The user can access the GXS report from IE, but cannot access it from WPF WebBrowser, it seems some security setting in user’s machine might be not in place.
After googling for possible solutions, we found, this one looks making sense, http://blogs.microsoft.co.il/blogs/maxim/archive/2008/03/05/wpf-xbap-as-full-trust-application.aspx, it requires WPF web application published as full trust application. It needs GXS release and deployment, not realistic to try for now.
Another one, set up the configuration on local machine, run xbap full trust, http://stackoverflow.com/questions/654392/how-do-i-run-a-full-trust-xbap-on-intranet,
So far, I've found 2 ways to do this. Through a really complicated method of installing certificates on the target machine.
Or through a simpler method, which is only suitable for intranets here:
Deploy a custom CLR Security policy that modifies the default permissionset for the given zone
So I did just that, and it works. Here's the detailed steps how I got it to work:
- Open Control Panel > Administrative Tools > .NET Framework 2.0 Configuration
- Expand Runtime Security Policy > Machine > Code Groups > All_Code
- Right Click All_Code and click New…
- Create a new code group, I named mine MyProject_FullTrust_Zone
- Choose the URL condition type and specify the path on the network where the apps will be deployed.
- Choose Use Existing permission set, and set it to Full Trust.
Now the only problem with this method, is that I have to deploy this change to hundreds of machines. So maybe there's still a simpler way to do this?
===============
How to run WPF - XBAP as Full Trust Application
Recently I work on WPF-XBAP application that will run from intranet website:
This application must have unrestricted access to client's OS resources (that is unusual for XBAP projects):
I publish it on local website by using "Click-Once" deployment mechanism:
User can launch the application from deployment page (also can run application setup):
I get security error ("User has refused to grant required permissions to the application"):
Means that application tried to perform some restricted action, beyond of XBAP sandbox. Actually it tried to read local video file:
(It reads video file from local source, for preview option before uploading it to FTP server)
After some research I found how to fix that:
(1) Project must be signed with "Click-Once" manifest (security certificate file):
(If project doesn't contain "Test Certificate" click on rounded button to create a new one)
(2) After temporary certificate was created we'll save it into file (click on "More Details"):
File export wizard (step A):
File export wizard (step B):
File export wizard (step C):
(Enter username and password, only if you did so while "Test Certificate" creation in par. 1)
File export wizard (step D):
File export wizard (step E):
File export wizard (step F):
(Now project certificate is saved as external file)
(3) Now we'll go to Internet Explorer and will register this certificate:
(Open "Internet Options" from "Tools" menu)
Click on "Certificates" in "Content" tab:
Import certificate file from "Trusted Root Certification Authorities" tab:
File import wizard (step A):
File import wizard (step B):
File import wizard (step C):
File import wizard (step D):
Confirm importing:
If succeed you'll get this window:
And will see certificate here:
Do same in "Trusted Publishers" tab:
Close IE options:
(6) No we'll go to "Signing" tab in project options and will select registered certificate:
Select registered certificate from local store:
(5) Republish the application:
Now XBAP can run in "Full Trusted" mode:
Hope this post was helpful ;-)
344
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
