If a machine has a FIPS Security Policy enabled then .NET tries to enforce FIPS compliance for any cryptographic modules that are loaded. Where a FIPS Security Policy is enabled on a machine, a FIPS (Federal Information Processing Standards) violation exception will be thrown by the SLP (aka Microsoft.Licensing) runtime as that runtime does not support FIPS e.g.:
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms
In order to prevent this exception being thrown, and to allow your SLP-protected executable to run on a machine that has FIPS enforcement enabled, you need to include a line in the app.config file for your application that looks like this:
<configuration>
<runtime>
<enforceFIPSPolicy enabled="false"/>
</runtime>
</configuration>
This will instruct .NET to not inhibit enforcement of the FIPS policy in the case of your application. Please see the following article for more details https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/enforcefipspolicy-element.
Note that this requirement also applies to the Microsoft.Licensing.LicAdmin.exe binary. So, if you are shipping the Administrator to your customers, you also need to create an app.config file ("Microsoft.Licensing.LicAdmin.exe.config") for that binary as well, and include that same configuration setting .
It is also possible to control this setting via Group Policy and/or the .NET machine.config file.
Comments
0 comments
Article is closed for comments.