4

I am trying to get my silverlight application running with elevated privileges in browser. However, no matter what I do, it doesnt get elevated.

I have tried to add registry key AllowElevatedTrustAppsInBrowser (as DWORD with value 1), and signed the XAP file using VS 2012. I also came across a blog that mentioned the clientaccesspolicy.xml file, but I was not able to allow elevated privileges with this either. I put the xml file inside the web project hosting the html file that displays the XAP.

Has anyone actually managed to get this to run?

I also tried following this: http://mtaulty.com/CommunityServer/blogs/mike_taultys_blog/archive/2011/04/27/silverlight-5-beta-rough-notes-trusted-apps-in-the-browser.aspx but im unsure about where to run the commands he runs on windows.

ruffen
  • 1,695
  • 2
  • 25
  • 51
  • you need to sign your Silverlight app: http://stackoverflow.com/questions/9784200/silverlight-5-signing-xap-file/9784470#9784470 – Rumplin Jun 14 '12 at 08:58
  • 1
    I don't think the `clientaccesspolicy.xml` file applies to this problem, but either way, I believe that this file should be placed in the web server root to function properly. Excerpt from MSDN documentation: "The Silverlight runtime first tries to download a Silverlight policy file with a name of _clientaccesspolicy.xml_ at the root of the requested target domain using the HTTP protocol." – Anders Gustafsson Jun 14 '12 at 09:22
  • I had it signed, however i needed the certificate added in "Trusted Root Certification Authorities" store as well, since im using a testing certificate through VS. – ruffen Jun 14 '12 at 09:28
  • There are some suggestions "out there" that this can be done using the clientaccesspolicy.xml, but all evidence points towards this not being possible. Haven't been able to find a reliable source for this yet. Im releasing this app on a limited amount of computers, and on a corporate network, so certificates should be fine. – ruffen Jun 14 '12 at 09:30

1 Answers1

6

There is a good summary on how to enable in-browser elevated trust by Mister Goodcat here, where he also provides some troubleshooting tips:

  • One thing to keep in mind is that even if your application runs as trusted in-browser app, it is still subject to the security restrictions the browser itself imposes. That means that its possibilities may be much more restricted than if they ran out of browser, for example by Internet Explorer's Protected Mode. In addition, the Silverlight runtime itself restricts use of certain features for in-browser trusted apps, for example you cannot use the Window class and/or create additional windows when you're running in the browser.

  • If none of the above applies to you and you still run into problems, one thing to do is check whether your certificate(s) have been installed correctly. There's a snap-in for the management console for this. Here is an article that describes how to get there (note that you should add a snap-in for your user account, not the computer account as in this description).

  • You can also check whether your registry key is actually and successfully queried, for example by using a tool like Process Monitor from the Sysinternals Suite. Watch for operations of type "ReqQueryValue" of your browser executable that access the key we created above, and make sure the Result is "SUCCESS".

Anders Gustafsson
  • 15,837
  • 8
  • 56
  • 114
  • Brilliant! I was missing the step where you put the certificate in "Trusted Root Certification Authorities". Thanks for the extra hints on certificates and registry key as well. – ruffen Jun 14 '12 at 09:27