In browser trusted application Silverlight 5
Solution 1
There are lots of great resources describing this process, including the ones mentioned in responses here. I wanted to document the steps that worked for us. (Silverlight 5.1.10411.0)
Here are the steps that we took to enable In-Browser Trusted Applications:
- Sign the Xap file with code signing key.
- Install public code signing key into "Certificates->Current User->Trusted Publishers"
- Set the DWORD registry key AllowElevatedTrustAppsInBrowser = 1 at
SL 64 bit path: HKLM\Software\Wow6432Node\Microsoft\Silverlight
SL 32 bit path: HKLM\Software\Microsoft\Silverlight
- Open the Silverlight project in a text editor and verify the following entries exist:
<RequireInBrowserElevation>true</RequireInBrowserElevation> <InBrowserSettingsFile>Properties\InBrowserSettings.xml</InBrowserSettingsFile> - Check that the Properties\InBrowserSettings.xml exists and contains:
<InBrowserSettings> <InBrowserSettings.SecuritySettings> <SecuritySettings ElevatedPermissions="Required" /> </InBrowserSettings.SecuritySettings> </InBrowserSettings>
Note:
- If you use a self signed certificate while testing, you will also need to install it into "Certificates->Current User->Trusted Root Certification Authorities". (Buy one before you go into production)
- Once you sign a XAP file you cannot unzip and modify it as doing so breaks the signing (it must be resigned).
- Don't forget to clear your browser cache if you are caching the xap file.
- This worked on Windows 7 and Windows 8 Release Preview (desktop mode) with IE, Chrome, Firefox and Safari.
Solution 2
I have successfully created in-browser Silverlight 5 app with elevated privileges fallowing this msdn article. You can always check if Your app has elevated privs with:
Application.Current.HasElevatedPermissions
My problem is that while it works without problem in Firefox 14, IE9 needs to be run as administrator in Windows 7. I am currently looking for a way to make it work without executing IE as administrator. If anybody knows how to do this I would appreciate the help.
Edit:
Wow. Actually link from Aaron McIver post helped me a lot. I just switched "Enable protected mode" off and now it works just fine without administrator rights. :D
Solution 3
The registry edit needs to be on the client machine; the machine executing the Silverlight application.
There is a demo available via the XAMLGEEK; as everything you laid out should get you in a working state. Mike Taulty also has an excellent walk through.
Related videos on Youtube
33 : 48
09 : 33
08 : 53
07 : 06
04 : 50
![Microsoft Silverlight Fix Windows 10 [Tutorial]](https://i.ytimg.com/vi/XuPXNRevbNw/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCXNN37Jo4-e78aZ6-ydWQKMs68Wg)
02 : 34
57 : 55
02 : 14
08 : 38
04 : 39
Comments
-
Philippe almost 2 years
With the new Silverlight 5, we can now have an In-Browser elevated-trust application. However, I'm experiencing some problems to deploy the application.
When I am testing the application from Visual Studio, everything works fine because it automatically gives every right if the website is hosted on the local machine (localhost, 127.0.0.1).
I saw on MSDN that I have to follow 3 steps to make it work on any website:
- Signed the XAP — I did it following the Microsoft tutorial
- Install the Trusted publishers certificate store — I did it too following the Microsoft Tutorial
- Adding a Registry key with the value
AllowElevatedTrustAppsInBrowser.
The third step is the one I am the most unsure about. Do we need to add this registry key on the local machine or on the server? Is there any automatic function in Silverlight to add this key or is it better to make a batch file?
Even with those three steps, the application is still not working when called from another url than localhost.
Does anybody have successfully implemented an in-browser elevated-trust application? Do you see what I'm doing wrong?
Sources:
-
Andy M about 12 yearsDid you find a solution to your problem ? I'm facing the exact same issue... Thanks
-
Philippe over 12 yearsDo you think the problem is that I'm using a created certificat? Do I have to buy one?
-
Aaron McIver over 12 yearsNo you shouldn't need to buy one. -
jmc over 11 yearsNo you don't need to buy one, but if you create your own certificate, you need to also add it to the Trusted Root Certificate Authority. Adding you're own self signed certificate to only the Trusted Publishers will not work. (see Fares Noueihed answer, its by far the most comprehensive and points out this rather important point)
-
jmc over 11 yearsBingo for pointing out the self signed gotcha. This seems to trip a lot of people up.
-
gius over 11 years+1 The trick for me was to install the signing certificate into Trusted Publishers (the Issuing authority certificate in Trusted Publishers and Trusted Root Certification Authorities was not enough).
-
NoWar over 11 yearsCould u explain please if we need some certificate to upload files under SL in general?
