joyrider

I run into a security permission exception in my xbap when I try to use BitmapSource.Format.BitsPerPixel to calculate the stride of an image. Is it a defect BitmapSource is a key object in WPF. I would not expect it would fail on security check.

Here is the exception message I got:

Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.



Re: Windows Presentation Foundation (WPF) SecurityPermission Exception when using BitmapSource.Format.BitsPerPixel in Xbap

joyrider

BitmapSource.CopyPixels also causes security permission exception.

Is there a way to get the pixel data in Xbap environment





Re: Windows Presentation Foundation (WPF) SecurityPermission Exception when using BitmapSource.Format.BitsPerPixel in Xbap

joyrider

Anybody familiar with this topic





Re: Windows Presentation Foundation (WPF) SecurityPermission Exception when using BitmapSource.Format.BitsPerPixel in Xbap

Andre N. - MSFT

Getting at the actual pixel data in a bitmap via CopyPixels was intentionally blocked in partial trust (.xbap) scenarios. Since an image could come from a site other than the one the .xbap was on, there was a concern that CopyPixels could be useful in certain cross-domain attacks. BitsPerPixel appears to be blocked for similar reasons. I'm not aware of any good workaround here, since if there were one, it would have been blocked as well.

Andre





Re: Windows Presentation Foundation (WPF) SecurityPermission Exception when using BitmapSource.Format.BitsPerPixel in Xbap

joyrider

Thanks, the reason to block them seems sufficient. However, it looks to me, WPF doesn't provide enough built-in control on the pixel level, which causes it very difficult to blend multiple textures or to control the image's opacity based on the pixel's intensity. My cheap thought is, when the access to the pixel data is blocked for security reason, it might be better to provide some built-in controls to allow normal pixel manipulation. If xbap is really intended to support future web application, I thought it might better be prepared for sophisticated usage.

BTW, is that security hole caused by BitmapSource's dependency on some lagacy code The security exception pointed out certain Office component was referenced at that moment.