In Silverlight 5, applications can access the file system without restriction via FileInfo and related classes when running with elevated privileges. Also since SL5, an app can run inside the browser with elevated trust.
However, when running in-browser, all access to the file system appears to end up being routed to a special directory AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C....
This is a different behavior from running without elevated trust altogether, which throws a SecurityException. Out-of-browser, the behavior is as expected.
Note that in all cases I run the app through visual studio, which is, as far as in-browser support is concerned, all I'm interested in.
Is this desired behavior? Can I change it?
Related
I'm using VS2017 and have made a very simple 'launcher' for various RDP settings files using a Windows Forms application. This just calls Process.Start with a direct link to a .rdp file, or alternatively just straight to mstsc.exe
The application (and RDP sessions) displays and works correctly on standard PCs. However I have run into a problem on high DPI devices such as Surface Books/pros.
The RDP client not scaling correctly is a fairly well known issue, and we have fixed this problem using the manifest/reg change method. This is confirmed working. Double clicking a .rdp config file works correctly too.
( https://www.blackforce.co.uk/2016/04/18/remote-desktop-rdp-resolution-on-a-surface-book )
My own application also displays correctly at the correct scale. However, when I launch RDP using Process.Start, RDP client is scaled badly, as it always was before the manifest fix. I've tried opening the client alone, and with a .rdp file and result is the same. I open the same .rdp file manually, not via my app, and the client is scaled correctly.
Can anyone replicate this, or advise why the mstsc manifest file is ignored when started this way? I've also tried the using ProcessStartInfo to set UseShellExecute but still the same result.
Windows desktop apps, such as RDP, can specify a DPI-scaling mode ("DPI awareness mode") either through a manifest setting or via API calls during initialization. Applications will behave differently whenever the scale factor of the display that they're on changes. You can read more about this here.
I'd speculate (I haven't tried this to confirm this speculation) that the RDP process is using a manifest to declare it's DPI awareness (as Per Monitor DPI aware) and that when you're launching a process through Process.Start that the specified DPI awareness of the app is getting changed... possibly to the DPI awareness of the calling process?
I'd use System Internals Process Explorer to determine the DPI awareness of the RDP app when it runs as expected, and then compare that to the DPI awareness of the RDP app when it's launched from your app. If that is the case, look it to whether you can specify the DPI awareness of the process that you want to start in Process.Start. Another thing that you can try is to set the DPI awareness of your WinForms app to the same DPI awareness of the RDP app (per-Monitor) to see if that helps.
Also, I'm assuming that you're running on an OS > 8.1 as Per-Monitor support was introduced in 8.1.
I am configuring Windows 10 Enterprise (IoT) to run a custom shell, but running into the "Black screen with nothing other than a cursor" phenomena.
My application - a .Net4 Winforms app - is installed and runs fine from the desktop.
I can launch it as a custom shell via a batch file as per the comments here: How to run an application as shell replacement on Windows 10 Enterprise
But setting my app as a custom shell, I just get the black screen.
I note the comments in the above link about applications being signed, but I have tried two mini test applications (also .net winforms), one signed, one not, and both run fine as custom shells. (My application has several dependencies, not all of which are signed, so to sign it would mean going through the ILMerge mill or similar which I would rather avoid if I can.)
I don't expect people to be able to tell me why my app doesn't run (although that would be nice!) but I am looking for ways of diagnosing this. Looking in event logs, etc, is yielding no information whatsoever. My app keeps its own event log, which is not showing any evidence of the app starting.
Thanks in advance
Problem solved:
If a shell application requires elevated permissions, UAC must be turned off. Turning off notifications via the control panel is NOT sufficient, as UAC is still running in the background - it just doesn't notify you! To completely turn off UAC, edit registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System and set the DWORD value EnableLUA to 0
Evidence of UAC behaviour can be found in the windows event log at:
Applications And Services Logs -> Microsoft -> Windows ->UAC
I am working with a silverlight application, File.WriteAllText is giving File operation not permitted when trying to write to local desktop. Access to path exception.
This code always works on local desktop but, is giving error when code is deployed on server.
Silverlight does not have the access priveleges like u expect. If you want to add a file to your Silverlight Application at runtime, you will need to have Silverlight running Out of the Browser with Elevated priveleges. There are certain limitations to this too. You can only access files in Special Folders like My Documents, Pictures, Music etc. For more info, see this and this
We have a Silverlight 5 app, with in and out-of-browser versions. The out-of-browser version is used to provide elevated rights, where accesses to local resources are needed.
Now we are facing installing the out-of-browser app in typical hospital environments. Here we have first of all, centralized deployments through GPO or other mechanisms. The second thing is providing scriptable links to single sign-on platforms that usually replaces to normal desktop with a launchpad of services available to the user. Direct access to physical c-drive might also be prevented.
As we know, the normal desktop link for a OOB SL-app is an unique parameter for sllauncher.exe.
How do you start to support deployment and installation of your app in this scenario?
You can install your XAP as an Out-Of-Browser application using a script to invoke sllauncher like this:
"C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe"
/install:"C:\temp\MyApp.xap"
/origin:http://www.mysite.com/ClientBin/MyApp.xap
/shortcut:desktop+startmenu /overwrite
The XAP needs to be available locally for this to work. (I haven't tried it from a network share.)
I've become familiar with the new concept of "out of browser" web applications, supported in the recent Silverlight, JavaFX, Adobe AIR etc.
Listening recently to a podcast on the subject by Scott Hanselman, I've become aware that one of the purposes behind these new architectures is to allow for "desktop-application-feel". Also, I understand some (or all) of these allow for some offline access to a sandbox of resources. This really sounds as if these frameworks could be an alternative to "real" desktop applications, as long as the application does not require messing with the user's machine (i.e. access to peripherals, certain file IO, etc).
I have a very specific question. My application needs to run at start-up. Is it possible to do so using such a framework without requiring the user to download and run a certain executable?
For example, I could always direct the user to download a small EXE that will put a .lnk file in the start-up directory, but I want to avoid such a patch.
To summarize: is it possible to have an out-of-browser web application setup itself to run at start-up without requiring file download?
To further clarify, this question does not come from an "evil" place, but rather from trying to decide whether "out-of-browser" frameworks are indeed a proper alternative to a desktop application, for my specific requirements.
The BkMark example here shows how to start an application on startup using Adobe Air. So, yes it is possible.
So, here's the deal: web apps in general will have a security context around them, and by default won't have access to write to the filesystem (outside of a temp files), access the registry, etc.
One way is, as you said, have the user run something or configure it so the lnk is executed on startup.
Another way, and I think, more in line of what you want, is that the user can run the program himself, click some button in the application, and it's configured.
I know with Java you could do this, but the user has to allow full access to their system, because your app would need to change System configuration. Then you could just configure it (by writing a lnk to your WebStart JNLP in the Startup folder)
For Internet Exploder, Javascript apps do have write access to the disk.
For other (better-secured) browsers you will either need to have a download, or Adobe AIR.
Assuming you are building for Windows, launching an executable at startup can be done several ways.
For user session startup, you can achieve this either by putting a lnk file in the appropriate folder, or with a registry entry. For operating system startup, you can achieve this with a registry entry. There are several permutations:
run application once on boot (UI not allowed)
run application every boot (UI not allowed)
start service every boot according to policy set in registry
run application once on user session start
run application every user session
Since an out of browser application has UI I expect you mean run application every user session and in this case you may as well put an LNK file in the user's startup folder.
I just created a shortcut for an SL4 OOB application, and this was the Target of the shortcut:
"C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe" 2635882436.localhost
A search of my disk revealed that location 2635882436.localhost is a folder.
C:\Users\<mylogin>\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\2635882436.localhost
I rather doubt an OOB app of any type could place a shortcut in the Startup folder unless you somehow obtained Full Trust.