WPF (XBAP) using WCF in a Partial Trust Environment
I've just gone through the pain of working out how to get my WPF Browser Application (XBAP) using a WCF service without any security exceptions causing me to attempt to break yet another desk. After hours of frustration I've finally got it working: A WPF Browser application, talking to a WCF service seamlessly and with no security issues. In an attempt to save you the pain (although it was a good learning experience), I've put together a little walkthrough to get you up an running without the problems I went through. The main thing to keep in mind, is that you can only have your XBAP communicate to your WCF service if they are hosted from the same server, as outlined here. This is the only way it will work with the XBAP partial trust sandbox.
With that in mind, here are the steps I went through to get it up and running.
1. Make sure your WCF project is the WCF Service Application (under the Web tab). Do not use the WCF Service Library (under the WCF tab). This is a little confusing, but it is what Microsoft advised in this article.
2. Once your WCF project is created - ensure you set the service endpoint bindings to 'basicHttpBinding' (default is wsHttpBinding). You can change this in the Web.config of your WCF project.
3. Set your WCF Service to run on a specific port all the time (this will make more sense later on). You can choose any port, as long as it's unique. Go to Properties->Web->Servers->SpecificPort of your WCF project. In this case I chose port 64610.
4. Now you need to add the Service Reference to your XBAP project (I've assumed so far that you already have your WPF Browser App project created). To do this, just right click on 'Service References' and click 'Add Service Reference'.
When the dialog opens, use the 'Discover' button to find all the WCF Services in your solution. Then just give it a namespace and click OK.
5. Now that your WPF app can see your WCF service, it's time to configure your WPF app so that it looks like its running from the same web server (as I mentioned earlier, this is needed otherwise you will get Security Exceptions such as WebPermission exception during debug runtime). To do this you need to go to set your debug start action to run the PresentationHost.exe (which is located in your Windows\System32 dir), and add some command line arguments which will setup your environment correctly (as to mimic that your WPF app and WCF service are being hosted from the same IP and port). So you should end up with something similar to this:
a) Properties->Debug->StartAction->StartExternalProgram = D:\Windows\System32\PresentationHost.exe
b) Properties->Debug->Start Options->Command line arguments:
-debug "D:\Projects\WCFandXBAP\WpfBrowserApp\bin\Debug\WpfBrowserApp.xbap"
-debugSecurityZoneUrl "http://localhost:64610"
So I'm basically telling the project, that when I debug/run the program from Visual Studio that I want it to run my .xbap file using the PresentationHost.exe, and to run it from the my localhost on port 64610 (which is the same host as the WCF service).
That's it! You should be able to run and debug your WPF Browser Application that talks to a WCF Service with no issues.
Please let me know if you are aware of any ways to improve this process, or if you are aware of any implications from what I have done here.
Good luck with your WPF and WCF development.
Thanks Matt, that worked.
Have you done any research into getting it to work if the web site is published? I receive a web permission error when running after publishing. It looks like I will need to use a certificate for full-trust. Is that what you believe as well?
Jody
Reply to this
Hi Jody,
I have only been playing around in debug mode and running from Visual Studio at this stage. I intend to publish an XBAP website soon, and will let you know what roadblocks I run into and how/if I get around them.
Reply to this
Jody,
I managed to successfully publish the XBAP application that talks to a WCF service. A few things to note:
Reply to this
Excellent. This helped tremendously. The only issue I encountered was that I got a parse error on the url port. I added my service name to the end of the command line arguments ("http://localhost:64610/service.svc"
) and it worked.
Reply to this
I followed the all steps, but I have problem with step 5b: -debugSecurityZoneUrl "http://localhost:64610"
IE wouldn't start when it is included in the command line arguments. If I remove it, then IE can start and my wpf app ran as usual, but if I add it, IE wouldn't start, nothing happens. wcf can start, but wpf can not. what did I do wrong? Thanks
Reply to this
need to have / at the end.
debugSecurityZoneUrl "http//localhost:64610/"
it works now
Reply to this
***Kama,
Thanks for clarifying this and leaving your solution. I'm sorry I was unable to respond in time - I'll be back to some more regular blogging in the next few weeks.
Reply to this
Great article, this is exactly what I was looking for. I changed the WCF service a little bit to return a DataSet, it works great from VS 2008 SP1 including the debugging but once published into my web server making sure that the publish XBAP and WCF components are in the exact same location (same virtual directory) I get the following error:
System.TypeInitializationException: The type initializer for 'activity.App' threw an exception. ---> System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at activity.ServiceReference1.IService1.GetData(DataSet dataSet)
at activity.ServiceReference1.Service1Client.GetData(DataSet dataSet)
at activity.App..cctor()
The action that failed was:
Demand
The type of the first permission that failed was:
System.Net.WebPermission
The first permission that failed was:
The demand was for:
I don't past the whole log since it is way too big.
What am I doing wrong?
Reply to this
I was able to overcome the issue I was having yesterday, now I am facing the following issue:
System.ServiceModel.EndpointNotFoundException: Could not connect to http://localhost:2571/Service1.svc. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:2571. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it
This happens if I try to run my myApp.XBAP file from my localhost (http://localhost/WPF/WPFActivityReport.xbap). I have to mention that this error comes up all the time except if my ASP.NET Development Server - Port 64610 (This program gets launch automatically when testing from VS 2008). So now the question is how do I get the WCF service to run all the time, I am confused, I thought this was a Self-Hosted WCF?
Please advise.
Reply to this
Correction of previous post -->
I was able to overcome the issue I was having yesterday, now I am facing the following issue:
System.ServiceModel.EndpointNotFoundException: Could not connect to http://localhost:64610/Service1.svc. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:2571. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it
This happens if I try to run my myApp.XBAP file from my localhost (http://localhost/WPF/WPFActivityReport.xbap). I have to mention that this error comes up all the time except if my ASP.NET Development Server - Port 64610 (This program gets launch automatically when testing from VS 2008). So now the question is how do I get the WCF service to run all the time, I am confused, I thought this was a Self-Hosted WCF?
Please advise.
Reply to this
***Giuliano,
First thing to note is that the WCF is not exactly self hosted - when you publish it, it will be hosted inside IIS. So you will need to publish it as you would the XBAP or any other website.
When you publish both the WCF service and the XBAP, make sure you publish them to the same server location, and have them running on the same port (by default this will be port 80).
So as you show in your example, you have published your XBAP to http://localhost/WPF/WPFActivityReport.xbap (which will be port 80), you should also publish your service to this location. eg. http://localhost/WPF/Service1.svc
Then just make sure that you have your XBAP config pointing to this service location, and you should be good to go.
Let me know how you go.
Reply to this
First of all, thanks for your response.
Two more question before I attempt this tonight, do I need to do anything special in my IIS6.0 to be able to host the WCF service or it will get automatically launched once I make sure the ports are 80. So the port 64610 defined in VS will get override once I change the config files?
Do I need to create just one virtual directory in the IIS and basically just XCOPY both the XBAP and WCF published files?
Thanks again
Reply to this
1. If I remember correctly, you will need Front Page extensions installed for IIS. Other than that, just make sure the appropriate .NET Framework (3.5 I assume) is installed on the web server.
The port (64610) that you setup in Visual Studio will no longer apply - however ensure the config files (web.config) for your XBAP is pointing the newly published WCF service (on port 80).
2. Yep - one virtual directory should do the trick, and then just use the 'Publish' function from the Visual Studio project menu (right click on the project) to publish to that directory. I'm unfamiliar with XCOPY, but I assume its basically just copying the files to the location of the virtual directory, in which case that should be fine too.
Reply to this
I tried as suggested, I also installed FrontPage Server Extensions 2002 and now I am getting the following error:
Startup URI: http://10.10.45.116/WPFActivityReport/WPFActivityReport.xbap
Application Identity: http://10.10.45.116/WPFActivityReport/WPFActivityReport.xbap#WPFActivityReport.xbap, Version=1.0.0.37, Culture=neutral, PublicKeyToken=0000000000000000, processorArchitecture=msil/WPFActivityReport.exe, Version=1.0.0.37, Culture=neutral, PublicKeyToken=0000000000000000, processorArchitecture=msil, type=win32
System.TypeInitializationException: The type initializer for 'ActivityReport.App' threw an exception. ---> System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:80/WPFActivityReport/Service1.svc/">http://+:80/WPFActivityReport/Service1.svc/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied
at System.Net.HttpListener.AddAll()
at System.Net.HttpListener.Start()
at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelListener.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open()
at ActivityReport.App..cctor()
--- End of inner exception stack trace ---
I already tried the httpcfg command that allows to register to receive HTTP requests for particular URLs
I invoked this command this way:
httpcfg.exe set urlacl /u http://+:80/WPFActivityReport/Service1.svc/">http://+:80/WPFActivityReport/Service1.svc/ /a D
Any help on this will be greatly appreciated.
Thank you
Reply to this
Could you pls. help me to deploy an XBAP application that references WCF service. I'm using C# Express Edition...i tried the above suggestion..but it doesn't work and give the 'Trust Not Granted' Error.
Reply to this
I followed all the steps in the article and my project worked fine. My problem is I got this error when i tried to logon to the database : - Request for permission of type "System.Data.SqlClient.SqlClientPermission, System.Data, Version 2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089' failed.
How do solve this problem. Any suggestions will be appreciated.
Thanks
Reply to this
may i know how did you solve the security exception you had?
Reply to this
Hi Juay, I was able to make my XBAP work in Partial Trust with a WCF Service (Windows Service) that deals with the database calls. You have to use port 80 for the WCF service, otherwise it won't work. Another way is to use Full Trust deployment but you have to use a certificate in every single machine where the page is going to run. I had several security exceptions, could you tell me exactly which one are you referring about? I can also provide a working sample if needed. Best regards, Giuliano
Reply to this
Hi Giuliano, i managed to get my development running in debug mode without any error other than on port 80 but i configured the under the Advanced Button in the security tab of my XBAP project properties checking the box "Grant the application access to its site of origin" and also added "http://localhost:WcfPortNo/" in the text box below it.
It seems to me that it is able to emulate that they are running on the same port thus not throwing the security exception-System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Also a full trust deployment is not practical for my case as it is access over internet and users are supposed to have the flexibility of accessing from any PC.
So do you know if it has to be strictly port 80 when i publish it? I would be likely to use IIS to host the service.
Thanks.
Reply to this
Hi Juay, as far as I remember, it only works on port 80. My app has been deployed that way and I didn't want to mess with it since then, it was a nightmare to get it to work let me tell you. Here is one tread where I asked the question to Microsoft when I had the Webpermission issue if that helps you:
http://social.msdn.microsoft.com/Forums/en-US/wpf/thread/f65c5ad8-1354-4555-a295-5c803d67909e
Best regards
Reply to this
Juay, I forgot to mention that for me a Full Trust deployment wasn't an option either. We wanted that anybody having .NET Framework 3.5 and IE6 or newer can access our applications without installing anything on their end.
Reply to this
Will take a look at that. Thanks for you aid Giuliano. Your help is much appreciated.
Reply to this
Is it true that not all WCF features are available from within an XBAP though. This means you cannot currently host services, have duplex communications, use non-HTTP transports, or use WS-* protocols. Please use the WCF Forum or the WPF Forum to tells us what you think. We'd love to hear your feedback on this feature.
Reply to this
Hi,
I followed all the steps, worked really nice. But The problem occured when i tried to publish it. I installed WPF MIME types to configure the IIS 5.1. When i try to publish it to http://localhost:64610/WPFProject2/ , I get following error:
Failed to connect to 'http://localhost:64610/WPFProject2/' with the following error: Unable to create the Web site 'http://localhost:64610/WPFProject2/'. The Web server does not appear to have FrontPage Server Extensions installed. If FrontPage Server Extensions are installed, this error can occur because the _vti_bin virtual directory is not marked as executable. To correct this problem, run Internet Information Services Manager, select the Web server that has the problem, and then use the Check Server Extensions command.
Interestingly, if i specify location as http://localhost/WPFProject2, it works. I could browse to my site but then the webservice doesnt work.
I have server extensions 2002 installed in my computer, Please advice???
Reply to this
Hello,
I followed the same procedure that you mentioned above.still I got the System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Can you please clearly mention the steps to do for publishing wcf service and wpf browser application
Reply to this
I have worked for Intel as a software engineer on and off starting in the early 80's. Intel consistently produces very high quality software, both driver and application. And though there are many different apps at such sites as rapidshare (found many at http://www.rapidsharemix.com ) I recommend buying only licenced ones for correct work of the whole system. Other companies -- such as MS -- could learn a lot about the proper methodologies for software from Intel.
Reply to this
can I get the other files (sql db) for your example zip.
(and the login info)
Reply to this
Hi J, you have to use port 80 which is the default port. I had the same issue as you and Microsoft told me what I just told you. Now regarding you WCF Service or Web Service, you have to user port 80 there as well. I hope this helps you. Check my previous notes where I put some urls for reference.
Reply to this
Nirmala, are you deploying your application as Full Trust or Partial Trust. If you are publishing as Full Trust you re required to install a certificate on every machine where you are planning to run your XBAP (WPF for the WE
Happy coding!
Reply to this
Nice post,
that worked.
Have you done any research into getting it to work if the web site is published? I receive a web permission error . Is that what you believe it is as well?
Thanks for bringing this up
Reply to this
The port (64610) that you setup in Visual Studio will no longer apply - however ensure the config files (web.config) for your XBAP is pointing the newly published WCF service (on port 80).
Reply to this
What is WPF using WCF in a partial trust environment?
Reply to this
Thanks for this amazing tutorial! Maybe a new feature for seo and usability: Add title tag to read more and the h3 link tag
Reply to this
How the WPF using WCF works in a partial trust environment?
Reply to this
I’ve never been so excited reading a blog as it touches me personally.
Reply to this
I recently came across your blog and have been reading along. I want to express my admiration of your writing skill and ability to make reader to read the while thing to the end. I would like to read more of your blogs and to share my thoughts with you.
Reply to this
I am just new to your blog and just spent about 1 hour and 30 minutes lurking and reading. I think I will frequent your blog from now on after going through some of your posts. I will definitely learn a lot from them. Regards - Karen
Reply to this
Microsoft SharePoint server 2007 is a program which has been specially designed to work with products in the Microsoft Office range. Accessed through a standard Internet Explorer web browser or by using Microsoft Outlook 2007, Microsoft SharePoint 2007 provides businesses with an easy to use web portal or extranet system.
Reply to this
This is good site to spent time on .I just stumbled upon your informative blog and wanted to say that I have really enjoyed reading your very well written blog posts. I will be your frequent visitor, that’s for sure.
Reply to this
What is WPF using WCF in a partial trust environment?
Reply to this
your tips is very good . you are not a point. you are a great dvelpore. and If you require parts of the WF engine to run in the XBAP software but you do not have control over an active directory environment you should consider Click Once software deployment for a stand-alone application
Reply to this
I \ 'm familiar with XCOPY, but I'm basically just on the files to the location for the virtual directory, copy in this case would be too soft.
Reply to this
You need to install Web Developer Express(it includes FrontPage Server Extensions).
http://www.microsoft.com/express/vwd/
It's free.
Reply to this
To add valuable information that should be find at the end this wonderful post!
When you publishing your WPF Web Browser APP use file system path basing on physical path from WCF(in my case):
"C:\Partial_Trust_WebService\WcfService1\WcfService1\"
And then
Choose Web publishing location as
"http://localhost/"
And will work! In partial trust mode!
Code for test this:
ServiceReference1.Service1Client SC = new WpfBrowserApplication1.ServiceReference1.Service1Client();
String abc = SC.GetData(5);
listBox1.Items.Add(abc);
Reply to this
In a few cases, you will see that the Service is taking a little bit time to respond to your request, and that can cause your application to become irresponsive for a few seconds. To escape from this problem, you can use a background process to call the WCF Service, and display a wait screen to the user and hide the wait screen after the process finishes execution. That concludes a beginner introduction to XBAP to WCF communication.
Reply to this
nice posting.
Reply to this
I admire what you have done here. It is good to see your clarity on this important subject can be easily observed. Tremendous post and will look forward to your future update.
Thanks
PPC Campaign Management India
Reply to this
This is good site to spent time on .I just stumbled upon your informative blog and wanted to say that I have really enjoyed reading your very well written blog posts.
Reply to this
When I tried to deploy my WCF web services in GoDaddy’s normal account, I got the below three errors:
1. There is no build provider registered for the extension '.svc' error.
2. This collection already contains an address with scheme http error
3. WSHttpBinding would not work
Reply to this
This is a very good post. Will tell my friends about it and share in social networks.
Reply to this
Hello, you have to use port 80 which is the default port. I had the same problem as you and Microsoft told me what I just said. Now, with respect to you WCF service or Web service, you have to user port 80 there. Hope this helps. Check my previous notes where I put some of the reference URL.
Reply to this
Thanks for the post!!
Reply to this
I'm not much on reading, but somehow I got to read information from Nice in place. Easy to understand and useful. We wait for future updates.
Reply to this
welcome
Reply to this
Resources like the one you mentioned here will be very useful to me! I will post a link to this page on my blog. I am sure my visitors will find that very useful.
Reply to this
I admire what you have done here. It's good to see clarity on this important issue can be easily observed. Post enormous and expected future update.
Reply to this
Microsoft SharePoint Server 2007 is a program that has been specially designed to work with products from the range of Microsoft Office. Access through a standard browser Internet Explorer Web or by using Microsoft Outlook 2007, Microsoft SharePoint 2007 provides businesses with an easy to use web portal or extranet system.
Reply to this