Sunday, March 22, 2009

breaking the sandbox in silverlight 3

by Michael Wolf via Michael Wolf on 3/22/2009 9:55:42 PM

One of the most exciting announcements at MIX 09 was the inclusion of "Out Of Browser" functionality in Silverlight 3. While WPF is an amazing tool, we previously had no good solution for leveraging xaml based applications onto the mac (And eventually linux) desktop. With “Out Of Browser” Silverlight we will be able to not only bring the somewhat connected desktop experience that we have with Adobe AIR to Silverlight, but finally also a rich desktop solution for OS X. Still the moment you start building a desktop application in Silverlight you will start to notice the somewhat stringent sandbox of Silverlight. As with in browser experiences you are restricted to web sandbox, which Microsoft did for good security reasons. While this helps ensure all users who consume an “Out Of Browser” Silverlight application are “safer” from malicious code, it’s also often the most frustrating part of developing hybrid desktop/web applications. If you’re writing a desktop application regardless of technologies you expect to get more control than you would in a client based web technology. Yet, where there’s a will there’s a way, and this way comes to us through our experience with adobe air.



The basic solution is similar to that shown by Andy at max 2008. In his solution he showed using a java socket service as middleware to a USB GPS device. Similarly I used a .net socket service to bridge the gap to the full trust environment. The socket service is deployed on the localhost (along with a policy service) where the Silverlight application can communicate with it via XML and leveraging socket communication available since Silverlight 2. As that "Out of Browser" Silverlight is at the end of the day, Silverlight, this solution works flawlessly.

As you can see in this demo, with a little work, you have a Silverlight application living on the desktop and gaining the full power of the desktop. This does involve a more detailed installation than simply right clicking. Yet using some of the out of browser hooks Microsoft has added to know when running in and out of browser, and the use of isolated storage an experience could be crafted to aide in the secondary install. In addition there would need to be a higher level of security to ensure your middleware can only be accessed by your Silverlight application (of course you wouldn’t leave an open command line method open either : ) ).

This could be used to do something as simple as talk to native applications. You could possibly use Microsoft Office and the .net interop assemblies to perform office automation. It could also act as a bridge to hardware devices such as cameras, phones, or even robotics for limitless possibilities.

All in all “Out Of Browser” Silverlight has tons of possibilities, and were excited to see where it takes us.