For more info click Windows Presentation Foundation Partial Trust Security.
How to manually change code group to make your site full trust
Go control panelàAdministrative ToolsàMicrosoft .NET Framework 2.0 Configuration Add expand runtime security policyàCode Groups.Add a new code group with following settings
This will make you site as full trust in for that client.For more info click Code Access SecurityIn real life it’s not possible to say your client to change his machine code group policy to overcome this you can give a patch that will create code group for you in client machine or you can make it totally encapsulate with help of activeX. Here is the code that will create code group.
namespace Environment{
[Guid("9E019B4B-C7EC-4951-AC6E-6E809940F753")]
public interface COM_Interface{
[DispId(1)]
void create(string siteName, string groupName);
[DispId(2)]
bool HasFullTrust(string groupName);
}
[Guid("EE985754-3E90-4e0c-81F6-5C2F00784524")]
[ClassInterface(ClassInterfaceType.AutoDual)]
public class CodeGroupCreator1: COM_Interface {
public void create(string siteName,string groupName){
try{const string userPolicyLevel = "Machine";
//// Locate the User policy level.
policyLevel level = null;
System.Collections.IEnumerator ph = System.Security.SecurityManager.PolicyHierarchy();
while(ph.MoveNext()){
level = (PolicyLevel)ph.Current;
if (level.Label == userPolicyLevel)break;
}
if(level.Label != userPolicyLevel)throw new ApplicationException("Could not find User policy level.");
IMembershipCondition membership =new UrlMembershipCondition(siteName);
UnionCodeGroup codeGroup = new UnionCodeGroup(membership,
new PolicyStatement(new PermissionSet(PermissionState.Unrestricted)));
codeGroup.Name = groupName;
codeGroup.PolicyStatement = new PolicyStatement(level.GetNamedPermissionSet("FullTrust"));
// Add the code group to the User policy's root node.
System.Collections.IEnumerator em = level.RootCodeGroup.Children.GetEnumerator();
bool alreadyHas = false;
while(em.MoveNext()){
if (((CodeGroup)em.Current).Name == groupName)alreadyHas = true;break;
}
if(alreadyHas == false){
level.RootCodeGroup.AddChild(codeGroup);
//Save the changes to the policy level.
System.Security.SecurityManager.SavePolicy();
}
}catch (Exception){}}
public bool HasFullTrust(string groupName){
bool alreadyHas = false;
try{
const string userPolicyLevel = "Machine";
////Locate the User policy level.
PolicyLevel level = null;
System.Collections.IEnumerator ph =System.Security.SecurityManager.PolicyHierarchy();
while (ph.MoveNext()){
level = (PolicyLevel)ph.Current;
if (level.Label == userPolicyLevel)break;
}
System.Collections.IEnumerator em = level.RootCodeGroup.Children.GetEnumerator();
while (em.MoveNext()){
if (((CodeGroup)em.Current).Name == groupName){alreadyHas = true;break; }}}catch{}return alreadyHas; }}}
This code can be deployed as ActiveX.For more info about Packaging ActiveX Controls click here.After installing this code as ActiveX you can call it by java script and create code group
function CheckFullTrust(){
try{var x = new ActiveXObject("Environment.CodeGroupCreator1");
if(!x.HasFullTrust("MakeMeFulltrust")){x.create("http://lablalla/*","MakeMeFulltrust"); }}catch(e){window.location="Error.aspx";}}
The idea is you can first check is the client considering you site as full trust or not?? By java script, then you can load your xbap or make first your site full trust by calling ActiveX method from java script later load xbap.
Related link
Creating A Full Trust Avalon Web Browser (.xbap) Application http://blogs.msdn.com/karstenj/archive/2005/11/29/498061.aspx
ClickOnce Deployment failed due to improper trustshttp://blogs.msdn.com/akshayns/archive/2007/05/02/clickonce-deployment.aspx
ClickOnce Deployment of XBAP/WPF Full Trust Applicationhttp://sdolha.spaces.live.com/blog/cns!4121802308C5AB4E!4845.entry
2 comments:
Hi William Johnston,
hopefully you will find Microsoft .NET Framework 2.0 Configuration tools in following setup
http://www.microsoft.com/downloads/details.aspx?familyid=fe6f2099-b7b4-4f47-a244-c96d69c35dec&displaylang=en
To run your application in full trust mode you have to give a entry in
%windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config file using tools or API or manually like this
>CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="FullTrust" Name="node"> >IMembershipCondition class="UrlMembershipCondition" version="1" Url="http://www.assenlycamefrom.com/*"/">>/CodeGroup>
thanks
nahid
>Nahid:
>The link to control >panelàAdministrative >ToolsàMicrosoft .NET Framework 2.0> Configuration is no longer available.
>Could you provide an updated instruction?
>Thanks,
>William Johnston
Hi,
Does this mean you do not need a Certificate?
David
Post a Comment