Preventing unauthorized modifications of XAML files in Windows 8 apps with XamlIntegRT

September 04, 2012
Windows 8 WinRT XAML
 

1. Your Metro-style app needs protection and here is why
2. Simplest approach to protecting advertisements in your Windows 8 app
3. Preventing unauthorized modifications of XAML files in Windows 8 apps with XamlIntegRT

I finished my last post with the example of instantiating ad controls in code behind to prevent having them turned off. While this method is simple to implement, it forces developer to use code behind and doesn’t protect other parts of XAML from unauthorised modifications.

An alternative approach for protection is implemented in XAMLIntegRT library. It is based on comparison of hash codes generated design-time for XAML pages with hashes calculated for pages installed on the target system. XAMLIntegRT includes two components – command line hash code generator and C# library for run-time validation.

XAMLIntegRT

Quick start

1) Add XAMLIntegRT library to your project by getting sources from GitHub repository or by using NuGet:

PM> Install-Package XamlIntegRT

2) Compile command line hash code generator from retrieved source code or download compiled XamlIntegRTGen.exe from GitHub.

3) Generate hash data for your XAML files. XamlIntegRTGen.exe accepts three mandatory and one optional parameter:

XamlIntegRTGen.exe <project_folder> <file_path> <namespace> [/ads]
  • project_folder - path to project source files, e.g. C:\sandbox\BookReader\src
  • file_path - path for the file with the generated hash codes, e.g. C:\sandbox\BookReader\src\App\XamlData.cs
  • namespace - desired namespace to place data in
  • /ads - optional parameter to hash XAML files with AdControls only

XamlIntegRTGen.exe generates .cs file that contains hashes for XAML pages. The generated file needs to be added to the target project. You need to perform this step every time XAML page is modified and it makes sense to automatically call XamlIntegRTGen.exe from your build script as a pre-build event.

4) Now you are ready to implement run-time validation:


async void MainPageLoaded(object sender, Windows.UI.Xaml.RoutedEventArgs e)
{
    if (!await XamlValidator.Validate(new XamlFilesData()))
    {
        var dialog = new MessageDialog("XAML modifications detected");
        await dialog.ShowAsync();
    }
}

XamlValidator.Validate method returns false if any of the pages are modified and it’s up to you how to proceed from this point. Library source code is available and you can easily add validation for any additional types of files, for example images or text resources.

blog comments powered by Disqus