In browser trusted application Silverlight 5

silverlight elevated-privileges
Philippe picture Philippe · Dec 20, 2011 · Viewed 15.7k times · Source

With the new Silverlight 5, we can now have an In-Browser elevated-trust application. However, I'm experiencing some problems to deploy the application.

When I am testing the application from Visual Studio, everything works fine because it automatically gives every right if the website is hosted on the local machine (localhost, 127.0.0.1).

I saw on MSDN that I have to follow 3 steps to make it work on any website:

  1. Signed the XAP — I did it following the Microsoft tutorial
  2. Install the Trusted publishers certificate store — I did it too following the Microsoft Tutorial
  3. Adding a Registry key with the value AllowElevatedTrustAppsInBrowser.

The third step is the one I am the most unsure about. Do we need to add this registry key on the local machine or on the server? Is there any automatic function in Silverlight to add this key or is it better to make a batch file?

Even with those three steps, the application is still not working when called from another url than localhost.

Does anybody have successfully implemented an in-browser elevated-trust application? Do you see what I'm doing wrong?

Sources:

Answer

Fares picture Fares · Jun 12, 2012

There are lots of great resources describing this process, including the ones mentioned in responses here. I wanted to document the steps that worked for us. (Silverlight 5.1.10411.0)

Here are the steps that we took to enable In-Browser Trusted Applications:

  1. Sign the Xap file with code signing key.
  2. Install public code signing key into "Certificates->Current User->Trusted Publishers"
  3. Set the DWORD registry key AllowElevatedTrustAppsInBrowser = 1 at 
    SL 64 bit path: HKLM\Software\Wow6432Node\Microsoft\Silverlight
    SL 32 bit path: HKLM\Software\Microsoft\Silverlight
  4. Open the Silverlight project in a text editor and verify the following entries exist: 
    <RequireInBrowserElevation>true</RequireInBrowserElevation>
<InBrowserSettingsFile>Properties\InBrowserSettings.xml</InBrowserSettingsFile>
  5. Check that the Properties\InBrowserSettings.xml exists and contains: 
    <InBrowserSettings>
  <InBrowserSettings.SecuritySettings>
    <SecuritySettings ElevatedPermissions="Required" />
  </InBrowserSettings.SecuritySettings>
</InBrowserSettings>

Note:

  • If you use a self signed certificate while testing, you will also need to install it into "Certificates->Current User->Trusted Root Certification Authorities". (Buy one before you go into production)
  • Once you sign a XAP file you cannot unzip and modify it as doing so breaks the signing (it must be resigned).
  • Don't forget to clear your browser cache if you are caching the xap file.
  • This worked on Windows 7 and Windows 8 Release Preview (desktop mode) with IE, Chrome, Firefox and Safari.

Related questions

Difference between SelectedItem, SelectedValue and SelectedValuePath

What is the difference betweeen the following: SelectedItem SelectedValue SelectedValuePath All these dependency properties are defined in Selector class. I often confuse SelectedItem with SelectedValue , and SelectedValue with SelectedValuePath. I would like to know the difference between them, and also …

Read More
How to trigger event when a variable's value is changed?

I'm currently creating an application in C# using Visual Studio. I want to create some code so that when a variable has a value of 1 then a certain piece of code is carried out. I know that I can use …

Read More
How do I space out the child elements of a StackPanel?

Given a StackPanel: <StackPanel> <TextBox Height="30">Apple</TextBox> <TextBox Height="80">Banana</TextBox> <TextBox Height="120">Cherry</TextBox> </StackPanel> What's the best way to space out …

Read More