WPF/E: Only HTTP locations work by default

Trying out some of the WPF/E samples, I noticed some rather odd behaviour.  I loaded a sample directly off my file system and was rewarded with a blank security and a notice that Internet Explorer was blocking some active content.  I then setup a virtual directory on my local IIS instance and everything was fine.  You can see the two renderings here:

border-right: 0px" title="silverlight-apps" src="http://www.sharpfellows.com/image.axd?picture=silverlight-apps_thumb.jpg" border="0" alt="silverlight-apps" width="429" height="281" />

settings1 Now this sounded to me like a security problem, and that's exactly what it is.  When you load the page via HTTP then Internet Explorer will work out which Internet Zone you are in (Intranet, Trusted Sites, Internet, etc) and the configured security.  Below to the right is a screenshot of the default WPF/E security settings and you can see that it will run content, even for the Internet zone.

settings3 However these settings only applies to pages loaded via HTTP.  If you are loading some HTML directly from your file system (like I was) then there are some different security settings.  The defaults are shown below and you'll notice that they prohibit active content, which includes WPF/E XAML files.

So strangely enough, as far as XAML and WPF/E go, your local file system is a more restrictive location than the Internet.  Work that out if you can!


UPDATE: WPF/E is now better known as Silverlight.  An unusual example of Microsoft changing from a clunky codename to a cool product name!

December 5 2006
blog comments powered by Disqus