9

With the new Silverlight 5, we can now have an In-Browser elevated-trust application. However, I'm experiencing some problems to deploy the application.

When I am testing the application from Visual Studio, everything works fine because it automatically gives every right if the website is hosted on the local machine (localhost, 127.0.0.1).

I saw on MSDN that I have to follow 3 steps to make it work on any website:

  1. Signed the XAP — I did it following the Microsoft tutorial
  2. Install the Trusted publishers certificate store — I did it too following the Microsoft Tutorial
  3. Adding a Registry key with the value AllowElevatedTrustAppsInBrowser.

The third step is the one I am the most unsure about. Do we need to add this registry key on the local machine or on the server? Is there any automatic function in Silverlight to add this key or is it better to make a batch file?

Even with those three steps, the application is still not working when called from another url than localhost.

Does anybody have successfully implemented an in-browser elevated-trust application? Do you see what I'm doing wrong?

Sources:

ЯegDwight
  • 24,821
  • 10
  • 45
  • 52
Philippe
  • 986
  • 1
  • 6
  • 17
  • 1
    Did you find a solution to your problem ? I'm facing the exact same issue... Thanks – Andy M Apr 10 '12 at 05:54
  • See Fares Noueihed answer. It points out that self signed certificates also need to be added to the Trusted Root Certificate Authority. – jmc Jul 31 '12 at 14:21

5 Answers5

12

There are lots of great resources describing this process, including the ones mentioned in responses here. I wanted to document the steps that worked for us. (Silverlight 5.1.10411.0)

Here are the steps that we took to enable In-Browser Trusted Applications:

  1. Sign the Xap file with code signing key.
  2. Install public code signing key into "Certificates->Current User->Trusted Publishers"
  3. Set the DWORD registry key AllowElevatedTrustAppsInBrowser = 1 at 
    SL 64 bit path: HKLM\Software\Wow6432Node\Microsoft\Silverlight
    SL 32 bit path: HKLM\Software\Microsoft\Silverlight
  4. Open the Silverlight project in a text editor and verify the following entries exist: 
    <RequireInBrowserElevation>true</RequireInBrowserElevation>
<InBrowserSettingsFile>Properties\InBrowserSettings.xml</InBrowserSettingsFile>
  5. Check that the Properties\InBrowserSettings.xml exists and contains: 
    <InBrowserSettings>
  <InBrowserSettings.SecuritySettings>
    <SecuritySettings ElevatedPermissions="Required" />
  </InBrowserSettings.SecuritySettings>
</InBrowserSettings>

Note:

  • If you use a self signed certificate while testing, you will also need to install it into "Certificates->Current User->Trusted Root Certification Authorities". (Buy one before you go into production)
  • Once you sign a XAP file you cannot unzip and modify it as doing so breaks the signing (it must be resigned).
  • Don't forget to clear your browser cache if you are caching the xap file.
  • This worked on Windows 7 and Windows 8 Release Preview (desktop mode) with IE, Chrome, Firefox and Safari.
jmc
  • 813
  • 10
  • 18
Fares
  • 669
  • 6
  • 11
  • Bingo for pointing out the self signed gotcha. This seems to trip a lot of people up. – jmc Jul 31 '12 at 14:22
  • +1 The trick for me was to install the signing certificate into Trusted Publishers (the Issuing authority certificate in Trusted Publishers and Trusted Root Certification Authorities was not enough). – gius Sep 18 '12 at 12:37
  • Could u explain please if we need some certificate to upload files under SL in general? – NoWar Sep 27 '12 at 17:37
2

I have successfully created in-browser Silverlight 5 app with elevated privileges fallowing this msdn article. You can always check if Your app has elevated privs with:

Application.Current.HasElevatedPermissions

My problem is that while it works without problem in Firefox 14, IE9 needs to be run as administrator in Windows 7. I am currently looking for a way to make it work without executing IE as administrator. If anybody knows how to do this I would appreciate the help.

Edit:

Wow. Actually link from Aaron McIver post helped me a lot. I just switched "Enable protected mode" off and now it works just fine without administrator rights. :D

Grzegorz W
  • 3,487
  • 1
  • 21
  • 21
1

The registry edit needs to be on the client machine; the machine executing the Silverlight application.

There is a demo available via the XAMLGEEK; as everything you laid out should get you in a working state. Mike Taulty also has an excellent walk through.

Aaron McIver
  • 24,527
  • 5
  • 59
  • 88
  • Do you think the problem is that I'm using a created certificat? Do I have to buy one? – Philippe Dec 20 '11 at 04:54
  • No you shouldn't need to buy one. – Aaron McIver Dec 20 '11 at 05:07
  • No you don't need to buy one, but if you create your own certificate, you need to also add it to the Trusted Root Certificate Authority. Adding you're own self signed certificate to only the Trusted Publishers will not work. (see Fares Noueihed answer, its by far the most comprehensive and points out this rather important point) – jmc Jul 31 '12 at 14:19
0

I would like to connect with silverlight app to socket on port 10001 on same host address where app is hosted.

Is it possible to done that without changing anything on client side?

aselan
  • 1
  • 1
0

i am also face same kind of problem

when we use test certificate that will work only for local machine.

you have to sign your app with another certificate , and it will work.

question link Silverlight 5 In browser trusted application

Community
  • 1
  • 1
Chirag
  • 375
  • 4
  • 30