The next phase of implementing Full-Trust is to sign the Xaml Browser Application (XBAP) with a trusted certificate and then deploy this certificate on the client machine(s) that will be executing the XBAP solution. The certificate will ensure mutual trust between the application and the target machine (allowing it to run within a browser).

·         (Conventionally) you would purchase a digital certificate for your organisation from a certification authority (CA) like “thawte”, “verisign”, “entrust” etc. If you are an ISV (selling and deploying your WPF enhancements) then you will need to package your solution with a trusted certifcate.

For development/evaluation purposes, however, you can simply implement a temporary certificate on your intranet. In order to do this, within Visual Studio, create a new “Wpf Browser Application” and on the project properties signing page, click the “Create Test Certificate” button:



You will be asked to enter a strong password (which must conform to your existing domain password policies):



As soon as the certificate is created then click on the “More Details” button to view the newly created certificate:



Click on the “Detail” tab:



Click on the “Copy to File” button and the “Certificate Export” wizard will open:



Click “Next” and take the option to export the private key:




Enter the strong password created earlier:



Choose a path where you want to store the exported certificate and then finish the wizard:



Once the export is successful, then you need to deploy and import it into the certificate store of all client machines that will be accessing the website. Failure to do this will result in the following error when you try and access the XBAP application:



·         If there are numerous client machines, then the certificate deployment process can be automated via the use of Active-Directory-Domain-Services: []. For the purposes of this article I will simply walk through the manual process:


On the client machine, open up Internet Explorer and go to “Options” and navigate to the “Content” tab:



Click the “Certificates” button and navigate to the “Trusted Publishers” tab:



Click the “Import” button and locate the “PFX” file you exported earlier. This will import the temporary certificate into the store. You will get asked to confirm this operation:



After importing the certificate into the “Trusted Publishers” store, click the “Advanced” button and ensure that all the options below are ticked:



This will install the temporary certificate on the client machine and enable any XBAP application (that has been signed with that certificate) to run within a browser (with “Full Trust”).
(If not already done so) make sure your Sharepoint site is within the “Trusted Sites” zone and that the security level is set to “Medium” (or below):



Click the “Custom Level” button and make sure that this zone is set to allow “Xaml browser applications” to execute:



The Sharepoint site that will be hosting the XamlBrowserApplication can either be in the “Trusted-Sites” zone or the “Local-Intranet” zone, depending on your network setup.
Now return back to your XBAP solution and select the project properties publishing page and enter the publishing location of your project (should be a subfolder under the Sharepoint site):



Click the “Options” button and ensure that appropriate information has been entered about your published application (this is presented to the end-user when they choose to accept the publisher’s application):



On the “Deployment” option make sure you tick the options as below:



Most importantly, on the “Manifests” option make sure you set the options as below:



Click OK and then navigate to the security tab on the project properties page and make sure the “Full Trust” option is set as follows:



Click OK to close the project properties page and compile and rebuild the project. The XBAP solution is now ready for publishing to the Sharepoint server. In the next article I will go through a small visual demo of what happens when this executes on the client machine.
The steps outlined in this tutorial are to help bypass the restrictions enforced by the “Partial-Trusted-Programming-Model”. This is the default programming model for applications served within the internet and intranet zones (where software could be originating from unknown and untrusted sources). More information about the limited codeset available in this model can be found here: