Share via

Workflow Manager 1.0 Trusted Surface


Updated: July 12, 2012

Workflow Manager 1.0 introduces the notion of a Trusted Surface to author workflows. A Trusted Surface is a set of trusted types and activities available to users to author their workflows. Workflow authors create workflows declaratively using compositions of those types and activities. The allowed types are restricted using a list of allowed types that contains the set of allowed types in the system. When the white-list is on, workflow definitions will be checked at load time to ensure that only allowed types are used. This topic provides an overview of authoring declarative workflows using the Workflow Manager 1.0 Trusted Surface.

Authoring Declarative Workflows for Workflow Manager 1.0

Workflows hosted in Workflow Manager 1.0 are fully declarative and authored using a Trusted Surface, using Update 4.0.3 for Microsoft .NET Framework 4 and Windows Workflow Foundation (WF4). To author a workflow for Workflow Manager 1.0, activities, expressions, and variables from the Trusted Surface are used. The activities used can be from the approved activity list, and custom XAML activities can be used that are composed of Trusted Activities. Visual Basic expressions are not permitted in the workflow definition that is hosted in Workflow Manager 1.0, but expression activities from the Microsoft.Activities.Expressions namespace can be used when authoring workflows. The expressions are translated into supported activities before the workflow definition is uploaded to Workflow Manager 1.0. Variables in the workflow are constrained to data types from the Trusted Surface.

Workflows can be authored using the workflow designer in Visual Studio, directly creating XAML via a rehosted designer, or in code by creating an activity using ActivityBuilder that derives from Activity and is serialized to Xaml. For Workflow Manager 1.0samples, see Samples.

Workflow Manager 1.0Trusted Surface

The Trusted Surface for Workflow Manager 1.0 consists of types and workflow activities from .NET Framework version 4 as well as new types introduced in Workflow Manager 1.0. Many types are supported, and most out of the box activities are supported. The following table contains the supported types. For each of these supported types, there is a corresponding set of activities for manipulating these types.

Type Supporting Activities
String String Activities
Date support using DateTime and TimeSpan Date Support Activities
Numeric support using Int32 and Double Numeric Type Activities
Boolean Boolean Activities
Guid Guid Activities
ICollection, including IList Collection Activities
IDictionary and KeyValuePair IDictionary
DynamicValue DynamicValue Activities
Exception Exception Activities
Uri Uri Activities


In addition to activities to support expressions and primitive type manipulation, Workflow Manager 1.0 introduces activities to support expressions, messaging, security, data manipulation, and configuration. For more information on these activities, please see Activities Overview. These activities are part of the Trusted Surface.

In addition to the new activities introduced in Workflow Manager 1.0, the following WF4 activities from the listed workflow assemblies and respective namespaces are supported with the noted exceptions.

  • System.Activities.dll

    • All activities except

      • InvokeMethod

      • InvokeMethod<T>

      • New<T>

      • Cast<T>

      • VisualBasicValue<T>

      • VisualBasicReference<T>

      • LambdaValue<T>

      • LambdaReference<T>

      • TransactionScope

      • Persist

      • Most activities in System.Activities.Expressions are unsupported but there are equivalent activities in the Microsoft.Workflow.* assemblies.

        VariableValue<T>, VariableReference<T>, ArgumentValue<T>, and ArgumentReference<T> are supported.


Some of the activities in this list may be unfamiliar to workflow authors because they are not used directly, but are used when expressions are translated into activities.

System_CAPS_ICON_important.jpg Important

Note that while some items like Visual Basic expressions are not supported, it does not mean that you cannot use them in your workflows. It means that these items cannot be part of your workflow definitions that are hosted in Workflow Manager 1.0. Before workflows are uploaded to Workflow Manager 1.0 they must be translated. Translation is the process of evaluating expressions and converting them to use supported activities from the Trusted Surface.

The following table contains additional information about some of the activities that are not available in the Workflow Manager 1.0 Trusted Surface.

Activity Description Not available because
InvokeMethod/InvokeMethod<TResult> Invokes an instance or static public method in a type in scope. Method may optionally have a return value. Method could contain malicious/arbitrary customer code.
New<TResult> Creates a new instance of a type. The constructor could contain malicious code. Note: New<Uri> is supported.
Cast<TOperand, TResult> Converts one type to another. Results in the invocation of the constructor in the result type. The constructor in the result type could contain malicious code.
PropertyValue<TResult> Invokes a property getter. Getter could contain malicious/arbitrary customer code.
PropertyReference<TResult> Invokes a property setter. Setter could contain malicious/arbitrary customer code.
VisualBasicValue<TResult> Evaluates a Visual Basic expression that returns a value. Can run arbitrary and potentially malicious Visual Basic code.
VisualBasicReference<TResult> Evaluates a Visual Basic expression that returns a location reference. Can run arbitrary and potentially malicious Visual Basic code.
LambdaValue<TResult> Evaluates a lambda expression that returns a value. Can execute arbitrary and potentially malicious C# or Visual Basic code.
LambdaReference<TResult> Evaluates a lambda expression that returns a location reference. Can execute arbitrary and potentially malicious C# or Visual Basic code.