OOB and Elevated Trust in Browser

    General discussion

  • Hey,

    it's seems i found a Bug, when the XML file "InBrowserSettings.xml" (created by visual studio, when you set the 'Require elevated trust when running in-browser' on true) exist and the OOB application tries to update then you get the exception "System.PlatformNotSupportedException: The operation are not supported on this plattform."

    Sorry for my english, for better understanding the code listing:

    if (App.Current.IsRunningOutOfBrowser)
        App.Current.CheckAndDownloadUpdateCompleted += new CheckAndDownloadUpdateCompletedEventHandler(this.Application_CheckAndDownloadUpdateCompleted);

    private void Application_CheckAndDownloadUpdateCompleted(object sender, CheckAndDownloadUpdateCompletedEventArgs e)
         App.Current.CheckAndDownloadUpdateCompleted -= new CheckAndDownloadUpdateCompletedEventHandler(this.Application_CheckAndDownloadUpdateCompleted);
          if (e.Error == null && e.UpdateAvailable)
                textBlock1.Text = "The update was successfull...";
                if (e.Error != null)
    // Error occured 'System.PlatformNotSupportedException' when the file "InBrowserSettings.xml" exist, why?
     textBlock1.Text = e.Error.ToString() + ".:" + e.Error.Message; } } }
    Monday, December 12, 2011 11:35 AM

All replies

  • I'm getting the same error.

    Monday, December 12, 2011 6:27 PM
  • So, you're creating an application that can run in elevated trust mode both in-browser and out-of-browser? I'm not sure that was one of the expected cases. Can you tell me more about what you're trying to do?

    Don't forget, in-browser elevated trust requires registry entries on the end-user's machine, best set via group policy. It also requires signing of the .xap. OOB recommends, but does not require, signing of the .xap and uses user confirmation during installation rather than registry keys.

    • Elevated OOB: Intranet and Internet
    • Elevated In-browser : Intranet only.


    Tuesday, December 13, 2011 12:50 AM
  • Thanks for you answer,

    even when you deactivate the 'Require elevated trust when running in-browser' the file "InBrowserSettings.xml" still exists and still causes the "System.PlatformNotSupportedException" exception.

    Remove the "InBrowserSettings.xml" in the properties folder of the project. Close the project in visual studio, open the project file with notepad and remove the follwow entries from the file:

    <InBrowserSettingsFile>Properties\InBrowserSettings.xml</InBrowserSettingsFile>  <RequireInBrowserElevation>true</RequireInBrowserElevation>

    Open the project again with visual studio, rebuild your project and publish this new builded stuff. Now the OOB update mechanism works fine again.

    And now to your Question:

    I created an application that needs for some features elevated trust and i see the 'elevated trust in browser' feature as an step between OOB and Browser. I can't and dont want to decide what the costumer prefferes. Some of our costumers liked the OOB feature because it feels more like an application and gives more space for the UI. Some of them like to use the browser for practical reasons to use the software without changing the client data and rollout issues. Another situation is that some costumer work with different machines. Some of the machines run the application OOB and some of the machines have only the silverlight plugin installed and no rights to install this application OOB. I don't see why i can't support both with the same comfort what they preffere and need.


    Tuesday, December 13, 2011 5:47 AM
  • Ok, for my case I don't care so much about running in browser.  I'll just uncheck that box.

    Tuesday, December 13, 2011 12:35 PM
  • Ok, I unchecked the box for inbrowser elevated trust.  Uninstalled my oob app.  Then reinstalled and try to do another update, but I still get that error message.  Do I have to change my signing or key file?

    Tuesday, December 13, 2011 12:56 PM
  • Ok, I found out what I had to do.  If you ever check that 'In browser elevated trust' checkbox, your project will never update OOB, even if you uncheck it or set it to false.  You have to erase the file it creates in the Properties InBrowserSettings.xml or something like that.  Then you have to remove the reference to it in .csproj file

    I hope they fix this

    Tuesday, December 13, 2011 1:26 PM
  • I just hit this!  You do have to remove the inbrowsersettings.xml and delete it the entry from your .csproj file.  Then it all works!

    Wednesday, December 14, 2011 1:48 PM
  • I've just created a connect item for this.  Please everyone having this issue vote this one up.



    Wednesday, December 14, 2011 2:26 PM
  • @pete

    One use case is user choice. Why not allow my users to choose whether to install OOB to their desktop or just run in-browser?

    Letting the user choose should have been one of the expected cases.




    Tuesday, December 20, 2011 11:17 AM
  • @shawn

    Yeah, but you end up with situations where you have (for example) an ad on the page in one plugin instance, and a main app in another. If the ad requests elevated rights, in many cases, the user won't realize which thing is requesting the permissions. FWIW, ad networks are a huge source of malicious code taking advantage of exploits, especially with Java.

    I'm not saying it's impossible, or that there aren't valid cases for it, but for the VAST majority of end-users on the internet, elevated trust in-browser would simply be a source of trouble. End result: Silverlight would get a reputation as an attack vector and customers would refuse to install it.

    In-browser elevated trust is really for the portal scenarios in an intranet. Consider a Sharepoint portal which has a Silverlight app as one of the parts and which needs to access some data on the machine.


    Tuesday, December 20, 2011 1:49 PM
  • Whatever,

    when you need both options than build you project twice with the OOB FullTrust or FullTrust in Browser and deploy it to different URL's. This Solution is not the best one, but the costumer can choose what he prefferes and want. Case solved.

    Let's us go back to the Bug, because that's a real problem.

    Thanks and Greetings

    Wednesday, December 21, 2011 5:44 AM
  • @pete - I think you are missing the use case.  I found this thread because I ran into the same bug.

    First - it is a bug, once you check the option, unchecking it does not allow updates to work.  You must manually delete the file and edit the csproj file directly.

    Second, it is the user's choice to install the app or not.  Running on an intranet, some prefer to use the webversion and others install.  Sometimes they prefer to install but are not at their machine and need to quicky access the app.  In any case "export to Excel" which uses COM+ should work and there should be feature parity.

    I think the example of multiple ads on a page is unlikely - ads would never be requiring elevated privildges in the first place.  Also, given the future of SL use in intranet to replace click once deployments will be more common than customer facing apps.

    Monday, April 30, 2012 12:08 PM
  • Thanks Tigriscor

    Worked for me.


    Unfortunately, today, 2012, May, we don't have a definitive solution for this issue from Microsoft Team.


    Tks again.

    Tuesday, May 08, 2012 9:17 AM
  • Thanks Tigriscor

    Worked for me.

    Tks again.

    No problem,

    glad that worked for you.

    Unfortunately, today, 2012, May, we don't have a definitive solution for this issue from Microsoft Team.


    i think there will no further updates (except for security patches) in the future of Silverlight.
    It's look like Microsoft abandons every development to the silverlight plugin.

    Wednesday, May 09, 2012 5:18 AM
  • There was a silverlight fix today that:

          Fixed a failure to update OOB applications that are configured to use elevated trust when in browser.

    I don't have time to check if this works or not though.

    Wednesday, May 09, 2012 7:25 PM
  • There was a silverlight fix today that:

          Fixed a failure to update OOB applications that are configured to use elevated trust when in browser.

    I don't have time to check if this works or not though.

    Thanks for the advise,

    i tried it today and it works.

    Friday, May 11, 2012 2:13 PM