Using ICE in a XAML Browser application

JvDJvD Member Joost van DoornOrganization: MobaProject: Main Control Software
In order to create a browser based application for Windows, Silverlight in combination with Ice for Silverlights is an option. The disadvantages of this approach is the limited API that is provided by Silverlight when comparing it to the entire .NET framework. Another disadvantage is that all programming has to be done asynchronously (using threads and delegates).

I am writing another type of client application, a XAML Browser Application. This provides support for the full .NET framework and can be deployed onto apache and browsed using FireFox. However I have serious problems to use Ice in this situation. When I perform the first Ice.Util.initialize call I get an exception: This assembly does not call partly trusted callers.
I have installed Ice.dll into the Global Assembly Cache and added the gac-ed Ice.dll to the references of the project. I have deployed the application, using ClickOnce, into a directory on my disk and then transferred this directory to the Apache HTDocs.

How can I solve this problem?

Best regards, Joost van Doorn

Comments

  • xdmxdm ZeroC Staff La Coruña, SpainAdministrators, ZeroC Staff Jose Gutierrez de la ConchaOrganization: ZeroC, Inc.Project: Ice Developer ZeroC Staff
    Hi Joost
    I am writing another type of client application, a XAML Browser Application. This provides support for the full .NET framework and can be deployed onto apache and browsed using FireFox. However I have serious problems to use Ice in this situation. When I perform the first Ice.Util.initialize call I get an exception: This assembly does not call partly trusted callers.
    I have installed Ice.dll into the Global Assembly Cache and added the gac-ed Ice.dll to the references of the project. I have deployed the application, using ClickOnce, into a directory on my disk and then transferred this directory to the Apache HTDocs.

    You cannot call Ice.dll in GAC from a XAML Browser application for a explanation of why this is not allowed see .NET Security Blog : Allowing Partially Trusted Callers

    I have been able of run a minimal XAML Browser application that connects to the hello server, but you need to host the Ice.dll with your application and the corresponding Ice.dll.deploy file that is created when you publish the application.

    You also need to enable "this is a full trusted application" in ClickOnce Security Settings.

    To deploy the application with your web server you need to sign the application with a trusted certificate that should be added to the client browser trusted publishers.

    you could also found this msdn blog interesting IRhetoric - Karsten Januszewski : Creating A Full Trust Avalon Web Browser (.xbap) Application

    I'll investigate if is possible to run Ice applications as partial trusted for "Internet" zone with ClickOnce security settings restrictions and inform you when i get more info

    Let us know if you have further questions about this.

    Regards,
    José
  • xdmxdm ZeroC Staff La Coruña, SpainAdministrators, ZeroC Staff Jose Gutierrez de la ConchaOrganization: ZeroC, Inc.Project: Ice Developer ZeroC Staff
    Hi Joost

    After looking a bit more to this issue seems that is not possible to run Ice applications as untrusted XAML Browser applications because socket operations are only allowed to trusted signed applications.

    Regards,
    José
  • JvDJvD Member Joost van DoornOrganization: MobaProject: Main Control Software
    We have tried to make the changes you suggest in your replies. But up to now we do not have the desired result. We have performed the following actions:
    1. Added Ice.dll to the references of the project. The copy to local property of this reference is set to true.
    2. The application is set to be Fully Trusted.
    3. The application is signed using the default temporary password that is included into the solution (.pfx file).
    4. The same key was installed into Internet Explorer.
    5. The application was published.

    When browsing with a different computer to the URL we get a "Trust not granted" exception. I have included the exception log as an attachment. What are we doing wrong.

    Best regards, Joost van Doorn
  • xdmxdm ZeroC Staff La Coruña, SpainAdministrators, ZeroC Staff Jose Gutierrez de la ConchaOrganization: ZeroC, Inc.Project: Ice Developer ZeroC Staff
    Hi Joost,

    Have you installed the certificate in "Trusted Certification Authorities" and "Trusted Publishers" in Internet explorer. You should install the certificate in both places to get rid of the "Trust not granted" error

    Hope this solve the issue,

    José
  • kwaclawkwaclaw Oshawa, CanadaMember Karl WaclawekOrganization: Personal
    xdm wrote: »
    Hi Joost
    After looking a bit more to this issue seems that is not possible to run Ice applications as untrusted XAML Browser applications because socket operations are only allowed to trusted signed applications.

    I have battled .NET security as well, as I have a need to run an application in a sandboxed AppDomain while still using Ice, and so I found this thread.

    However, from what I found out, it should be possible to mark the Ice assemblies with the AllowPartiallyTrustedCallers attribute, and then mark all code that needs to access trust requiring code (like socket operations) with the SecuritySafeCritical attribute. This attribute means that one allows the code to be called from untrusted code, while at the same time this code can call trusted code, a kind of trust mediator in-between.

    I found some info here:
    Security-Transparent Code, Level 2
    and here
    How to: Run Partially Trusted Code in a Sandbox

    Alternatively one might create a "SecuritySafeCritical" adapter layer which can call legally into ICE, but that would be cumbersome.

    Since ASP.NET apps can run in a sandbox while still being remotely accessible, I think that Ice should be able to do the same.

    Karl
Sign In or Register to comment.