I have a couple questions regarding Silverlight 4:
Does running a Silverlight 4 app, out of browser, in full trust, require the
user to respond to a dialog asking for permission? If so, is there a way around this?
If the answer to #1 is yes, is the user prompted with the same dialog each time
the app is updated?
Is full trust only available in an out of browser app, or is it available via the browser as well?
If an app is installed out of browser, does the user have to actually do
anything to get the app installed? Or is it all transparent?
Are there any other installation issues with Silverlight 4 apps that would
make installation problematic for a user.
The main reason I ask all this is because we're considering Silverlight 4 for our corporate internal apps and we'd like the deployment process to be seamless and transparent. And since they are internal apps, we don't need our users to confirm it's ok to install in full trust.
No way around this, the user will be asked whether they trust the application the dialog includes a warning that the application requires elevated trust.
No the application can update itself without their seeing this same elevated trust warning again.
Currently in SL4 its only available to OOB apps. SL5 will allow administrators to extend elevated trust to in browser apps via group policy.
The inbrowser version needs to give the user a some form of UI (button) to invoke installation (the ability to install is also added to the default context menu for the application). The user will then need to agree to the dialog presented. After that the user will need to close their current usage and manually start the newly installed app.
Not that I know of, a part from the presence of Silverlight runtime there are no other dependencies.
For you requirements you might be better looking at a different technology right now but SL5 may fit your needs in the future.
It's possible to install a Silverlight application as an OOB application with elevated permissions using the command prompt. If you have a system adminstrator controlling what the users get installed on their computers you can install the application without bothering the user.
When the application is installed an update will not prompt the security dialog. But in some scenarios it makes sense to restart the application.
In SL4 elevated trust requires the application to run OOB.
Have a look at this article about signing Silverlight applications it might help you with several of these issues. By signing you could overcome trust issues and the users to be bothered with dialogs.
EDIT Read this too it explains more about trusting the publisher and updating
Related
I have a Silverlight application that can run well only if users set his Safari/Firefox Silverlight plug-in to "Run in unsafe mode". Despite it is already stated in the application FAQs/help section, many users still forget to set their Silverlight plug-in to "run in unsafe mode".
My question is: Is there a way to detect this from the application, i.e., detecting the browser's security setting from the Silverlight application? If my application detects that users not setting "run in unsafe mode", my application should give a warning.
Let me know if anyone has done this in the past.
Thank you,
Ann
I am reading about out of browser silverlight applications and cannot think of many use cases for it. One only scenario i can think of is where your application need ability to work offline and when its online then it can synchronize with the server ( or something). But in that case I can simply have a WPF ( or old style Winform) application that is communicating with server. Can anyone help me understanding better uses case for these out of browser applications.
There are some good answers on SO that should give you some background on Silverlight OOB vs. WCF:
Silverlight OOB vs WPF ClickOnce
What are the advantages of silverlight out of browser over wpf or vice versa?
I will add that as a corporate developer Silverlight has its benefits over WPF or WinForms in that there is no need to install the full .NET Framework to run the applications. OOB gives a more desktop like feel w/ Start Menu icons and easy access w/out the need of visiting a URL to run the application. There are a few things that you can do in elevated trust in OOB that you can't do in the browser (though that is changing w/ full trust rights both in-browser and OOB in SL5).
Here's some of the details on the features you get access to w/ elevated trust:
http://msdn.microsoft.com/en-us/library/ee721083(VS.95).aspx
It really comes down to your usage scenarios, ease of framework deployments and the environment you are developing for. Each set of tools has its benefits and drawbacks.
I am thinking of making a website using a WPF browser application, but would like to know the minimum requirement a client/internet user must have to access this website made by using WPF.
Please state even the very basic requirements, like does he need to run Windows or will even Mac and Linux do, with any browser to view the application?
Three main requirements:
User has to run the application under Windows;
The browser should be either Interned Explorer or Firefox;
The .Net Framework should be installed on user's machine.
One requirement is to have the .NET framework installed (same version as you used to build your application), so that means it will only run under Windows.
Also I think only Internet Explorer and Firefox support XBAP applications.
Also I assume that you know there is a lot of restrictions for you, the developer, on what is allowed or not compared to a full trust program. For example, the file system and registry among other things are restricted in a WPF browser application.
We are planning to build a new integration component that can provide us access to user's machine installed apps from our web site.
The first word that came to me was ActiveX, but our expertise with the technology was not the best in the past.
Thinkink a lit bit more, the work Silverlight also came to my head, but the full trust thing was one of the few things I remembered reading about the technology..
The question is: is there a way that Silverlight (2, 3, 4, whatever) can run as a full trusted application from within the browser?
Links are appreciated.
Filipe
Unfortunately, no. Full trust is a feature of Silverlight 4, currently in beta, and is restricted to out-of-browser applications.
Additionally, full trust SL4 applications do not have unrestricted access to the system (particularly file system), though this may change before before release (if I have anything to do with it).
Edit: If you are considering ActiveX (which is Windows/IE only), you might want to have a look at WPF, since it can run full trust from the browser (if it's in a trusted zone).
No, like Richard said, this is not at all possible inside the browser, even in SL4. There is a sandbox, and you live in it. You can talk to web services, other Silverlight applications or the browser.
By talking to the browser, I mean you can talk to the DOM and the Javascript engine. We needed to launch a Windows application and communicate to it via Silverlight. We accomplished this by putting a small ActiveX control in the web page. It is responsible for launching the WinForms application and handling inter-process communication to it.
This method has many drawbacks: It can only work in IE, and it only works in Windows. You might also run into permissions issues. The ActiveX component needs to be installed along with the desktop application, or as an additional download. The deployment story there is pretty awful, if you ask me.
In our case, the analysts were willing to deal with the restrictions for the re-usability of an existing application, and we consider it to be an optional feature.
Does it have to be a web application? sounds like you want a desktop app. It can be easiliy distributed with one Click deployment. Will work on windows only but since you were considering ActiveX sounds like that's what you need.
Well - if you're hosting the silverlight control from an ASP.NET application - Believe you have access to
Request.ServerVariables["AUTH_USER"];
...and you can pass that on to your control as a parameter.
D
I've made a WPF Browser Application that hosts old WinForms controls (I haven't migrated fully to WPF yet). Using WindowsFormsHost means my Browser App requires Full Trust to run. This is not a problem for me since this app is only meant to be run on the intranet at my company. However, after I deploy the xbap to a network share, it refuses to run, saying "Trust not granted".
What are the methods I can use to grant Full Trust to XBAP applications stored on my companies intranet?
So far, I've found 2 ways to do this. Through a really complicated method of installing certificates on the target machine.
Or through a simpler method, which is only suitable for intranets here:
Deploy a custom CLR Security policy
that modifies the default
permissionset for the given zone
So I did just that, and it works. Here's the detailed steps how I got it to work:
Open Control Panel > Administrative Tools > .NET Framework 2.0 Configuration
Expand Runtime Security Policy > Machine > Code Groups > All_Code
Right Click All_Code and click New…
Create a new code group, I named mine MyProject_FullTrust_Zone
Choose the URL condition type and specify the path on the network where the apps will be deployed.
Choose Use Existing permission set, and set it to Full Trust.
Now the only problem with this method, is that I have to deploy this change to hundreds of machines. So maybe there's still a simpler way to do this?
It will be possible in .Net 4.0 planning to be released in the first half of 2010. It is now in a beta phase, but it comes with a go live license which allows you to 'go live' even with a beta version of the .Net framework.
Although I haven't tried this, is the path to the XBAP added as a trusted site?