Sniffer.Installer.Reporter (SIR) for Application Gallery


SIR stands for Sniffer, Installer and Reporter which comprise the three components of the tool’s validation workflow.

Application Gallery SIR is a tool that can be used to validate Application Gallery packages, which have to be valid Web Deploy packages and also comply with Requirements before submission to Application Gallery using the submission form. The steps to package an application for Windows Web Application Gallery are listed here.  When a developer wants to submit a Web Application to the Application Gallery, SIR would help validate the package.


The SIR command-line executable requires the Microsoft Web Deployment Tool RTW version to be installed on the machine. A machine running IIS is required if you would like SIR to install the application package using Web Deploy. SIR web application requires .NET Framework 3.5.

Here is the list of all the resources used in this blog:

For any issues in using this tool, please contact Web Application Gallery Tools – SIR.

Feature Highlights of SIR

SIR comprises of the following features

Validation Conformance to Application Gallery Guidelines

  • Validates the package for a common set of Web Deploy providers used in all application gallery packages.
  • Validates the package for a valid set of tags for each parameter.

Support for Features NOT in Web Deploy

  • Validation of the hand-created Web Deploy parameters.xml file against a schema file.
  • Validation of parameter entries inside of parameters.xml. Web Deploy applies parameter values at package install time. SIR provides validation of parameter entries before installation.

Other Cool Features

  • Generation of the humongous Web Deploy command-line automatically based on the package content so users can run the install directly using Web Deploy.
  • Installation of an actual valid package if IIS is present on the box. This can be configured to be skipped.
  • SIR can work against multiple packages in a folder and generate corresponding reports.
  • SIR can also work against a zip package specified by a URL.
  • SIR generates a detailed xml report with corresponding success or failure messages to help the package creator fix errors in his package before submission to the Application Gallery.


The core functionality of SIR is implemented in AppGallerySIR.SIR namespace inside AppGallerySIR.dll that ships inside the SIR installer.

AppGallery.SIR namespace contains a couple of essential API functions in PackageValidationManager class

  • public int ValidatePackage(string packagePath)

ValidatePackage expects either a physical path to the package to test or a URL. If a URL is passed, the package will be downloaded to a temporary location. Then the package will be unzipped to a temporary location and validated.

  • public int ValidatePackages(string folderPath)

ValidatePackages expects a path to a folder containing zip packages. This method will validate all files with a .zip extension for validity.

ValidatePackages internally calls ValidatePackage which does the following operations in sequence


(i) Initializes the package using the Microsoft Web Deployment Object

(ii) Unzips the package to %temp% directory on disk.

(iii) Verifies if parameters.xml file is present and if it is consistent with parameters.xsd schema

  • Verifies if parameters.xml contains valid Web Deploy recognized tags.
  • Validates each parameter entry for correct declaration and proper substitution before install.

(v) Verifies if manifest.xml file exists


Once the Sniffer returns successfully, ValidatePackage does the following

(i) The package is installed on a machine running IIS.

(ii) Dump ACLs on the package.


(i) Finally, a report is generated as an xml file. This report contains elements like the SHA-1, MD5 hash of the package as well as a command-line to install the package.


The temporary files and directories are deleted.

SIR Command Line (SIRCommandLine.exe)

The SIR installer contains an implementation of the command line tool, which is a simple console application, that uses the AppGallerySIR dll. Here, all the settings can be set either through the application configuration file or directly through command line arguments. Here is a set of examples that can help get started with validating a package using the SIRCommandLine.exe

a) Display command-line help

SIRCommandLine.exe /?

b) Validate a package

SIRCommandLine.exe –source:"d:\"

The command unzips package to a temporary location (%temp%, configurable in SIRCommandLine.exe.config) on disk, validates the package and writes a report in the form of an xml in the current folder (eg. Joomla_11-41_AM.xml)

c) Skip installation of the package to IIS

SIRCommandLine.exe –source:"d:\"” –skipInstallation:true

d) Change the file name and folder of the report generated

SIRCommandLine.exe –source:"d:\" –reportFileName:"report.xml" –reportFolder:"d:\FolderName"

e) You can configure the above and many other parameters using configuration SIRCommandLine.exe.config.

f) SIRCommandLine.exe also returns the following error codes.

           (i)   1 – if package is valid

           (ii)  0 – if package has some errors

           (iii) -1 – if there application/setting error

SIR Web Application

The SIR Web application is a sample application that also runs over AppGallerySIR.dll and validates package(s). The main page provides controls for validating packages and reporting results.

For the ease of installing the application, here is a Web PI custom feed that will help you install the web application. Here is a separate blog with a step-by-step instructions on how to install SIR web application and command line tool using this Web PI custom feed.

Below is a screenshot of the SIR web application with a sample report.



You can perform custom validation of a package using AppGallerySIR.dll. An example is provided below.

using System;
using AppGallery.SIR;

namespace SampleSIRValidation
    class Program
        static void Main(string[] args)
            PackageValidationManager packageValidationManager = new PackageValidationManager();

            // 1. point location of parameters.xsd
            packageValidationManager.ParameterSchemaFile = @"%systemdrive%\inetpub\wwwroot\SIR\Parameters.xsd";
            // 2. location of xml report to generate
            packageValidationManager.Reporter.ReportFolder = @"d:\Reports";
            // 3. skip installation on IIS
            packageValidationManager.SkipInstallation = true;

            // 4. sign up for validation events
            packageValidationManager.ValidationStatusUpdated += new PackageValidationManager.ValidationStatusUpdatedHandler(packageValidationManager_ValidationStatusUpdated);
            packageValidationManager.ValidationCompleted += new PackageValidationManager.ValidationCompletedHandler(packageValidationManager_ValidationCompleted);

            // 5. validate the package

        private static void packageValidationManager_ValidationStatusUpdated(object sender, StatusUpdatedEventArgs e)
            Console.WriteLine("Validation status updated: " + e.ValidationEvent.Message);

        private static void packageValidationManager_ValidationCompleted(object sender, ValidationCompletedEventArgs e)
            Console.WriteLine("Validation result: " + e.Result);

The equivalent command-line for the API implementation above is

SIRCommandLine.exe -skipInstallation:true -reportFolder:d:\Reports -ParameterSchemaFile:%systemdrive%\inetpub\wwwroot\SIR\Parameters.xsd -sourcePath:D:\

Future of SIR

We plan to eventually integrate SIR with the Application Gallery’s application submission process. Future versions of SIR will be aligned with the requirements of newer versions of the Web Deployment Tool and the Web Application Gallery.


We would like to thank Dave, Nitasha and the Application Gallery team for their support and feedback.


Yamini and Katerina


  • Updated the links for the web app and cmd line msi with the latest AppGallerySIR.dll. If you experienced any problems in the web app or cmd line tool with the AppGallerySIR.dll being delay-signed, please download again and try the latest bits, the binary is unsigned now.
    Thanks and sorry for the inconviniences!

  • This article is very difficult to follow. I was led here by a link that promised a tool to help validate a Web Application Gallery deployment package, but I have failed to find it here. Suggest a quick start section which gives that information up front and then going into further detail if necessary.

Comments have been disabled for this content.