Click here to Skip to main content
13,298,083 members (52,141 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


13 bookmarked
Posted 8 Nov 2010

Elevated Trust in Silverlight 4

, 9 Nov 2010
Rate this:
Please Sign up or sign in to vote.
Elevated trust is one of the most important new features in SL4, my post is going to concentrated discuss about elevated trust including accessing file system/isolated storage/registry, invoking COM objects and other executable files.


In Silverlight 4, Out Of Browser with elevated permission is significantly improved, now the OOB application has more privilege in accessing system resources such as the ability of accessing Isolated Storage, manipulating COM objects, accessing local registry entries, or even invoking Microsoft Speech API to phonate.

Essentially, to achieve this, the main improvements are:

  1. Microsoft gives Silverlight 4 OOB applications the ability to request elevated trust.

    From Trusted Applications
    You can configure out-of-browser applications to require elevated trust. After installation, these trusted applications can bypass some of the restrictions of the security sandbox. For example, trusted applications can access user files and use full-screen mode without keyboard restrictions.

  2. A new concept coming from .NET 4.0 called “late binding”, the C# key word: dynamic could be use to declare a undetermined type at build time, during runtime, Microsoft.CSharp.RuntimeBinder will do dynamically building.


My post is going to concentrate on discussing about elevated trust, so read the articles below if you have any issues about creating OOB and request elevated permission.

I developed a simple Silverlight OOB demo, it will access local system resources including:

  • Let user choose some file(s) and then copy them to isolated storage.
  • Access isolated storage enumerate all files.
  • Create a txt file under drive C: by invoking “Scripting.FileSystemObject”, as well as read its content back.
  • Write registry entry under HKEY_CURRENT_USER, read registry entry under HKEY_LOCAL_MACHINE, by using “WScript.Shell”.
    Note: Silverlight OOB application will NOT have write permission to HKLM, it only has read permission.
  • Run another executable files located on the system by using “WScript.Shell”.
  • Phonate a sentence user input into the textbox.

Screen shot

After installing on the system, its UI is shown below (I know it is really poor… SorrySmile):



The elevated permission ONLY enabled in Out Of Browser scenario, so in our Silverlight application we need check whether currently it is running out of browser:

    // Access local file, registry, COM, etc.

In addition, to invoke COM objects, we need to check whether AutomationFactory is available:

if (AutomationFactory.IsAvailable)

OK, here we go to see the code behind to implement elevated permission.

  1. Click on Button – “Copy File to Isolated Storage access”, a File open dialog will popup, screenshot below:


    Code behind to open file dialog:

    OpenFileDialog dlg = new OpenFileDialog 
    	{ Filter = "All files (*.*)|*.*", Multiselect = true };
    var dlgResult = dlg.ShowDialog();

    Read selected file(s) and copy them to isolated storage:

    IsolatedStorageFile iso = IsolatedStorageFile.GetUserStoreForApplication();
    foreach (FileInfo file in dlg.Files)
        using (Stream fileStream = file.OpenRead())
            using (IsolatedStorageFileStream isoStream =
                new IsolatedStorageFileStream(file.Name, FileMode.Create, iso))
                // Read and write the data block by block until finish
                while (true)
                    byte[] buffer = new byte[100001];
                    int count = fileStream.Read(buffer, 0, buffer.Length);
                    if (count > 0)
                        isoStream.Write(buffer, 0, count);

    Code behind for “Load file from isolated storage”:

    var isoFiles = 
      from files in IsolatedStorageFile.GetUserStoreForApplication().GetFileNames()
                      select files;
  2. Create a text file at “C:\WayneTestSL4Fso\WayneTest.txt”, please note: if you use System.IO.File to do such operation you won’t succeed, I guess it is because elevated trust is still not directly implemented in a lot of managed assemblies. Here in my demo, I used Scripting.FileSystemObject:
    private String folderPath = "C:\\WayneTestSL4FSO";
    private String filePath = "C:\\WayneTestSL4Fso\\WayneTest.txt";
    using (dynamic fso = AutomationFactory.CreateObject("Scripting.FileSystemObject"))
        if (!fso.FolderExists(folderPath)) fso.CreateFolder(folderPath);
        dynamic txtFile = fso.CreateTextFile(filePath);
        txtFile.WriteLine("Some text...");

    P.S. While I used “dynamic” keyword for the first time within a using statement, I was a little bit surprised, I can simply try to dispose a dynamic object without checking whether it has implemented IDisposible, hence I tried run using (dynamic x = 8 ), then I got thisSmile:


    OK, let’s get back to the code implementation for reading the text file I just created.

    var fileContent = String.Empty;
    using (dynamic fso = AutomationFactory.CreateObject("Scripting.FileSystemObject"))
        dynamic file = fso.OpenTextFile(filePath);
        fileContent = file.ReadAll();
  3. Registry write/read, please note: we can only have registry write permission to HKCU NOT HKLM, we have read permission to HKLM entries.
    using (dynamic wScript = AutomationFactory.CreateObject("WScript.Shell"))
        // Only has write permission to HKCU
                "SomeStrValue", "REG_SZ");
    using (dynamic wScript = AutomationFactory.CreateObject("WScript.Shell"))
        string dotNetRoot =
  4. Run another local application
    using (dynamic wScript = AutomationFactory.CreateObject("WScript.Shell"))
        //Refer WScript.Run at: 
        wScript.Run("iexplore", 1, true);

    Note 1: WScript.Shell.Run method can accept not only executable files, but also accepts *.bat, Windows Script Host files (*.vbs, *.js) or PowerShell script files, etc.

    Note 2: Intention to elevate more permission by running another EXE or script file definitely won’t succeed, for example, if I try to invoke AccessKHLM.js below from my OOB application, I will get a 80070005 error code that indicates access denied:

    var WshShell = WScript.CreateObject("WScript.Shell");
    WshShell.RegWrite("HKLM\\Software\\WayneTestValue\\", 1, "REG_BINARY");


    If you double click the Demo.js, you will succeed since you are a Windows Administrator, while “Silverlight-based applications runs in partial trust, which means they run within a security sandbox“. For more information, please refer to Trusted Application.

  5. Phonate a sentence
    using (dynamic speechApi = AutomationFactory.CreateObject("Sapi.SpVoice"))
  6. Code to implement close button “X” appear on the upper-top corner.
    using (var wScript = AutomationFactory.CreateObject("WScript.Shell"))
        wScript.Run(@"cmd /k taskkill /IM sllauncher.exe & exit", 0);

    This is a little bit tricky, I searched a while on Google and found a great article Programmatically exit Silverlight 4 Out-of-browser application. Essentially the code invokes WScript.Shell and runs cmd and terminates sllauncher.exe, so that our OOB process gets killedSmile with tongue out.


With elevated trust for Silverlight OOB applications, we can do much more than ever, it gives more confidence to develop Enterprise business applications using Silverlight technology. Yesterday, I saw Scott Guthrie posted a blog talking about Silverlight, he mentioned Microsoft will absolutely continue to work hard on Silverlight for Enterprise Business Applications (both online and OOB).



This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Wayne Ye
Software Developer (Senior) SAP Labs Shanghai
China China
Wayne is a software developer, Tech Lead and also a geek. He has more than 6 years' experience in Web development(server: ASP.NET (MVC), Web Service, IIS; Client: HTML/CSS/JavaScript/jQuery/AJAX), Windows development (Winform, Windows Service, WPF/Silverlight, Win32 API and WMI) and SQL Server. Deep understanding of GOF Design Patterns, S.O.L.i.D principle, MVC, MVVM, Domain Driven Design, SOA, REST and AOP.

Wayne's Geek Life

Infinite passion on programming!

You may also be interested in...

Comments and Discussions

GeneralMy vote of 5 Pin
osmofrilander15-Nov-10 21:03
memberosmofrilander15-Nov-10 21:03 
GeneralMy vote of 5 Pin
mamta_m_d9-Nov-10 1:26
membermamta_m_d9-Nov-10 1:26 
GeneralRe: My vote of 5 Pin
Wayne Ye9-Nov-10 1:45
memberWayne Ye9-Nov-10 1:45 
GeneralMy vote of 5 Pin
njbaige8-Nov-10 16:49
membernjbaige8-Nov-10 16:49 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.171207.1 | Last Updated 10 Nov 2010
Article Copyright 2010 by Wayne Ye
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid