Tuesday 8 November 2011

How to run WPF - XBAP as Full Trust Application

How to run WPF - XBAP as Full Trust Application

Recently I work on WPF-XBAP application that will run from intranet website:


 xbap project type
This application must have unrestricted access to client's OS resources (that is unusual for XBAP projects):
full trust app
I publish it on local website by using "Click-Once" deployment mechanism:
app publish
User can launch the application from deployment page (also can run application setup):
run app from website

I get security error ("User has refused to grant required permissions to the application"):
trust not granted

Means that application tried to perform some restricted action, beyond of XBAP sandbox. Actually it tried to read local video file:
xaml code
(It reads video file from local source, for preview option before uploading it to FTP server)
After some research I found how to fix that:

(1) Project must be signed with "Click-Once" manifest (security certificate file):
certificate
(If project doesn't contain "Test Certificate" click on rounded button to create a new one)

(2) After temporary certificate was created we'll save it into file (click on "More Details"):
save certificate 01

File export wizard (step A):
save certificate 02
File export wizard (step B):
save certificate 03
File export wizard (step C):
(Enter username and password, only if you did so while "Test Certificate" creation in par. 1)
save certificate 04
File export wizard (step D):
save certificate 05
File export wizard (step E):
save certificate 06
File export wizard (step F):
save certificate 07
(Now project certificate is saved as external file)

(3) Now we'll go to Internet Explorer and will register this certificate:
(Open "Internet Options" from "Tools" menu)
ie options
Click on "Certificates" in "Content" tab:
ie options - content tab
Import certificate file from "Trusted Root Certification Authorities" tab:
ie options - certificates
File import wizard (step A):
certificate import wizard 01
File import wizard (step B):
certificate import wizard 02
File import wizard (step C):
certificate import wizard 03
File import wizard (step D):
certificate import wizard 04
Confirm importing:
certificate import wizard 05
If succeed you'll get this window:
 certificate import wizard 06
And will see certificate here:
certificate imported - ok
Do same in "Trusted Publishers" tab:
ie options - certificates - publishers
Close IE options:
 ie options - ok


(6) No we'll go to "Signing" tab in project options and will select registered certificate:
app resign
Select registered certificate from local store:

certificate from store
(5) Republish the application:
app publish again
app publish again - msg
Now XBAP can run in "Full Trusted" mode:
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)