InfoPath 2007 Digitally Signed Form Templates

By Hristo Yankov

If you are developing a K2 blackpearl / InfoPath 2007 / MOSS solution, at some point of time you might need to digitally sign your Form template. One of the reasons you may need to do that is, if you have to give ‘Full Trust’ to the form. That’s because MOSS will not allow you to submit (or event start filling out) a new InfoPath form, which requires full trust but is not digitally signed.

The process is pretty straight-forward – in InfoPath you click on the Tools in menu, select ‘Form Options’ and navigate to the ‘Security and Trust’ tab.

Then you click on the ‘Sign this form template’ checkbox and choose a certificate (or create a new one).

After doing this, you might be thinking that your InfoPath form is digitally signed and you can safely use the ‘Full Trust’ settings. In reality, after you deploy your solution and attempt to create a new InfoPath form in the Form Library, you get the following error:

“The form template is trying to access files and settings on your computer. InfoPath cannot grant access to these files and settings because the form template is not fully trusted. For a form to run with full trust, it must be installed or digitally signed with a certificate.”

Now, let’s think about how we usually edit InfoPath forms, which are already integrated with the K2 process. Usually we click on the InfoPath integration icon which opens the wizard and then we click on the ‘Design’ button, which opens the InfoPath application for us, so we can edit it.

(InfoPath Integration Wizard)

The problem with this approach is – by modifying the InfoPath form, K2 blackpearl invalidates your digital signature and effectively removes it. What happens is – you click on the ‘Design’ button, open the InfoPath form, set the signature, save the form, close it, ‘Finish’ the wizard, but next time you open the InfoPath form, your signature is gone. Even if you modify the InfoPath form outside the K2 studio, in the process of deployment, your signature is being destroyed again.

As a conclusion – there is no way you can deploy digitally signed InfoPath form, through the K2 blackpearl studio!

Fortunately there is a work-around. After deploying your solution, follow these steps:

  1. Navigate to your MOSS website
  2. Navigate to your Form Library where the form was deployed
  3. Click on Settings -> Form Library Settings
  4. Click on the ‘Advanced settings’ link
  5. Click on ‘Edit template’ link (Select ‘Yes’ at the question, if any)
  6. It will open the InfoPath form in design mode for you and will prompt you to save it somewhere. Don’t overwrite the InfoPath form which is in the K2 project. Just save this on the desktop, or somewhere else.
  7. Now, in the InfoPath go to the Tool -> Form Options… -> Security and Trust and select full trust radio-button.
  8. On the same screen – sign the form
  9. Save the InfoPath on the desktop again
  10. Use the Publishing wizard in the InfoPath application (File -> Publish…) to republish the form into the form library.

Now your InfoPath form is digitally signed and ready to use. Unfortunately, you will have to follow those steps after each deployment.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: