Trusted Silverlight Applications

Posted on 12/21/2011 @ 3:43 AM in #Silverlight and WPF by | Feedback | 1423 views

Silverlight as you know is an ActiveX control or Plugin that runs inside the browser, and gives you a subset of the .NET framework geared towards presentation and communication and web apps. It isn’t a true subset because it has some facilities that don’t make sense in a regular WPF app. With Silverlight 4, Microsoft introduced out of browser apps, and trusted applications. But the trusted apps weren’t quite like click once or thick client apps. Silverlight 5 has numerous enhancements around trusted apps.

By default, Silverlight-based applications run in partial trust. Partial trust applications are safer, offer less security dialogs, but can do fewer things, like they can’t write to your C:\ drive. Sometimes you need to break those boundaries.

Enter trusted applications. Trusted applications are typically out-of-browser applications, but Silverlight 5 can allow trusted applications to run inside the browser as well. This is great for intranet scenarios, but it does need some setup to be done by the system administrators ahead of time. See How to: Enable Trusted Applications to Run Inside the Browser.

When a user installs an out-of-browser application that requires elevated trust, the default install dialog box is replaced by a security warning. This warning indicates that the application can access user data, and should be installed only from a trusted Web site. The security warning is a lot better if your application has a digital signature. Administrators can choose to auto accept certain signatures on an intranet.

Trusted Silverlight Applications have the following facilities,

  • Trusted Silverlight Applications do not have cross-domain access restrictions. You can also do cross-scheme data access (i.e. download app on http, and access https) without restrictions.
  • Trusted SL apps can create TCP connections on any port. Partial trust apps are restricted to only 4502-4534 ports. Ditto goes for UDP Multicast scenarios.
  • Trusted SL apps require user consent only for audio and video. They do not need consent for full sceening & clipboard.
  • Partial trust apps require user-initiation for some actions, like full screening. Trusted SL apps can do that without user-initiation. User initiation would be like clicking on a button. Non user initiation would be like a timer_tick
  • Partial trust apps when they full screen will show “Press ESC to unfullscreen” (or something like that). Trusted SL apps will not. Also trusted SL apps will not capture keyboard, so hitting ESC may not unfullscreen an app.
  • Trusted SL Apps can remove the title bar and border for out of browser apps, so you can have 100% control on the UI.
  • Trusted SL apps can access the file system using a subset of System.IO. In other words, you don’t need to use OpenFileDialog or SaveFileDialog. Silverlight 4 could access only user folders like My Documents, My Music, My Pictures, and My Videos. SL5 can access the entire file system. For more information see How to access the local file system in trusted silverlight applications.
  • Trusted Silverlight applications can also invoke COM components exposed by Office Apps. So you can start word using Silverlight for instance. Silverlight 5 can also do PINVOKE calls to unmanaged functions. Windows 8 metro apps written in silverlight obviously cannot do this.
  • As a summarization for Silverlight 5 only trusted app features,
    • They can access the local file system without restrictions.
    • For windows basd apps only they can access security critical methods without a MethodAccessException occurring.
    • They can run inside the browser if the computer and application are properly configured but this needs system administrator to configure some stuff (see link above).
    • They can create multiple windows when running outside the browser.
    • They can use platform invoke to call unmanaged functions in Windows-based applications.

So there you go. It looks like trusted silverlight applications in Silverlight 5 almost remove all need to write regular thick client apps. Windows Forms is dead! Long live the internet! w00T!

Sound off but keep it civil:

Older comments..