I've made a WPF Browser Application that hosts old WinForms controls (I haven't migrated fully to WPF yet). Using WindowsFormsHost means my Browser App requires Full Trust to run. This is not a problem for me since this app is only meant to be run on the intranet at my company. However, after I deploy the xbap to a network share, it refuses to run, saying "Trust not granted".

What are the methods I can use to grant Full Trust to XBAP applications stored on my companies intranet?

So far, I've found 2 ways to do this. Through a really complicated method of installing certificates on the target machine.

Or through a simpler method, which is only suitable for intranets here:

Deploy a custom CLR Security policy that modifies the default permissionset for the given zone

So I did just that, and it works. Here's the detailed steps how I got it to work:

1. Open Control Panel > Administrative Tools > .NET Framework 2.0 Configuration
2. Expand Runtime Security Policy > Machine > Code Groups > All_Code
3. Right Click All_Code and click New…
4. Create a new code group, I named mine MyProject_FullTrust_Zone
5. Choose the URL condition type and specify the path on the network where the apps will be deployed.
6. Choose Use Existing permission set, and set it to Full Trust.

Now the only problem with this method, is that I have to deploy this change to hundreds of machines. So maybe there's still a simpler way to do this?

It will be possible in .Net 4.0 planning to be released in the first half of 2010. It is now in a beta phase, but it comes with a go live license which allows you to 'go live' even with a beta version of the .Net framework.

Although I haven't tried this, is the path to the XBAP added as a trusted site?