SecureBlackbox 16: Silverlight Environments: Security and Permissions
Silverlight environments require special attention to security-critical code, such as code that attempts to access the local file system, make p/invoke calls, or access system certificates.
Under normal circumstances, Silverlight applications run in a standard (nonelevated) environment. Such applications have no access to security-critical resources. When trying to access such resources, various exceptions (dependent on the operation) are thrown. For example, one can get the following exception when making a p/invoke call: "System.MethodAccessException: Attempt by security transparent method 'SBCryptoProvWin32.TElWin32ProviderInfo.AcquireProvider()' to call native code through method ... "
Silverlight applications can also run in elevated-trust environments. When running in such environments, they can access virtually all kinds of resources allowed for a generic .NET application. However, the elevated trust option must be explicitly configured for a Silverlight application by the developer and the user.
Configuring Trust for Out-Of-Browser Applications
Elevated trust for out-of-browser applications can be selected as an option in the project properties page in the out-of-browser settings dialog on the Silverlight tab.
Configuring Trust for In-Browser Applications
Configuring an in-browser application is a more sophisticated task. The following steps should be taken:
- Select the corresponding option on the Silverlight tab of the project properties.
- Sign the XAP file and referenced third-party assemblies with a certificate, which should be added to the Trusted Publishers system store.
The preceding two steps enable you to run and debug in-browser applications originating from the localhost address. If you need to run/debug Silverlight applications residing on remote websites or locally (with a file:/// URI) you must perform an additional step: set the AllowElevatedTrustAppsInBrowser (DWORD) value of the HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\ registry key (use the relevant Wow6432Node key for 64-bit SL environments) to 0x00000001.
Configuring Silverlight Applications for Elevated Environments
Besides configuring your Silverlight application in the above way, you should also configure SecureBlackbox to run in an elevated environment: Set the following global ElevatedPermissionsAvailable property to true.
SBUtils.Unit.ElevatedPermissionsAvailable = true;
References
Following are references to related Microsoft resources:
- How to: Enable Trusted Applications to Run Inside the Browser: See the guide to creating a trusted in-browser Silverlight application.
-
Trusted Applications: See the guide on assembly signing.
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.