We have a working WPF app that we are looking into running in the browser via Silverlight. The big question mark right now is; what kind of file access will we have (without jumping thought to many hoops)?
Can we open server-side files?
Can we open client-side files?
Can we get change notification on files (client or server side)?
Can we do the normal open/seek/write/append operations?
(Good link welcome as answeres)
This looks relevant for the client side stuff, as with the follow up/correction
Haven't found anything about loading file from the server.
Server Side Files : No, unless you serve them via a web service.
You can open files in two ways. One is isolated storage, an area that your application has, of limited size (although you can ask the user for an increase). In this you can read, write and do what you want. If you want hard disk access then you can only read, and the file must be opened from a file open dialog.
If you mean via a FileSystemWatcher - no, not even in isolated storage. Server side you can do what you want, obviously, because it's not Silverlight there. You can use duplex web services so the server could notify your silverlight application when something happens like a file change.
In isolated storage you can do what you want. Outside of that it is read operations only and the user must choose a file from the File Open dialog.
Make it XBAP and deploy it as full trust
What kinda app are you having???? first tell that and we can work the conclusions out!
UPDATE
WPF Internet Sandbox Feature List
(XBAPS & Loose XAML)
Windows Presentation Foundation
Security Sandbox
Silverlight
File access problems
You won't be able to manipulate local files with silverlight without rich client side component. That client side componetn must expose web service API and behave like local web server. With that aproach you can do almost everything that regular WPF app can do.
"Can we open server-side files?" - Yes, but requires a web service (edited)
"Can we open client-side files?" - Yes, only via an Open File window or files in isolated sotrage
"Can we get change notification on files (client or server side)?" - Yes, but only on server side.
"Can we do the normal open/seek/write/append operations?"
With System.IO.FileStream class, which is available in Silverlight, you can manipulate textual streams in memory. However, you need to fetch the stream by web services, opening it with file open window, or from isolated storage.
Related
I have to create one application that represents the same screen(sharing the state of the view/screen) across multiple browser windows of same machine using AngularJS.
During my analysis I found perhaps AngularJS is not the best technology to handle such scenarios, please find below my thoughts:
If I open the same application in second window of the browser after
opening it in the first one, I need to copy the full
state(rootScope/scope/services) to other window
If user performs some action in one window I need to update the other screen/window accordingly for which I need to use web sockets
Complexity of scope digest cycles execution
Please suggest.
I faced kinda the same scenario while working on chat sessions where the user can open multiple chat windows (as popup windows) while the parent site is open. I used local storage for handling some of its scenarios. I used angular-local-storage for this.
Note: Make sure you are handling (deleting/updating/adding) the data properly while storing it in local storage of browser. Graceful execution is the key or else you'll end up with many bugs.
Hope it helps !
Does anyone else think Silverlight 4 security is a bit screwball?
Look at the following scenario:
Silverlight when set to trusted app, and run out of browser mode allows you to browse for a file using the file open dialog.
You require the name of the path of the file to open it up from any COM automation. For example (excel/word) but this could be anything.
It is impossible to get the full path of the file from the dialog because of security restrictions
You can however using COM FileSystemObject - do what ever you want to the users file system, including create folders, move and delete files.
So in other words, why all the fuss about security in Silverlight, which actually hinders real business use cases, when its possible to access any file anyways using COM?
To say it another way, if a user runs a malicious silverlight app, its unlikely they'll say - oh well it was COM at fault. The COM was afterall being called by a Silverlight app.
Here is what I mean....
User browses for file - c:\myFile.xls
Silverlight prevents you from getting the path (for security reasons)
Silverlight only lets you work with my documents
Using COM you can do what ever you want to the file system in the background anyways. Including copying that file now to my documents, if only you knew the name! But besides that you can wipe any file potentially if its not in use.
In my opinion Silverlight security model is flawed, either they should have given developers full trust and allow us to run apps as if they were running locally
or
Not allowed Silverlight to access COM.
Is it just me, or can anyone else see that its a bad implementation?
This triggers security alerts:
OpenFileDialog flDialog = new OpenFileDialog();
FileInfo fs = flDialog.File;
string fileName = fs.FullName;
This doesn't
dynamic fileSystem = AutomationFactory.CreateObject("Scripting.FileSystemObject");
fileSystem.CopyFile(anyFileName,anyDestination);
I don't agree with your point of view. The fact that you can do pretty much anything that an installed COM object will allow you to do is not a reason to modify a whole bunch of existing Silverlight code to allow you to do those same things.
Why? Because in the process of opening up that code there is also an increase chance that in some unintended way that same code could get run when the Silverlight component is not running in trusted mode. If that were to happen even once the media would all over it in a shot and Silverlight's reputation would, probably unfairly, be in tatters.
Personally I'm quite happy with the very cautious approach to security that MS are taking with Silverlight.
some Silverlight controls such as the OpenFileDialog work in both trusted and untrusted mode. These controls have been ported from previous versions of Silverlight where the new levels are elevated trust were not a consideration.
Thank you to Anthony for pointing this out.
Developers need to be aware of the definition of trust we are discussing here. Running a Silverlight application in full trust with elevated privileges IS NOT the same thing as running a local Silverlight Windows based Application. It is also far more restrictive than ActiveX.
Its possible that the trust here provided in Silverlight suits your particular business requirement. It is however likely that there are scenarios where you will find Silverlight too restrictive, its best to do your research upfront, and run code samples to ensure you can do the critical stuff, before jumping in head over heels.
Microsoft guarantees that public Silverlight API has the same behavior for both for Windows and MacOS platforms. So the functionality is many ways limited by the common denominator and technical feasibility. Please treat COM introp as a specific case addressing only Windows platform and only in full trust mode and it is not going to work the same for other platforms. So the security restrictions are valid as they are the same for both worlds in terms of API reuse.
I agree with the original poster. I think it's bad implementation. We are given a built in dialog to browse for a file, including directory structure. We can select a file and get a FileInfo object, but security prevents us from getting the FullName (directory and file name). Why? How does that improve security? What's the point of the open file dialog to begin with?
And as the original poster mentioned, with those dynamic objects, we can modify the local file system... which seems like the possible security hole.
All I want to do is read some data from an excel file... a way for my users to import excel data into the application, and the file could be saved anywhere on their machine. These are sales reps using an excel files to record orders locally until they can get to an internet connection. Who knows where they all save that file... so I'm not going to try to suggest we tell them all to store it in the same place in "my documents". I'll get laughed at if I suggest that.
It seems like it should be incredibly simple. But that "security measure" that keeps us from getting the directory the user chose from the built in open file dialog makes it so that we can't use the dialog for the purpose it was created for.
So what's the alternative? Is there a way to pick files using those dynamic objects? Do I have to write my own file selection tool using those objects that can modify the file system? Since I don't need anything but to read the file, and because I read something somewhere that we do have access to the file stream... is there a way to using the file stream to open up the file for reading using the AutomationFactory?
When building a Silverlight 4 application is it possible to get a directory listing from an in browser application?
It seems the SaveFileDialog does not have the capability to set the file name of the file being saved, so I thought that I could create my own user control, however it seems that is not possible as I can't get a directory listing in an in-browser application.
I realize that certain well known directories are accessible from Silverlight 4 in out-of-browser application, but that doesn't help an in-browser application.
In-browser Silverlight apps are constrained by the sandbox, so from a file I/O perspective it's not much different from SL3 in the sense that you really have no access to the file system outside of Isolated Storage. Of course, a user can specify whatever directory they want to save a file in but you cannot specify it for the user - it's 100% the user's call on where a file is stored, and client-side file storage outside of Isolate Storage must be user-initiated.
So I have a local WPF web browser application and I need it to write to a text file. However I always get the an exception of type System.Reflection.TargetInvocationException. I don't get any more information but I'm pretty sure it is because it is being run from a web browser (security etc.).
The code I am using works in a regular windows form application etc. it is the usual:
StreamWriter sw;
sw = File.CreateText("c:\\myTextFile.txt");
sw.WriteLine("First line");
sw.Close();
So, is there a workaround for this?
Many thanks,
Thomas
You could try running in Full Trust mode.
WPF in a browser is going to default to partial trust. You can change that in the Security tab in Project Properties (subject, of course, to it being installed by a trusted user).
The issue is not WPF security problems. The issue is an operating system security feature in play: you can't write to the root of the C: drive without admin privs. Not only would your app need to be in WPF Full Trust mode, but you'd need to grant your app administrative priveledges on Vista and Windows 7 and beyond.
All that said, you should be able to write to files in non-protected paths. For example, you could write to a temporary file as returned by Path.GetTempFilePath(). However, it's likely your WPF browser app will still have to be running in full trust to write to disk at all.
See this page, describing Partial Trust security considerations. If you need to store the file for your own application's use, consider using Isolated Storage. If you want to allow the user to save a file to disk, you can use SaveFileDialog.OpenFile to allow the user to choose a path and confirm saving the file.
What identifies an silverlight application and when can two silverlight applications share IsolatedStorage if at all, i.e.:
if I want to have two Silverlight applications share IsolatedStorage space, is this possible? What kind of "application id" do I need to give to do this?
if I don't want two Silverlight applications to share IsolatedStorage, how do I prevent this? Do I need to do this?
For instance, I've noticed when I develop a Silverlight application, I can press F5, in the application save to Isolated Storage, stop the application, press F5 again, and it reads from the same IsolatedStorage. (I would think that a new compilation would cause it to use new IsolatedStorage.)
However, when I then copy the .xap and .html files to another directory and open the .html file, it does NOT share the IsolatedStorage with the application I was developing. What changed?
What is going on behind the scenes here so I know when IsolatedStorage is shared and when it isn't?
The URL to the source XAP file identifies the application. You would want a new version of an application to be able to read the existing store for a previous version. Consider a game where all the high scores are stored in the application store. The user might be a little upset when all those scores disappear after they upgraded it.
Different applications can share a single site based store. However you only get those two levels of granularity, app level keyed at the XAP Url or site based, which is host and port (I'm not sure whether scheme is also part of that key).
If memory serves me right the isolated storage can be used within the scope of the application and scope of the page. So - if I understand my recollection right, I'd probably say - yes.
Edit
From a copy of Pro Silverlight 3.0 in C# that I posess :
(p. 636)
With isloated storage, a niqe storage location is created for every combination of user and application. In other words, the same computer can have multiple isloated storage locations for the same application, assymin each one is for a different user. Similarly the same user can have multiple storage locations one for each Silverlight Application
(p. 637)
... GetUserStoreForFile(). This method provides a storage site that's accessible to all silverlight applications on the same website domain, however these settings are still user specific