Geek Answers Handbook

Does Silverlight 4 WriteableBitmap * Really * Cripple Legitimate Cross-Domain Access in the DRM Name?

From this year, he explained to this thread that WriteableBitmap blocks read access when any part of it comes from an external domain — say, a free image server.

It was further indicated that this is for “DRM”. I suppose there is some kind of big threat when someone writes a movie ripper in Silverlight that includes a movie from another domain and then re-captures it ... besides the implementation, you can just rewrite the bloody xap when it goes over wire, and then this is the same domain! But it is neither here nor there.

In any case, obviously, I'm trying to use WritableBitmap to export a screenshot of the current user installation; but I settled on this cross-domain release.

Is there really no supported way to do this in the latest version of Silverlight? No crossdomain.xml or clientaccesspolicy.xml? Doesn't that harm Silverlight, the giant "Screw You," creating half-way security barriers that prevent developers from stopping the attackers?

Edit : this question is identical here .

+4
source share
3 answers

Your opinion is shared by many, many developers are trying to do this for legitimate purposes. There are some workarounds, all of them are either hackers or strange. But this is probably the best I've seen: Screen Capture in SIlverlight 4.0 .

Just read and saw that you are not looking for a crossdomain.xml solution. There are other options on this page (again, there is no “excellent” solution): http://betaforums.silverlight.net/forums/t/118030.aspx

Also, not sure if this is an option, but your application as an OOB application will not be limited to security checks in ClientAccessPolicy.xml or CrossDomain.xml. Is Out-of-Browser possible for you?

EDIT: When I continue to view the post and comments, I believe (Tom, please confirm this) that it’s important not to take a screenshot of the user instance of the SL application running on its own field (something like Silverlight Customer Support will take care of good condition).

Rather, you need to take a screenshot of the user (same as PrtSc -ish). In this case, it is much more difficult, but not impossible. Rui shows how he does it here , but he relies on a component already on the user machine. Jeremy gets even more creative with Silverlight 4 Hack: Use the Native / Desktop CLR without registering COM , which will allow you to effectively allow access.

+5
source

This WritableBitmap behavior has nothing to do with DRM and everything related to security. If the screenshot you are trying to take displays an image element with content from another domain, then there must be a crossdomain.xml file with the appropriate permissions for that domain. You can contact the domain owner and ask them to place crossromain.xml in the root of their domain.

Alternatively, the Full-Trust OOB application should do the trick as it does not check for crossdomain.xml.

Well, if you have <Image Source = "http://crossdomain.com/someimage.jpg" /> in your visual tree, and you try to create a WriteableBitmap from it, that access to the WriteableBitmap element will be blocked, crossdomain.xml or not. (Shame on you on microsoft). The good news is (sorta), you can use the following workaround: Upload an image using WebClient; call SetSource on the image with the stream from the OpenReadCompleted handler. Create your WriteableBitmap and notice how the Pixels property no longer throws a security exception. Far from perfect, but manageable.

-1
source

As explained in the identical question , the only way to get silverlight is so that you can get the content from the recorded bitmap without any of the following:

  • From browser
  • Service / Code / App / Rooted GAC installed on the user's computer
  • Increased trust

- proxy content and silverlight trick to think everything from one domain .

-4
source

More articles:


All Articles