The basic problem is that I can't figure out how to get an xbap application that needs to run as "full trust" to execute in a browser.
Here are the steps I've gone through:
Using vs 2008 sp1, I created a new xbap application, and then published it to a sub folder "clickonce" of a newly created asp.net web application in the same solution. I also specified an installation URL for the xbap as http://localhost/xbaptest/clickonce (local IIS7 app called xbaptest points to web app mentiond previously).
When I run the xbap using the URL http://localhost/xbaptest/clickonce/WpfBrowserApplication1.xbapin a browser it works perfectly.
Then, I say that I need the app to run as full trust and republish.
Now, the app won't run in the browser, giving a "trust not granted" page, with the following error summary, which I'm sure we're all familliar with:
Below is a summary of the errors, details of these errors are listed later in the log.
* An exception occurred while determining trust. Following failure messages were detected:
+ User has refused to grant required permissions to the application.
* An exception occurred while downloading the application. Following failure messages were detected:
+ The AssertApplicationRequirements method failed. The application cannot be committed.
The publish wizard created a test certificate and appears to have signed the published deployment manifest (.xbap file) with it when I publish.
And, I then installed that certificate to the "Trusted Publisher" certificate store.
But, regardless, when I try to access the xbap from a browser using the same URL, I continue to get the same error.
What am I missing here?
Thanks.
roger reynolds | | roger reynolds Thursday, June 25, 2009 4:52 PM | Hi Roger, From the computer that you are trying to run the XBAP application on, can you run the following command (you can run it from the Run Dialog, or a command prompt): C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol -m -ag 1 -url " http://localhost/xbaptest/clickonce*" FullTrust -exclusive on This willgrant the full trust to that application. Once you have run this command, try browsing to the application again and see if it works. / - Marked As Answer byLinda LiuMSFT, ModeratorTuesday, June 30, 2009 7:49 AM
-
| | Ryan Taylor Thursday, June 25, 2009 7:28 PM | Hi Roger, From the computer that you are trying to run the XBAP application on, can you run the following command (you can run it from the Run Dialog, or a command prompt): C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol -m -ag 1 -url " http://localhost/xbaptest/clickonce*" FullTrust -exclusive on This willgrant the full trust to that application. Once you have run this command, try browsing to the application again and see if it works. / - Marked As Answer byLinda LiuMSFT, ModeratorTuesday, June 30, 2009 7:49 AM
-
| | Ryan Taylor Thursday, June 25, 2009 7:28 PM | Thanks. Except that I had to change the command line to be C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol -m -ag 1 -url " /http://localhost/xbaptest/clickonce*" FullTrust -exclusive on yes, it works.(add / after clickonce) But, isn't the ideathat an administrator is supposed to be able to add my certificate to alist of trusted publishers set by group policy for their domain, and thereby not have to do this on every individual workstation that needs to run apps from this source. Thanks.
roger reynolds | | roger reynolds Friday, June 26, 2009 12:18 AM | Hi Roger,
> But, isn't the ideathat an administrator is supposed to be able to add my certificate to alist of trusted publishers set by group policy for their domain, and thereby not have to do this on every individual workstation that needs to run apps from this source.
No,the thingisn't what you thought. Adding the certificate to trustedpublishercertificatestore onthe client machine only makes the publisher known to the client machine. You still need to grant the fulltrust permission set to the assembly or URL where the assembly originates using the caspol.exe tool.
Hope this helps.
Sincerely,
Linda Liu
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
end us any feedback you have about the help from MSFT at fbmsdn@microsoft.com. | | Linda Liu Tuesday, June 30, 2009 8:17 AM | OK, thanks.
One last question then...
If I were to want to grant FT at the assembly level rather than the URL, would it bethe setup.exe assembly ormy actual application assembly(s)?
roger
roger reynolds | | roger reynolds Tuesday, June 30, 2009 1:59 PM | Hi Roger, Since a WPF Browser application can only be launched online, we can only grant theFullTrust permission set to the URL rather than the assembly itself. To be specific, you can grant FT to http://localhost/xbaptest/clickonce/WpfBrowserApplication1.xbap instead. Sincerely, Linda Liu
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
end us any feedback you have about the help from MSFT at fbmsdn@microsoft.com. | | Linda Liu Wednesday, July 01, 2009 7:30 AM | Thanks.
I guess what I'm thinking of is a situation where the application URL changes. This would require the administrator to (re)visit all clients where the app is used andrerun caspol to specify the new location. If the trust was granted to the assembly itself, then it wouldn't matter so much where it was deployed from. At least, that's my view.
roger
roger reynolds | | roger reynolds Wednesday, July 01, 2009 3:10 PM | I have tried the above and I still can not get full trust XBAP app to run,is it possible that there migh be issues when I deploy to a server and try to access the app from a domain? | | FoxRacing Thursday, August 13, 2009 7:06 AM |
|
index > ClickOnce and Setup & Deployment Projects > can't work out how to do full xbap and full trust