The Expression Blend release candidate is now available!
Get it here!
As was recently noted in a comment, there are a bunch of very cool samples in Blend. One of them has a sweet page turning demo. I converted it to an xbap… check it out here:
Tag Archive for 'wpf'
Josh Smith (formerly of Infragistics) is putting on an XBAP contest!
Submissions are required by March 12th.
I can’t wait to see what people create!
As Tim Sneath announced earlier in his blog today, the British Library has released a just awesome XBAP.
I’ve been giddy about this app since I saw the first prototype. Here’s an example of technology really opening doors and offering new experiences. The public can see these Da Vinci’s notebooks, Mozart’s compositions, and many other (usually locked up) rare books in a fuller fidelity, richer environment than ever before.
Tim goes in to all the specific coolness of the app in his post. I definitely recommend the read.
Try out ”Turning the Pages” here.
Hats off to the Japanese design agency Bascule for this excellent xbap. The funky 3D & music is just awesome. A great watch.
Notice the little camera in the lower left hand corner? Click on it to control the camera position and zoom in/out. Sweetness.
An updated version of the December CTP Expression Design has been posted that has a 180 day trial license. Get it here!
XAML Browser Applications (XBAPs) in this version are promptless in-browser experiences.
This has many implications:
- clean experience when navigating to an XBAP. (There is no Information Bar or security warning before launching the app.)
- cached (not installed) on the user’s machine.
- security sandbox.
Sandboxed Applications
The third bullet above is especially important for XBAP developers. XBAPs obey the security contract of being in the browser: they are sandboxed according to their deployment zone. Today, there is no way to seamlessly “elevate” and prompt the user for additional permissions. (This is an often-requested feature and something we are investigating for future versions.) The sandboxed restriction also means that XBAP developers need to be conscious of the bounds of the security sandbox as they develop their app. (See previous post.)
Note: By default, all XBAPs request the Internet Zone permission set in their application manifest. In V1, there is no significant difference between the Internet & Intranet permission sets.
“I want my XBAP to run with full trust. I heard there are workarounds..?”
Given the sandbox restrictions and the wide range of experiences desired in the browser, this is not surprisingly a frequently asked question about XBAPs.
If you want full trust, you should first consider building a standalone installed WPF application. These by default run in full trust and can be deployed using ClickOnce, giving many of the deployment benefits of a browser application.
If your scenario requires that you’re an XBAP, there is no built-in way for XBAPs to prompt and request more permissions. That being said, XBAPs are ClickOnce applications behind the scenes. That means it is possible to use ClickOnce-based methods to gain access to trusted actions. There are two main options:
- Install an AllowPartiallyTrustedCallersAttribute’d (APTCA)assembly in to the client’s Global Assembly Cache (GAC). Use this full trust assembly to proxy calls for the XBAP.
- Install a certificate in to the user’s trusted publisher’s store. Use ClickOnce trusted application deployment by signing the XBAP with the certificate.
Neither of these workarounds are ideal from a security standpoint, but we believe the latter is the better option.
GAC’d APTCA assemblies are accessible to ALL partial trust callers and therefore are susceptible to repurposing by 3rd parties. There are ways to mitigate this exposure – for instance, one could use the [InternalsVisibleTo] attribute to only expose methods to specific “friend” XBAP assemblies. However, mistakes or incomplete usage of this mitigation could potentially open wide security holes. In addition, the management of installed APTCA assemblies is very end-user unfriendly.
For intranet XBAPs, pushing out a trusted publisher certificate through group policy is a fine way of enabling LOB scenarios.
However, for consumer scenarios, trusted deployment via trusted publisher certs has its drawbacks. This is because it affects more than just XBAP deployment: many trust decisions prompts are bypassed for trusted publishers. Still, this workaround has the advantage of being scoped to the specific publisher.
For V1 consumer XBAPs, we make the following recommendations:
- Be sure your app needs to be an XBAP. (Can it be a full trust standalone ClickOnce application?)
- Trusted app deployment is preferred of the two workarounds.
- Use a separate cert to sign each XBAP group. Otherwise, a user who decides to trust one set of XBAP will implicitly agree to trust all XBAPs (& ActiveX controls, etc) signed with that certificate. This scopes the security impact (and responsibility) of any particular certificate.
- Use an MSI to install the cert. This ensures installation is consistent with the configured security installation settings on the client machine (e.g. requiring Admin rights).
- Install the cert into the user’s trusted publisher store, not the machine’s. This reduces the machine decisions that the trusted publisher cert can impact.
- Clearly notify the user at installation that they are changing the user’s trusted publisher store.
- Provide clear installation instructions on the page containing the XBAP. If the cert is not installed and the XBAP requests full trust, a “Trust Not Granted” error is shown.
Please use the above method with extreme care. We’re exploring changing XBAP elevation to work better in future versions. Your feedback in this area, as always, is appreciated.
Other FAQs
How did you implement the sandbox?
The XBAP sandbox is based on the .NET Framework security model: Code Access Security. In this model, permissions gate the actions that a particular app can do (i.e. FileIOPermission controls file system access). What permissions are granted depends on what deployment zone an application is deployed from. A detailed explanation on our implementation strategy can be found in the WPF Sandbox Whitepaper.
When will you be expanding the sandbox?
We’ve had a lot of requests for specific features to be brought in to the Internet sandbox. Currently, we’re exploring plans for our next version. We would love feedback if there is a non-sandboxed feature that is blocking you. Please leave comments on this blog post or send requests to wpfsec at microsoft dot com.
At CES today, Yahoo announced a new Windows Vista Messenger application built in WPF. It looks VERY hot.
On Yahoo’s announcement page, they have a video demo. Check it out!
Using my new template, I wanted to create a screen saver for my photos. I liked the look of the Picasa screen saver and wanted to see if I accomplish something similar in WPF. Below is the result.
The photos animate in & out to random locations. It’s also configurable to show photos from any directory on your machine.
You can get the screen saver here.
To Install
- Be sure you have .NET Framework 3.0. (If you’re running Vista, you’re good to go!)
- Download the ZIP file and Extract All files.
- Copy the PixPile.scr file to convenient location on your C: drive.
- Right click the PixPile.scr file.
- Select Install.
To Configure
- In the Windows Screen Saver Dialog, select the PixPile screen saver.
- Click Settings button.
To Uninstall:
- Delete the Spiral.scr file.
08 Jan 07:
- Fixed a crash after long runs.
18 Jan 07:
- Changed photo “drop shadow” from using a BitmapEffect to an transparent Rectangle to enhance perf.
- Reduced border size and tweeked fade in animation,
- Added setting to change min and max photo size to work better with screens of different resolutions.
I thought it would be fun to create a WPF screen saver. I built one with Robert Hogue’s most excellent Material Group “Background Animation” visuals. (You can find it in his Sample Pack.) You can download the screen saver and/or the code.
However, I thought it would be even more fun if everyone else would write screen savers too. 
To facilitate this, I’ve written a VS template for WPF screen savers.
Screen Saver Template – Installation Instructions
- Download the template here.
- Move the zip file to <MY DOCUMENTS>Visual Studio 2005TemplatesProjectTemplatesVisual C#”.. (DO NOT unzip it)
When creating a new project, “Screen Saver Application (WPF)” will now be an ”Visual C#” project type option.
Deploying the Screen Saver
In order to deploy your screen saver, you must rename the RELEASE build of the screen saver executable to have a “.scr” extension:
- Go to binRelease folder of your project.
- Rename the .exe to .scr. (e.g.”ScreenSaver.exe” becomes “ScreenSaver.scr”)
- If using .NET Application Settings, see important note below.
Installing the Screen Saver
To install on a user’s machine:
- Copy the .scr file (& any dependent files) to convenient location on your C: drive.
- Right click the .scr file.
- Select Install.
To configure on a client machine:
- In the Windows Screen Saver Dialog, select the screen saver.
- Click Settings button.
To uninstall:
- Delete .scr file.
Screen Saver Files
The template creates the following main files for you:
- App.xaml/App.xaml.cs – sets up screen saver application.
- Window1.xaml/Window1.xaml.cs – main visuals of screen saver
- Settings.xaml/Settings.xaml.cs – settings window of screen saver
Screen Saver Modes
The screen saver can be launched with different command line arguments:
- <no args>: Display screen saver
- “/s”: Display screen saver
- “/c”: Show settings window
Debugging
In DEBUG configurations, the screen saver window’s “topmost”-ness and “shutdown on key/mouse input” are disabled. To close the window, hit Ctl-F4.
To debug the settings window…
- Go to the project properties pane. (Right click the project in the Solution Explorer
& select “Properties”). - Select Debug on the left tabs.
- Find “Command Line Args” textbox under “Start Options”.
- Enter: /c
Saving Screen Saver Settings
I highly recommend using the .NET Application Settings feature to save user-configured screen saver settings.
Here’s the quick run down of how to do it.
- Determine which settings you need. The default settings store only supports limited Type, so make sure to use an appropriate format.
- Add the settings to the Settings.settings file using the designer. By default, these are saved to a per user, file system-based .NET settings store.
- Access the settings using Properties.Settings.Default.YourSettingName.
For the screen saver above, I defined one setting in the designer:
In my Settings.xaml.cs file, I accessed it:
//initialize color picker with BackgroundColor application setting
TypeConverter colorTypeConverter = TypeDescriptor.GetConverter(typeof(Color));
MyColorPicker.Color = (Color) colorTypeConverter.ConvertFrom(Properties.Settings.Default.BackgroundColor) ;
As well as saved it:
//set BackgroundColor application setting to color picker's color
TypeConverter colorTypeConverter = TypeDescriptor.GetConverter(typeof(Color));
Properties.Settings.Default.BackgroundColor = colorTypeConverter.ConvertTo(MyColorPicker.Color, typeof(string)) as string;
//flush application settings
Properties.Settings.Default.Save();
Finally, I renamed “MaterialGroupScreenSaver.exe” to “Spiral.scr.”
IMPORTANT NOTE:
By default, the .NET Application Settings framework stores user settings based on the executing assembly name. If you use .NET Application Settings with the default settings store,
YOU MUST GIVE YOUR SCREEN SAVER ASSEMBLY A NAME WITH 8 CHARACTERS OR LESS.
Why? The Windows Screen Saver Dialog launches the screen saver (for settings & preview) using the full assembly name (e.g. MyCoolScreenSaver.scr). However, when launching the screensaver for real, Windows uses the shortened version (e.g. MYCOOL~1.SCR). Since the name is different, the settings are loaded from a different place.
Release Notes
- Does not support real time preview in the Windows Screen Saver Dialog’s embedded display.
- The screen saver duplicates the visuals on each monitor by creating an additional instances of Window1.
A couple exciting updates:
- WPF/E has released their first CTP! Download it for Windows and Mac.
- Karsten Januszewski has released source code for the Woodgrove Finance Application.
- Expression Blend (formerly Expression Interactive Designer) has released their Beta with a hot new look. Download the trial here.
