Trusted and sandboxed applications in Silverlight 4

Trusted and sandboxed applications in Silverlight 4

Application developers are constantly pushing the boundaries between Web applications and client applications. We want our Web apps to work more like client apps and vice versa. But Web application developers must face the security implications inherent in the Web deployed model. The big question, how much trust should be granted to an Internet application?

Silverlight is a great case in point. Imagine that your Silverlight application requires access to the user's webcam or you wish to write files into the My Music folder. Silverlight is a Web technology, or at least is deployed via a browser. To mitigate security concerns Silverlight is constrained to run in a sandbox. This sandbox restricts what the Silverlight application can do to the local computer. This is sensible as administrators need assurance that Silverlight applications won't commandeer the system. But this also means that sandboxed applications are walled off from accessing local devices, like hard drives and webcams for example.

Types of Out Of Browser applications
Silverlight 3 blurred the line between online and offline applications by enabling the Out Of Browser (OOB) setting. In version 3 you can take your application out of browser which permits the user to enjoy your application while disconnected from the network. Version 4 ramps up the features available to OOB applications.

Living in the sandbox

HTML Hosting: It's

    Requires Free Membership to View

    Login

    When you register, you'll begin receiving targeted emails from my team of award-winning writers. Our goal is to provide a unique online resource for developers, architects and development managers tasked with building and maintaining enterprise applications using Visual Basic, C# and the Microsoft .NET platform.

    Hannah Smalltree, Editorial Director

    By submitting your registration information to SearchWinDevelopment.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchWinDevelopment.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

now possible to include embedded HTML within your Silverlight application. Use the new WebBrowser control as follows:

 <WebBrowser x:Name="bannerAdControl" Width="300" Height="200" /> <!-- add html to webbrowser control --> bannerAdControl.NavigateToString("<h1>Download Silverlight now.</h1>");

Under the hood the WebBrowser control uses WebKit on the Mac and the IE browser control on Windows.

OOB Window settings: Silverlight 4 offers full control over window settings such as start position and size.

Popup Notifications: You're probably familiar with the animated 'toast' window that is used by Windows application to provide real-time notifications from email clients. Here's how to launch a notification from an OOB application.

 var nw = new NotificationWindow(); nw.Width = nw.Height = 300; var cn = new CustomNotificationWindow(); cn.Header ="New Mail"; cn.Text ="You have new mail!"; . . . nw.Contents = cn; nw.Show(3400);

Requesting elevated privileges
Silverlight 4 has a number of new features that need elevated privileges. For security reason this can only be granted if the user consents to an elevation request. To ask for permission to use the webcam, use the CaptureDeviceConfiguration.RequestDeviceAccess( ) method. Make this call and you will the following dialog.

Once the user has granted permission you can grab the video stream with a few lines of code.

 CaptureSource cs; var device = CaptureDeviceConfiguration.GetDefaultVideoCaptureDevice(); if (null != device) { cs = new CaptureSource(); cs.VideoCaptureDevice device vcd; cs.Start(); var brush = new VideoBrush(); brush.Stretch = Stretch.Uniform; brush.SetSource(cs); rect.Fill = videoBrush; }

Trusted applications
Additional features are available to OOB applications which are granted trust from the user. Simply set the "Require elevated trust…" checkbox in the Visual Studio 2010 properties settings. Yes, Silverlight has a group policy which administrators can use to manage which applications or domains are trusted.

The user will see the following dialog box when converting a Silverlight application to an OOP application.

Now that you have full trust, here is a partial list of the new Silverlight 4 privileges.

  • Full Screen Keyboard Access: To prevent spoofing attacks Silverlight 3 disables most keyboard events while in full screen mode. In Silverlight 4 this restriction has been lifted for trusted OOB applications.
  • File Access: Read and write to the more areas of the hard drive including My Music, My Document etc. on Windows OS and similar location on the Mac.
  • COM automation: Permits access to COM automation servers like Microsoft Excel, USB security card readers and other devices.
  • Network Cross Domain: Networking restrictions on HTTP access are dropped for trusted OOB applications. Grab resources from any domain without needing a cross-domain policy file in place.


This was first published in December 2009

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top