Inside my Silverlight 4.0 application (with elevated trust level), I'm trying to access the common templates folder, using the code below:
var folder = Environment.GetFolderPath(Environment.SpecialFolder.Templates);
However, such code throwsSystem.Security.SecurityException:
System.Security.SecurityException was unhandled by user code
Message=File operation not permitted. Access to path '' is denied.
StackTrace:
at System.IO.FileSecurityState.EnsureState()
at System.Environment.InternalGetFolderPath(SpecialFolder folder, SpecialFolderOption option, Boolean checkHost)
at System.Environment.GetFolderPath(SpecialFolder folder)
It seems that accessing any folder besides "My Documents" for the current user would throw this kind of exception - Since the SpecialFolder enum has more values, what are they good for? Is there any way to verify which folder this enum/method looks for, or any other way to access it?
In Silverlight 4, the "My Documents" area and isolated storage are the only two places that OOB apps my arbitrarily read/write from/to. This will change with Silverlight 5, where elevated trust apps will have greater access to disk.
As for why it's there at all, see the remark in the MSDN Documentation:
This type is present to support the .NET Compact Framework infrastructure in Silverlight for Windows Phone, and it is not intended to be used in your application code.
It's worth noting that if you are targeting windows OOB, it is possible to read/write files arbitrarily on disk using COM automation and Scripting.FileSystemObject in Silverlight 4:
using (dynamic fso = AutomationFactory.CreateObject("Scripting.FileSystemObject"))
{
dynamic file = fso.CreateTextFile(#"C:\tmp.txt");
file.WriteLine(#"I just wrote to c:\ !!");
file.Close();
}
Related
I am working with a silverlight application, File.WriteAllText is giving File operation not permitted when trying to write to local desktop. Access to path exception.
This code always works on local desktop but, is giving error when code is deployed on server.
Silverlight does not have the access priveleges like u expect. If you want to add a file to your Silverlight Application at runtime, you will need to have Silverlight running Out of the Browser with Elevated priveleges. There are certain limitations to this too. You can only access files in Special Folders like My Documents, Pictures, Music etc. For more info, see this and this
I am have a problem with Path.GetTempFileName with running a Silverlight application. If I install my application to run Out-Of-browser it runs ok. It only fails when I run it locally i.e. In-Browser.
The error is
File operation not permitted. Access to path '' is denied.
I cannot debug my application because of this issue. Can anyone suggest a work around?
The problem is probably no access to where ever Path.GetTempPath is pointing to.
If you have access to say My Documents, you could combine that with Path.GetRandomFileName, or if it's not happening too often, a simple time stamp.
Maybe you could use isolated storage. You could ask to make it a trusted application which would gain you access to the file system but doesn't work in say windows phone.
The GetTempFileName method tries to access the temporary folder which is typically on the C:\ (or whichever letter the main drive has been assigned). For security reasons, in-browser applications aren't allowed local access and that's likely why you're getting an error.
As silverlight do not have access to local system files, we cannot perform any action on such files like to copy, move, delete, open ect.
In my case i want to get the path of file(s) located on local System, but getting some security exception. Please suggest some possible way to get access to the Local File System.
Thanks in Advance!!
To read a file from the filesystem in Silverlight, you can't use the pathname of the file. If you're not running out-of-browser with elevated trust, then you're prohibited from accessing this information for security reasons.
However, the FileInfo objects obtained from an OpenFileDialog have a OpenRead() method, which returns a Stream that reads the data from that file. From reading your comment, this appears to be all you need, so I suspect that you don't actually need the paths of files on the user's local system at all.
I gave a similar answer to another question about uploading files in Silverlight a few months ago.
If you're not running out-of-browser with elevated trust, then you're prohibited from accessing this information for security reasons.
http://social.msdn.microsoft.com/Forums/silverlight/en-US/da778e7c-e790-4bb2-92b8-cea815789d22/silverlight-4-local-filesystem-access?forum=silverlightnet
These tasks are not possible in Silverlight 4 without using Out-of-Browser with Elevated Trust.
In Silverlight 5 its possible after jumping through a few hoops to get an inbrowser app to have elevated trust.
is there an easy way to open a file in read mode from a local drive in Silverlight 4.0? I think there is OpenFileDialog, but I dont want to show any dialog to use but silently read some file on local drive
The only way to do this is with the Silverlight app running Out-of-browser with elevated trust. Even then the folders you can access are restricted to the users MyDocuments, MyMusic, MyPictures and MyVideos as defined in teh Environemnt.SpecialFolder enum.
For security reason any other access must be explicitly granted by the user via the OpenFileDialog.
While there is no way to do this (outside of going out-of-browser to restricted folders) in Silverlight 4, there are options to do this in Silverlight 5.
I've become familiar with the new concept of "out of browser" web applications, supported in the recent Silverlight, JavaFX, Adobe AIR etc.
Listening recently to a podcast on the subject by Scott Hanselman, I've become aware that one of the purposes behind these new architectures is to allow for "desktop-application-feel". Also, I understand some (or all) of these allow for some offline access to a sandbox of resources. This really sounds as if these frameworks could be an alternative to "real" desktop applications, as long as the application does not require messing with the user's machine (i.e. access to peripherals, certain file IO, etc).
I have a very specific question. My application needs to run at start-up. Is it possible to do so using such a framework without requiring the user to download and run a certain executable?
For example, I could always direct the user to download a small EXE that will put a .lnk file in the start-up directory, but I want to avoid such a patch.
To summarize: is it possible to have an out-of-browser web application setup itself to run at start-up without requiring file download?
To further clarify, this question does not come from an "evil" place, but rather from trying to decide whether "out-of-browser" frameworks are indeed a proper alternative to a desktop application, for my specific requirements.
The BkMark example here shows how to start an application on startup using Adobe Air. So, yes it is possible.
So, here's the deal: web apps in general will have a security context around them, and by default won't have access to write to the filesystem (outside of a temp files), access the registry, etc.
One way is, as you said, have the user run something or configure it so the lnk is executed on startup.
Another way, and I think, more in line of what you want, is that the user can run the program himself, click some button in the application, and it's configured.
I know with Java you could do this, but the user has to allow full access to their system, because your app would need to change System configuration. Then you could just configure it (by writing a lnk to your WebStart JNLP in the Startup folder)
For Internet Exploder, Javascript apps do have write access to the disk.
For other (better-secured) browsers you will either need to have a download, or Adobe AIR.
Assuming you are building for Windows, launching an executable at startup can be done several ways.
For user session startup, you can achieve this either by putting a lnk file in the appropriate folder, or with a registry entry. For operating system startup, you can achieve this with a registry entry. There are several permutations:
run application once on boot (UI not allowed)
run application every boot (UI not allowed)
start service every boot according to policy set in registry
run application once on user session start
run application every user session
Since an out of browser application has UI I expect you mean run application every user session and in this case you may as well put an LNK file in the user's startup folder.
I just created a shortcut for an SL4 OOB application, and this was the Target of the shortcut:
"C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe" 2635882436.localhost
A search of my disk revealed that location 2635882436.localhost is a folder.
C:\Users\<mylogin>\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\2635882436.localhost
I rather doubt an OOB app of any type could place a shortcut in the Startup folder unless you somehow obtained Full Trust.