locked
xbap database application RRS feed

  • Question

  • Hello,

    does xbap allowed us to make database management applications where database located on different server,

    i have tried with database interaction with xbap but i got error like 'Request for the permission on type 'System.Data.SqlClient.SqlClientPermission'' failed.

    can anybody help me with this.

    regards,

    vijay prajapati

     

    Monday, January 8, 2007 10:00 AM

Answers

  • By default, no.  This is by design for security reasons, since partial-trust applications are limited to their site-of-origin for webrequests.  The only type of content that can be accessed directly on non-site-of-origin hosts is media, such as images or video.

    However, if you were to create an ASP or other web service on the site-of-origin server that simply made your query to the other server and returned the results, you could get the same net effect.  I have seen several apps that used this to get around the site-of-origin issue.  If this is not an option, you could also have your application be a full trust .application... while it would have a security prompt and run in an independent window, you could make any sort of web request without a security exception. 

    -Matt Galbraith

     

    Monday, January 8, 2007 5:59 PM

All replies

  • By default, no.  This is by design for security reasons, since partial-trust applications are limited to their site-of-origin for webrequests.  The only type of content that can be accessed directly on non-site-of-origin hosts is media, such as images or video.

    However, if you were to create an ASP or other web service on the site-of-origin server that simply made your query to the other server and returned the results, you could get the same net effect.  I have seen several apps that used this to get around the site-of-origin issue.  If this is not an option, you could also have your application be a full trust .application... while it would have a security prompt and run in an independent window, you could make any sort of web request without a security exception. 

    -Matt Galbraith

     

    Monday, January 8, 2007 5:59 PM
  • thanks Matt,

    that mean, xbap is not longer usable for dynamic web application or can replace with ASP.NET 2.0, well then i think it's not impressive technology in case of heavy functional site.

    well i'm satisfied with your answer.

    thanks again,

    bye

    Monday, January 8, 2007 6:07 PM
  • Vijay, it is important to understand the difference between a client technology and a server technology. Comparing XBAPs with ASP.NET seems like comparing apples to wrenches. It would be more productive to discuss how the client component of ASP.NET i.e. HTML/Javascript fares in the same scenario. And there too, as I understand it, browsers do not allow you to make cross-domain requests willy nilly. Of course, you work around this by having code on the server make the calls to third party domains, aggregate results and present them to the client as if the results came from the site of origin server. You can do the same with XBAPs and server-side code.

    Conversely, would your customers rather see an XBAP from yoursite.com make requests to a database on evil.com behind the scenes without their knowledge?

    I hope this clarifies things a bit.

    Friday, January 12, 2007 4:23 PM
  • i ashish,

    yes, i got it, but have some confusion regarding third party call and represent result to client, can u show me with example , how to call third party domain and get data and represent it at client side on specific event say button_click .

     

    Friday, January 12, 2007 4:33 PM