Comments on: XBAP & Trust Levels

By: Eric

Eric — Fri, 18 Jul 2008 15:13:36 +0000

Hi Karen
Excellent post! Can you please elaborate in the first workaround?

“Install an AllowPartiallyTrustedCallersAttribute’d (APTCA) assembly in to the client’s Global Assembly Cache (GAC). Use this full trust assembly to proxy calls for the XBAP.”

I am working with an xbap application in Visual Studio 2008. I installed an APTCA assembly in the client’s GAC like you indicated but when I try to run my code I get the following exception:

System.Security.SecurityException: Request for the permission of type ‘System.Security.Permissions.FileIOPermission

Thanks in advance

By: Philipp

Philipp — Mon, 14 Jul 2008 04:22:25 +0000

Hi Karen,

Thanks for the great post. I have a related question. I have already put a lot of time into coding a Windows Forms control which is hosted in a webpage via the tag. But I recently wanted to upgrade it with a WPF control so I tried to add an instance of ElementHost to my control. But the ElementHost’s constructor fails with a “Request failed.” exception. I have given my control FullTrust.

Do you know if this is possible? Do I have to assert a security permission? Or must I rewrite the control from scratch as an XBAP?

Thanks!

By: Alvin B

Alvin B — Tue, 20 May 2008 15:17:06 +0000

I would like my xbap to write back to the browser accessing the DOM model and Javascript. Reason: My app would now be able to chain events from the XBAP to the browser. Note, this is possible today using managed user controls and the appropriate interfaces so the feature release would not open any hole.

By: Guy

Guy — Mon, 27 Aug 2007 02:13:44 +0000

I’ve got this problem with xbap can anyone figure out what can be wrong and how could it be that xbap work only in anew instance of IE ????

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2057135&SiteID=1

Thank a lot.

By: Karen

Karen — Tue, 24 Jul 2007 19:55:24 +0000

XBAPs are click once applications. They run as non-admin processes… My suspicion is you’re trying to modify HKCU

By: Ruurd Boeke

Ruurd Boeke — Sat, 21 Jul 2007 12:25:43 +0000

Hi,

I have a full trust xbap that will run fine. It will throw an exception as soon as it hits code that will modify the registry. I would have thought that having full trust would fix that. ( this if for a corporate intranet application).

Could you give a hint about where to look?

Kind regards,
Ruurd Boeke

By: Karen

Karen — Sun, 18 Feb 2007 03:24:15 +0000

Brian,

No - VeriSign is a trusted root certification authority. That means that a user trusts that a cert from VeriSign actually represents the person it says it does. (Bob gets a cert from VeriSign. User trusts that the cert is actually Bob’s cert, because it trusts Verisign who issued the cert.)

A user still need to install the cert in to the trusted publishers store for the user in order to trust that publisher.

Hope that made sense!
Karen

By: Brian

Brian — Tue, 30 Jan 2007 22:21:32 +0000

Can I purchase a cert from Verisign and use it to sign my app? Thereby skipping the step where I need to install a trusted cert in the user’s personal store?

By: Chad Campbell

Chad Campbell — Fri, 19 Jan 2007 19:27:56 +0000

Great post. I look forward to XBAP support for WCF.

By: Bill

Bill — Tue, 16 Jan 2007 04:31:28 +0000

Please add support for bitmap effects in XBAP. Not having them has been frustrating for graphics design. Thanks!

By: J

Fri, 12 Jan 2007 01:05:37 +0000

Is there any support for WCF in XBAP apps yet? Or is it just not going to happen?

By: slyi

slyi — Thu, 11 Jan 2007 14:06:56 +0000

Is there any definaitive answer on the xbap cookie access as it causing much confusion see http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1016463&SiteID=1