Sunday, December 25, 2011

How to get unrestricted access in Silverlight 5

As you all know Silverlight 5 released with unrestricted access in InBrowser mode which gives full control to the Silverlight developers in the client machine. This post is to describe what are the changes you need to do at the server side as well as client side to leverage the trusted application feature.
  • Server side
    1. Make the IB elevated from project properties
    2. Sign the xap using certificate.

    1. Client side
      1. Install the cert into “trusted publishers”
      2. Change the reg key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight\AllowElevatedTrustAppsInBrowser” to 1
      3. The “Protected mode” of browser should be turned off for the zone.
    The above steps are mainly for Silverlight 4 to Silverlight 5 conversion and want to get the full trust support. If you just upgrading your projects there is no need to do above items. Just open in Visual Studio 2010 after installing the SL 5 tools.It will show the conversion wizard and just follows that. One thing you need to make sure is the reference path to Sl 5 assemblies.

    Steps to setup Silverlight 5 application to have unrestricted access in IB using elevated trust mode

    Ok.Now lets look at details of how we can create new SL project which access a file from c:\ in the In-Browse mode.First as usual create a Silverlight 5 Application. Then place a Button inside and wire the Click event handler.Write the below code in the handler to write a file to c:\

    private void btnWriteToCDrive_Click ( object sender, RoutedEventArgs e )
        File.WriteAllText(@"c:\FromSL5.txt","This is written from Silverlight 5 web application in InBrowser mode");

    Giving Elevated trust to SL 5 application

    Just to go to the Silverlight 5 project properties and in the Silverlight tab check the “Require elevated trust when running in-browser” check box.See the below screen shot for reference.

    Signing the xap

    Next step is to sign the xap file with a certificate. Just goto Silverlight project properties and check the “Sign the Xap File” check box.If you don’t have any certificate just create a new one using the “Create Test Certificate” button.

    Disable the browser protected mode

    The above changes are mainly for the server side. You need to do some at client side as well.The first one is to disable the protected mode in browser.Goto the internet options and disable it.

    Change registry entry

    As mentioned above just change the registry entry as it is.If you cant find the key just add a DWORD and set to 1. Still I am not sure how this step is carried out in other platforms such as MAC and Linux.

    That’s it.Now run your application.It will create a file inside c:\ from in browser.Just uploaded the sample by removing the certificate as it give some information about my company laptop Smile

    Welcome to my general coding blog.

    Most probably this will be my last post in this Silverlight technology blog. It’s a hard decision to stop this blog and use my general coding blog for all the programming related posts. Still I don’t know why I started separate blogs for each technology.May be my knowledge in SEO at that time lead me to have a new blog with technology name in the URL.Anyway changes are needed and I think this is the time to afford that. If possible I will post a last good bye post .Anyway you can start following me in my coding blog where my new Silverlight posts will come soon and it is.
    Joymon v/s Code

    Sunday, December 11, 2011

    Silverlight 5 released !! more access or security threat

    Finally it is released. Earlier than expected.'s-new-in-silverlight-5

    Nobody said that this is the final version in the Silverlight line as a web technology.But it can be because  Microsoft as a product company started promoting HTML 5.Look at their new OS windows 8. We can even write native windows applications using HTML5 and javascript.

    For the developers who still think that Silverlight will be available for long as a web technology, I have a small story .No its not a story its the history of web applications which brought RIA.

    The History of RIA

    Long long ago when speed of the internet connectivity was in single digit Kb/s, developers created browsers and people started using it. The job of the browser was simple. Get a server address known as URL from the user then retrieve some text from that URL address using socket and port, mainly port 80 and show that text to the user. If the retrieved text contains any markup tags, format the text between the start and end tag according to a name of the tag. That tagging or formatting language known as HTML.

    Later there came a scripting language which is executed by the browsers .This make people embed some code which will understand the page and even can modify the web page during runtime. But different browsers supported the language in different ways which made it difficult to write programs.

    Years passed .The speed of internet connection started expressing in double digits and at some places the unit Kb/s changed to Mb/s along with the fall of connection cost. Then people started thinking about the shortcomings of the HTML. They figured that if they want to draw a curve there is no inbuilt option to draw other than putting an image which adds load to the downloading content.This also reduce the quality when the same page is opened in big screens with high resolution.Another scenario they faced was lack of an option to refresh small portion of page. This demanded the HTML to support more tags and specifications. The people / panel who decides on HTML told changing the HTML specs is a long process. We cannot change it overnight. It will takes years to evolve. You need to continue using the technology as is.

    Some smart people effectively utilized this scenario .They didn't go to change the HTML specifications or the way browser deals with the tags and javascript. They created their own system which has it own run time independent of browser ,programming language, designer applications etc...They just asked browser "Can we get some space in your page?" The browser agreed and in the borrowed space they started playing.

    Wow...That was the first impression from people who saw these plug-ins in their browser. Its great,lets put it everywhere.This made a good competition in RIA.RIA is the name given to this technology and it stands for Rich Internet Applications. Investments on RIA technology increased rapidly. Even some people started creating their entire application in RIA excluding the HTML. But one day..

    As agreed earlier the governing body of HTML, planned to release specs on new version called HTML 5. This has enough tags to support short comings of old HTML, specification for javascript and much more. The RIA world got panic first but after that it settled down and one of them said that they are stopping their RIA and you can have a tool which will convert your RIA applications to HTML 5. Another RIA vendor said you can even create desktop applications using HTML 5 and Javascript.

    Everybody accepted and the world became ready for HTML 5 .Isn't it?

    What is next with Silverlight 5

    Now Silverlight web developers can directly access so many resources at client side even in the InBrowser mode. From the application developer's view its a great help,but just think from the system admin's / security personal's  view. They need to open up machine to an outside web application which may take up anything from the system or do anything to the system. I agree that there are certificates and other security measures. But don't know why I can't fully agree with this which makes it less different than a desktop application.

    I guess in near future if Silverlight as web technology survives HTML 5 ,we can hear about Silverlight VIRUS or some threat which may make it unacceptable. But as a developer I love Silverlight as it is the technology in Windows Phone :-)