A new feature Silverlight 5 Beta has introduced is the ability to do some of the “trusted” features in the browser.

This brings the current functionality of trusted applications in current form to be used in the browser context without having to be installed.

This still requires the XAP to have the Elevated Permissions security setting in the manifest as it would exist with out-of-browser applications as well as the XAP being signed (and the certificate in the user’s trusted publisher store).

For example, Multiple window support has been added in Silverlight 5 Beta for Trusted OOB applications. Here’s a code snippet from xamlgeek.net

Silverlight 5 supports the ability to open multiple top-level windows. It is required that the application run with elevated permissions.

clip_image001

Closing the main application window will cause all windows to close.

I would be writing more in detail about each of the new Silverlight 5 features in future posts…

For more on how to create a trusted application follow the guide below:

Request elevated trust

Check the “Require elevated trust when running outside the browser” check box in the Out-of-Browser Settings dialog box.

Out-of-Browser Settings dialog box, Require elevated trust option

When users attempt to install an application that requires elevated trust, they are shown a security warning instead of the normal install dialog box. The default warning indicates that the publisher is not verified, and does not display your application icon.

Security Warning dialog box for unsigned application requiring elevated trust

Sign your XAP

You should always sign an application that requires elevated trust to enable verification that you are the publisher. For debugging purposes, Visual Studio lets you create and use a test certificate.

Signing page, project designer

A signed application still displays the security warning at install time, but the message is milder and includes your application icon.

If you would like to know more about application signing visit this MSDN article.

Security Warning dialog box for signed application requiring elevated trust

After installation, the trusted application can access all of the out-of-browser features. Additionally, it is not subject to security restrictions such as user-consent requests and full-screen keyboard limitations.

Related links

Advertisements

2 thoughts on “Silverlight Trusted Applications

  1. Hi this article is really great. I was able to deploy my signed silverlight OOB on IIS on our Server. However despite that the signed xap was deployed to IIS when accessing the the app on the other machine (client) the Installation Menu still shows warning(Unverified) publisher. I understand that in order for the client to enjoy auto-update feature of silverlight oob app, the installation oob app should has been signed. I discovered that in order for the client to see the oob app as signed application, this client machine should install first the certificate used by the server for that app. Is there anyway to resolved the issue? Its not ideal for every client to install first the certificate, the same certificated used to sign the oob app. Try the issue above and you will replicate the issue.

    Help please.

    1. Hi Jobzky, this is not a issue but a security feature in Silverlight. This is the only way, the client can authorize your application to run in as a signed application in elevated trust. The security warning indicates that the application can access user data. The warning differs depending on whether the application has a valid digital signature. Applications without valid signatures (also known as unverified applications) present a greater security risk, so the warning is more prominent.

      Thanks, Shubhan

Share your thoughts

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s