I need a full trusted Silverlight application run in-browser mode.
For this purpose I can buy a certificate sign application and require IT to enable AllowElevatedTrustAppsInBrowser. However enabling this property will allow to run all the signed Silverlight applications from other publishers. And this is a security issue, because some user data could be accessed with somebody's app over the internet.
How can I make application trusted from specific list of publishers? Is it possible to manage it with GPO (I found only managing add-on options, but it limits plugin availability for domains not app)?
Is there some workaround?
Thanks
updated
Only workaround I see is to limit Silverlight plugin to list of trusted domains via manage add-ons (you can do it via GPO), but in this case user is notified when plugin could not be shown and can allow it.
You can ask your IT if they control which certificates are trusted by the use of a global certificate store. If so, just put your certificate in this global store and it will be automatically accepted by the client machines.