TRUST NOT GRANTED WHEN RUNNING WPF IN IE
At work, we were having a few users unable to run our newly deployed WPF application in IE. When running under https, a Windows Presentation Foundation Host error would occur. Running under http displayed the below message:
Trust Not Granted
The application cannot be deployed because it is not trusted and possibly unsafe.
Recorded in the Error Log were the following messages: System.Deployment.Application.TrustNotGrantedException (Unknown subtype) and User has refused to grant required permissions to the application.
Trying to find information via Google just kept returning results saying we had deployed our xbap wrong. I knew this wasn't the case because it was only a select few of our users.
I found a blog entry suggesting to modify the CASPOL. After modifying the CASPOL by giving the site FullTrust, I was able to get the WPF running in the browser, but it wasn't working 100%. Our application makes several web service calls, and the WPF was erroring when making those calls.
Eventually, I used the Sysinternals Process Monitor to capture information about what the PresentationHost.exe was doing. Filtering for ACCESS DENIED showed that the PresenationHost.exe was denied several spots under HKCU.
To fix some of the issues I ran the WPF XBAP Permission Error Tool. For others, I had to explicitly give the user account read permission to the registry keys and subkeys. It doesn't matter if the user account is in the Administrators group.
The main problematic key, and one that the Permission Tool didn't fix, was HKCU\Software\Policies\Microsoft. PresentationHost.exe was denied access to the key and its subkeys. It seems that PresentationHost.exe couldn't determine what Security Zone the xbap was running under in IE, which in turn caused the WPF to execute under the Nothing Permissions Set.
Once the user account had read permissions to the keys that the PresentationHost.exe needed, the WPF fired up with no issues.