Authenticator App in ASP.NET

Rick Strahl — 2023年5月18日 09:08:39 GMT

Two factor authentication using Authenticator apps is getting more popular. One advantage of Authenticator 2FA is that you don't need to use a service nor do users have to provide additional bits of personal information. It's easy to implement, doesn't cost anything and also very secure as it uses one-time codes that can't easily be corrupted short of physical take over of a device. In this article I describe how Authenticator based 2FA works in the context of an application without using ASP.NET Identity.

Removing the IIS Server Request Header from ASP.NET Core Apps (any version)

Rick Strahl — 2023年5月08日 21:02:50 GMT

ASP.NET Core applications that run on IIS as InProcess output an Server name for IIS into the HTTP headers. If you want to remove the server header, you'll find that the process for IIS is different than for the internally created Kestrel header and you can't use the same approach to remove the header as with Kestrel applications. In this post I discuss why the header behaves differently in IIS and how to remove it regardless of ASP.NET version.

Rick Strahl's Web Log

What the heck is a `\\.\nul` path and why is it breaking my Directory Files Lookup?

What the heck is \\.\nul?

Working around

Bobbing for Apples - eh Errors

Filtered Directory Listings

Summary

Using the new WebView2 AllowHostInputProcessing Keyboard Mapping Feature

Problem: Main Window Menu Activation (Alt Key Triggering)

The old Hack

WebView Focus Context is Internal

Enter CoreWebView2ControllerOptions.AllowHostInputProcessing

Caveats: Watch Tab and Potentially other Navigation Keys and Special Keys

Tab Key Handling

ESC

Summary

Resources

Fighting through Setting up Microsoft Trusted Signing

Microsoft Is In the Game Too

Microsoft Trusted Signing Certificate Pricing

United States and Canada for Business Only

3 Day Certificates are not a Problem

Navigating the Azure Jungle

Don't believe your lying AIs!

Setting up Microsoft Trusted Signing

Structure

Create a Trusted Signing Account

Signing an Executable

Azure CLI

Trusted Signing Client Tools

Path to Codesigning Dll Required!

Install or Find Signtool

Create a MetaData File with Azure Trusted Signing Information

Ready to run Signtool to sign your Binary

Not Fast!

Alternatives: BYO Certificate and use Azure Key Vault

Summary

Resources

Centering a WPF TreeViewItem in the TreeView ScrollViewer

Unpacking Zip Folders into Windows Long File Paths

Adding Runtime NuGet Package Loading to an Application

Distinguished Name on FileZilla Server Self-Generated Certs

Configuring Microsoft.AI.Extensions with multiple providers

Lazy Loading the Mermaid Diagram Library

WebView2: Waiting for Document Loaded

Avoiding WPF Image Control Local File Locking

The Strong ARM of .NET: Wrestling with x64 and Arm64 Desktop App Deployment

Using Windows.Media SpeechRecognition in WPF

Making Html Input Controls Truly ReadOnly

Accessing Windows Settings Dialogs from Code via Shell Commands

Resolving Paths To Server Relative Paths in .NET Code

Inline Confirmations in JavaScript UI

Retrieving Images from the Clipboard Reliably in WPF Revisited

Comparing Raw ASP.NET Request Throughput across Versions: 8.0 to 9.0 Edition

Back to Basics: Using the Parallel Library to Massively Boost Loop Performance

Getting the Current TabItem when the Tab is not selected in WPF

Using SQL Server on Windows ARM

Getting the ASP.NET Core Server Hosting Urls at Startup and in Requests

Nuking Local Nuget Package Sources to show newly Published Packages

Create a .NET PlantUML Markdown Render Extension

Back to Basics: Await a Task with a Timeout

Work around the WebView2 NavigateToString() 2mb Size Limit

Dealing with Platform Specific Classes and Methods in CrossPlatform .NET

C# Version String Formatting

Mime Base64 is a Thing?

Speed up your Start Menu by disabling Web Search

ASP.NET Core Hosting Module with Shadow Copy Not Starting: Separate your Shadow Copy Folders!

Programmatic Html to PDF Generation using the WebView2 Control with .NET

Comparing Raw ASP.NET Request Throughput across Versions

Reading Raw ASP.NET Request.Body Multiple Times

Sharing Tab Missing in Windows 11 Folder Properties

Working around the WPF ImageSource Blues

Integrating OpenAI Image Generation into a .NET Application

Embedding a minimal ASP.NET Web Server into a Desktop Application

Save Files With Elevated Permissions on UnauthorizedAccessException

Caching your WebView Environment to manage multiple WebView2 Controls

Rolling Forward to Major Versions in .NET

IIS Error 500.19 with ASP.NET Core Application

Dotnet Tool Component not found on the Mac

Map Physical Paths with an HttpContext.MapPath() Extension Method in ASP.NET

What the heck is `\\.\nul`?