private void OpenMedia(Uri source) { string toOpen = null; if (source != null && source.IsAbsoluteUri && source.Scheme == PackUriHelper.UriSchemePack) { try { source = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(source); } catch (InvalidOperationException) { source = null; _mediaEventsHelper.RaiseMediaFailed(new System.NotSupportedException(SR.Get(SRID.Media_PackURIsAreNotSupported, null))); } } // Setting a null source effectively disconects the MediaElement. if (source != null) { // keep whether we asserted permissions or not bool elevated = false; // get the base directory of the application; never expose this Uri appBase = SecurityHelper.GetBaseDirectory(AppDomain.CurrentDomain); // this extracts the URI to open Uri uriToOpen = ResolveUri(source, appBase); // access is allowed in the following cases (only 1 & 2 require elevation): // 1) to any HTTPS media if app is NOT coming from HTTPS // 2) to URI in the current directory of the fusion cache // 3) to site of origin media if (SecurityHelper.AreStringTypesEqual(uriToOpen.Scheme, Uri.UriSchemeHttps)) { // target is HTTPS. Then, elevate ONLY if we are NOT coming from HTTPS (=XDomain HTTPS app to HTTPS media disallowed) Uri appDeploymentUri = SecurityHelper.ExtractUriForClickOnceDeployedApp(); if (!SecurityHelper.AreStringTypesEqual(appDeploymentUri.Scheme, Uri.UriSchemeHttps)) { new WebPermission(NetworkAccess.Connect, BindUriHelper.UriToString(uriToOpen)).Assert(); elevated = true; } } else { // elevate to allow access to media in the app's directory in the fusion cache. new FileIOPermission(FileIOPermissionAccess.Read, appBase.LocalPath).Assert();// BlessedAssert elevated = true; } // demand permissions. if demands succeds, it means we are in one of the cases above. try { toOpen = DemandPermissions(uriToOpen); } finally { if (elevated) { CodeAccessPermission.RevertAssert(); } } } else { toOpen = null; } // We pass in exact same URI for which we demanded permissions so that we can be sure // there is no discrepancy between the two. HRESULT.Check(MILMedia.Open(_nativeMedia, toOpen)); }