How to run WPF - XBAP as Full Trust Application
| XBAP |
| What is XBAP XBAP (XAML Browser Application) is a new Windows technology used for creating Rich Internet Applications. While windows applications are normally compiled to an .exe file, browser applications are compiled to an extension .xbap and can be run inside Internet Explorer. Xbap applications are run within a security sandbox to prevent untrusted applications from controlling local system resources. (e.g deleting local files) |
Recently I work on WPF-XBAP application that will run from intranet website:
This application must have unrestricted access to client's OS resources (that is unusual for XBAP projects):
I publish it on local website by using "Click-Once" deployment mechanism:
User can launch the application from deployment page (also can run application setup):
I get security error ("User has refused to grant required permissions to the application"):
Means that application tried to perform some restricted action, beyond of XBAP sandbox. Actually it tried to read local video file:
(It reads video file from local source, for preview option before uploading it to FTP server)
After some research I found how to fix that:
(1) Project must be signed with "Click-Once" manifest (security certificate file):
(If project doesn't contain "Test Certificate" click on rounded button to create a new one)
(2) After temporary certificate was created we'll save it into file (click on "More Details"):
File export wizard (step A):
File export wizard (step B):
File export wizard (step C):
(Enter username and password, only if you did so while "Test Certificate" creation in par. 1)
File export wizard (step D):
File export wizard (step E):
File export wizard (step F):
(Now project certificate is saved as external file)
(3) Now we'll go to Internet Explorer and will register this certificate:
(Open "Internet Options" from "Tools" menu)
Click on "Certificates" in "Content" tab:
Import certificate file from "Trusted Root Certification Authorities" tab:
File import wizard (step A):
File import wizard (step B):
File import wizard (step C):
File import wizard (step D):
Confirm importing:
If succeed you'll get this window:
And will see certificate here:
Do same in "Trusted Publishers" tab:
Close IE options:
(6) No we'll go to "Signing" tab in project options and will select registered certificate:
Select registered certificate from local store:
(5) Republish the application:
Now XBAP can run in "Full Trusted" mode:
Hope this post was helpful ;-)
How to run WPF-XBAP Application in Full-Trust Mode (Post #2: certificate extraction)
In previous post I wrote about running WPF-XBAP application on client machine in "Full-Trust Mode".
That worked fine and the post was helpful (I know this from post's talk-backs).
I described how to generate security certificate and how to install it on client machine (thru IE options).
Recently, I worked with XBAP deployment files and required to copy them to new IIS server, during the process I've forgotten to include certificate (ext: "cer") file. I tried to open the application from client machine (in IE or Firefox) and got error message, that tells about security restrictions and that client has refused XBAP application in full-trust mode.
I know another way to generate certificate file without using MS Visual Studio and I'll show it here.
Some Introduction…
What are "deployment files"? – XBAP application BUILD generates assemblies and other resources that required running XBAP application. These files can be placed on IIS virtual folder and being downloaded to remote client machine by using supported Internet browser (IE or Firefox).
To see which files will be included in deployment folder go to "Publish" tab in project settings form and click on "Application Files":
To see options for deployment and how the setup page will look go to "Publish" tab in project settings form and click on "Options":
Check option: "Use '.deploy' file extension". - This is helpful for full-trust mode (some machines don't allow downloading assembly files like EXE and DLL):
If you want to include some additional files for application deployment, go to "Publish" tab in project settings form and click on "Prerequisites":
"Prerequisites" - setup-package files like .Net 2.*-3.* or Windows-Installer 3.*:
To generate deployment files and to publish them in selected folder click "Publish Now" in "Publish" tab in project settings form and click on "Prerequisites":
"Publish Now" generates these files:
"index.htm" is a deployment page, which was build with two options to run XBAP (Click-Once) application. "Run" option opens setup dialog (in case that application runs at first time or deployed with as new version), "launch" opens XBAP directly (without the installation process):
Usually I copy certificate file into this directory and place a link for download on "index.htm", but what can I do if I've forgotten to create the certificate file and already copied deployment files to client's IIS server and I don't have MS Visual Studio to create the new one from sources or event don’t have any sources (project code source files)? Answer: I can extract certificate into file from deployment executables. I can extract it from "setup.exe" file or from original "EXE" or "DLL" file if it wasn’t converted into other unknown file type.
I'll show ho to extract certificate from "setup.exe" (this file includes the same certificate as XBAP-Application EXE files).
1. Go to deployment folder and do right-click on "setup.exe" file:
2. Open "Properties" form and go to "Digital Signatures" tab page, select included digital signature and click on "Details":
3. Click "View Certificate" in "General" tab page:
4. Click on "Copy to File" in "Details" tab page:
5. Proceed with opened "Certificate Export Wizard":
(5.1)
(5.2)
(5.3) you can place extracted "cer" file in deployment folder for future use:
(5.4)
When you'll finish with wizard you'll get "cer" file:
See previous post with instructions that will help you with certificate installation. I found this post that also describes how to run XBAP in Full-Trust mode.
From: http://blogs.microsoft.co.il/blogs/maxim/archive/2008/03/05/wpf-xbap-as-full-trust-application.aspx