Tying your IE Hosted Control to a Manifest

Last week, I talked about the Orcas feature which allows you to provide a manifest to elevate your control's permissions declaratively.  We also saw how to generate manifests that would state what permissions your control needs (and the rules associated with those manifests).  Now it's time to tie it all together and create an HTML page that has a control and its associated manifests.

Once you've gotten this far, the last step is thankfully pretty painless.  A similar syntax to the one used to attach a config file to a control is used to tie a manifest to it.  The only change you need to make to your HTML page which already hosts a managed control via the object tag is to add a link in the HTML head section to the manifest:

<html>

    <head>

        <link rel="MANIFEST" href="TemplateControl.control" />

    </head>

    <body>

        <object classid="TemplateControl.dll#TemplateControlClass" />

    </body>

</html>

 

There you have it!  The control hosted in TemplateControl.dll will now be associated with the TemplateControl.control deployment manifest, which points ad the TemplateControl.dll.manifest application manifest.  TemplateControl.dll.manifest gives the permission set the control should run with.  If the signer of TemplateControl.control is a trusted publisher, and manifested controls have not been disabled from this zone then the control will run with the permissions it asked for.

If this does not work as expected, double check that the manifests are following all of the rules for manifests.  You can also check to make sure that the "Permissions for Controls with Manifests" IE security setting is not "disable" (which it is for the MyComputer zone), and that the target machine has Orcas on it.  Finally, there's always the IEHost debug log which should list out any errors encountered parsing the manifests.