For XBAP applications, code that exceeds the default Internet zone permission set will be detected by CAS and will result in a security exception being raised and the application ending. While this protects users, it does not provide for the best user experience.
In general, code that may exceed the allowed permissions is likely to be common code that is shared between both standalone and browser-hosted applications. CAS and WPF offer several techniques for managing this scenario.
Detecting Permissions Using CAS
In some situations, it is possible for shared code in library assemblies to be used by both standalone applications and XBAPs. In these cases, code may execute functionality that could require more permissions than the application's awarded permission set allows. Your application can detect whether or not it has a certain permission by using Microsoft .NET Framework security. Specifically, it can test whether it has a specific permission by calling the Demand method on the instance of the desired permission. This is shown in the following example, which has code that queries for whether it has the ability to save a file to the local disk:
using System.IO; // File, FileStream, StreamWriter
using System.IO.IsolatedStorage; // IsolatedStorageFile
using System.Security; // CodeAccesPermission, IsolatedStorageFileStream
using System.Security.Permissions; // FileIOPermission, FileIOPermissionAccess
using System.Windows; // MessageBox
namespace SDKSample
{
public class FileHandling
{
public void Save()
{
if (IsPermissionGranted(new FileIOPermission(FileIOPermissionAccess.Write, @"c:\newfile.txt")))
{
// Write to local disk
using (FileStream stream = File.Create(@"c:\newfile.txt"))
using (StreamWriter writer = new StreamWriter(stream))
{
writer.WriteLine("I can write to local disk.");
}
}
else
{
MessageBox.Show("I can't write to local disk.");
}
}
// Detect whether or not this application has the requested permission
bool IsPermissionGranted(CodeAccessPermission requestedPermission)
{
try
{
// Try and get this permission
requestedPermission.Demand();
return true;
}
catch
{
return false;
}
}
...
}
}
If an application doesn't have the desired permission, the call to Demand will throw a security exception. Otherwise, the permission has been granted. IsPermissionGranted encapsulates this behavior and returns true or false as appropriate.
Graceful Degradation of Functionality
Being able to detect whether code has the permission to do what it needs to do is interesting for code that can be executed from different zones. While detecting the zone is one thing, it is far better to provide an alternative for the user, if possible. For example, a full trust application typically enables users to create files anywhere they want, while a partial trust application can only create files in isolated storage. If the code to create a file exists in an assembly (.dll) that is shared by both full trust (standalone applications) and partial trust (browser-hosted applications), and both applications want users to be able to create files, the shared code should detect whether it is running in partial or full trust before creating a file in the appropriate location. The following code demonstrates both:
using System.IO; // File, FileStream, StreamWriter
using System.IO.IsolatedStorage; // IsolatedStorageFile
using System.Security; // CodeAccesPermission
using System.Security.Permissions; // FileIOPermission, FileIOPermissionAccess
using System.Windows; // MessageBox
namespace SDKSample
{
public class FileHandlingGraceful
{
public void Save()
{
if (IsPermissionGranted(new FileIOPermission(FileIOPermissionAccess.Write, @"c:\newfile.txt")))
{
// Write to local disk
using (FileStream stream = File.Create(@"c:\newfile.txt"))
using (StreamWriter writer = new StreamWriter(stream))
{
writer.WriteLine("I can write to local disk.");
}
}
else
{
// Persist application-scope property to
// isolated storage
IsolatedStorageFile storage = IsolatedStorageFile.GetUserStoreForApplication();
using (IsolatedStorageFileStream stream =
new IsolatedStorageFileStream("newfile.txt", FileMode.Create, storage))
using (StreamWriter writer = new StreamWriter(stream))
{
writer.WriteLine("I can write to Isolated Storage");
}
}
}
// Detect whether or not this application has the requested permission
bool IsPermissionGranted(CodeAccessPermission requestedPermission)
{
try
{
// Try and get this permission
requestedPermission.Demand();
return true;
}
catch
{
return false;
}
}
...
}
}
In many cases, you should be able to find a partial trust alternative.
In a controlled environment, such as an intranet, custom managed frameworks can be installed across the client base into the global assembly cache (GAC). These libraries can execute code that requires full trust, and be referenced from applications that are only allowed partial trust by using AllowPartiallyTrustedCallersAttribute (see Windows Presentation Foundation Security and Windows Presentation Foundation Security Strategy - Platform Security for more information).
Browser Host Detection
Using CAS to check for permissions is a suitable technique when you need to check on a per-permission basis. Although, this technique depends on catching exceptions as a part of normal processing, which is not recommended in general, and can have performance issues. Instead, if your XAML browser application (XBAP) only runs within the Internet zone sandbox, you can use BrowserInteropHelper..::.IsBrowserHosted, which returns true for XAML browser applications (XBAPs).
See the Detecting If Browser-Hosted Sample.
.gif) Note: |
|---|
that IsBrowserHosted only distinguishes whether an application is running in a browser, not which set of permissions an application is running with. |