diff --git a/Samples/Genetec Web Player/GwpDesktopPlayerSample/App.xaml b/Samples/Genetec Web Player/GwpDesktopPlayerSample/App.xaml
new file mode 100644
index 0000000..97f8afe
--- /dev/null
+++ b/Samples/Genetec Web Player/GwpDesktopPlayerSample/App.xaml	
@@ -0,0 +1,8 @@
+<Application x:Class="Genetec.Dap.CodeSamples.App"
+             xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+             xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+             StartupUri="MainWindow.xaml">
+    <Application.Resources>
+
+    </Application.Resources>
+</Application>
diff --git a/Samples/Genetec Web Player/GwpDesktopPlayerSample/App.xaml.cs b/Samples/Genetec Web Player/GwpDesktopPlayerSample/App.xaml.cs
new file mode 100644
index 0000000..3f2605f
--- /dev/null
+++ b/Samples/Genetec Web Player/GwpDesktopPlayerSample/App.xaml.cs	
@@ -0,0 +1,11 @@
+// Copyright 2025 Genetec Inc.
+// Licensed under the Apache License, Version 2.0
+
+using System.Windows;
+
+namespace Genetec.Dap.CodeSamples;
+
+public partial class App : Application
+{
+}
+
diff --git a/Samples/Genetec Web Player/GwpDesktopPlayerSample/AssemblyInfo.cs b/Samples/Genetec Web Player/GwpDesktopPlayerSample/AssemblyInfo.cs
new file mode 100644
index 0000000..1119c32
--- /dev/null
+++ b/Samples/Genetec Web Player/GwpDesktopPlayerSample/AssemblyInfo.cs	
@@ -0,0 +1,13 @@
+// Copyright 2025 Genetec Inc.
+// Licensed under the Apache License, Version 2.0
+
+using System.Windows;
+
+[assembly:ThemeInfo(
+    ResourceDictionaryLocation.None,            //where theme specific resource dictionaries are located
+                                                //(used if a resource is not found in the page,
+                                                // or application resource dictionaries)
+    ResourceDictionaryLocation.SourceAssembly   //where the generic resource dictionary is located
+                                                //(used if a resource is not found in the page,
+                                                // app, or any theme specific resource dictionaries)
+)]
diff --git a/Samples/Genetec Web Player/GwpDesktopPlayerSample/GwpDesktopPlayerSample.csproj b/Samples/Genetec Web Player/GwpDesktopPlayerSample/GwpDesktopPlayerSample.csproj
new file mode 100644
index 0000000..1ac0c7d
--- /dev/null
+++ b/Samples/Genetec Web Player/GwpDesktopPlayerSample/GwpDesktopPlayerSample.csproj	
@@ -0,0 +1,26 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>WinExe</OutputType>
+    <TargetFramework>net8.0-windows</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <UseWPF>true</UseWPF>
+    <AssemblyName>GwpDesktopPlayerSample</AssemblyName>
+    <RootNamespace>Genetec.Dap.CodeSamples</RootNamespace>
+    <Description>Sample project</Description>
+    <Company>Genetec Inc.</Company>
+    <Copyright>Copyright © Genetec Inc. 2025</Copyright>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Web.WebView2" Version="1.0.3240.44" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Content Include="wwwroot\**\*">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </Content>
+  </ItemGroup>
+
+</Project>
diff --git a/Samples/Genetec Web Player/GwpDesktopPlayerSample/MainWindow.xaml b/Samples/Genetec Web Player/GwpDesktopPlayerSample/MainWindow.xaml
new file mode 100644
index 0000000..dcb4e9f
--- /dev/null
+++ b/Samples/Genetec Web Player/GwpDesktopPlayerSample/MainWindow.xaml	
@@ -0,0 +1,91 @@
+<Window x:Class="Genetec.Dap.CodeSamples.MainWindow"
+        xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+        xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+        xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
+        xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
+        xmlns:wv2="clr-namespace:Microsoft.Web.WebView2.Wpf;assembly=Microsoft.Web.WebView2.Wpf"
+        mc:Ignorable="d"
+        Title="GWP Desktop Player Sample"
+        Height="900"
+        Width="1440"
+        MinHeight="720"
+        MinWidth="1100">
+    <DockPanel>
+        <Border DockPanel.Dock="Top"
+                Padding="12"
+                Background="#0B172A"
+                BorderBrush="#17324F"
+                BorderThickness="0,0,0,1">
+            <Grid>
+                <Grid.ColumnDefinitions>
+                    <ColumnDefinition Width="*" />
+                    <ColumnDefinition Width="Auto" />
+                    <ColumnDefinition Width="Auto" />
+                </Grid.ColumnDefinitions>
+
+                <TextBlock x:Name="StatusTextBlock"
+                           VerticalAlignment="Center"
+                           Text="Initializing WebView2..."
+                           Foreground="#B7C6D8" />
+
+                <StackPanel Grid.Column="1"
+                            Margin="20,0,16,0"
+                            VerticalAlignment="Center">
+                    <TextBlock Text="Security Center Authentication"
+                               FontSize="12"
+                               FontWeight="SemiBold"
+                               Foreground="#F5F7FA" />
+                    <StackPanel Margin="0,6,0,0"
+                                Orientation="Horizontal">
+                        <StackPanel>
+                            <TextBlock Text="Username"
+                                       FontSize="11"
+                                       Foreground="#B7C6D8" />
+                            <TextBox x:Name="UsernameTextBox"
+                                     Width="170"
+                                     Margin="0,4,8,0"
+                                     Padding="8,4"
+                                     TextChanged="UsernameTextBox_TextChanged" />
+                        </StackPanel>
+                        <StackPanel>
+                            <TextBlock Text="Password"
+                                       FontSize="11"
+                                       Foreground="#B7C6D8" />
+                            <PasswordBox x:Name="PasswordBox"
+                                         Width="170"
+                                         Margin="0,4,0,0"
+                                         Padding="8,4"
+                                         PasswordChanged="PasswordBox_PasswordChanged" />
+                        </StackPanel>
+                    </StackPanel>
+                    <StackPanel Margin="0,8,0,0">
+                        <TextBlock Text="SDK Certificate"
+                                   FontSize="11"
+                                   Foreground="#B7C6D8" />
+                        <TextBox x:Name="SdkCertificateTextBox"
+                                 Width="348"
+                                 Margin="0,4,0,0"
+                                 Padding="8,4"
+                                 TextChanged="SdkCertificateTextBox_TextChanged" />
+                    </StackPanel>
+                </StackPanel>
+
+                <StackPanel Grid.Column="2"
+                            Orientation="Horizontal"
+                            VerticalAlignment="Center">
+                    <Button x:Name="RefreshButton"
+                            Margin="0,0,8,0"
+                            Padding="14,8"
+                            Click="RefreshButton_Click"
+                            Content="Refresh" />
+                    <Button x:Name="DevToolsButton"
+                            Padding="14,8"
+                            Click="DevToolsButton_Click"
+                            Content="DevTools" />
+                </StackPanel>
+            </Grid>
+        </Border>
+
+        <wv2:WebView2 x:Name="Browser" />
+    </DockPanel>
+</Window>
diff --git a/Samples/Genetec Web Player/GwpDesktopPlayerSample/MainWindow.xaml.cs b/Samples/Genetec Web Player/GwpDesktopPlayerSample/MainWindow.xaml.cs
new file mode 100644
index 0000000..6d9d5a1
--- /dev/null
+++ b/Samples/Genetec Web Player/GwpDesktopPlayerSample/MainWindow.xaml.cs	
@@ -0,0 +1,157 @@
+// Copyright 2025 Genetec Inc.
+// Licensed under the Apache License, Version 2.0
+
+using System;
+using System.IO;
+using System.Text.Json;
+using System.Windows;
+using System.Windows.Controls;
+using System.Windows.Input;
+using Microsoft.Web.WebView2.Core;
+
+namespace Genetec.Dap.CodeSamples;
+
+public partial class MainWindow : Window
+{
+    private static readonly Uri s_appUri = new("https://app.local/index.html");
+
+    private NativePlaybackConfiguration? m_playbackConfiguration;
+    private TokenProvider? m_tokenProvider;
+
+    public MainWindow()
+    {
+        InitializeComponent();
+#if !DEBUG
+        DevToolsButton.Visibility = Visibility.Collapsed;
+#endif
+        Loaded += OnLoaded;
+        Closed += OnClosed;
+        PreviewKeyDown += OnPreviewKeyDown;
+    }
+
+    private async void OnLoaded(object sender, RoutedEventArgs e)
+    {
+        try
+        {
+            var webRoot = Path.Combine(AppContext.BaseDirectory, "wwwroot");
+            m_playbackConfiguration = NativePlaybackConfiguration.LoadFromEnvironment();
+            UsernameTextBox.Text = m_playbackConfiguration.Username;
+            PasswordBox.Password = m_playbackConfiguration.Password;
+            SdkCertificateTextBox.Text = m_playbackConfiguration.SdkCertificate;
+            m_tokenProvider = new TokenProvider(m_playbackConfiguration);
+
+            var userDataFolder = Path.Combine(
+                Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+                "GwpDesktopPlayerSample",
+                "WebView2Data");
+            var environment = await CoreWebView2Environment.CreateAsync(userDataFolder: userDataFolder);
+
+            await Browser.EnsureCoreWebView2Async(environment);
+#if DEBUG
+            Browser.CoreWebView2.ServerCertificateErrorDetected += OnServerCertificateErrorDetected;
+#endif
+            Browser.CoreWebView2.SetVirtualHostNameToFolderMapping(
+                "app.local",
+                webRoot,
+                CoreWebView2HostResourceAccessKind.Allow);
+            Browser.CoreWebView2.Settings.AreDefaultContextMenusEnabled = true;
+#if DEBUG
+            Browser.CoreWebView2.Settings.AreDevToolsEnabled = true;
+#else
+            Browser.CoreWebView2.Settings.AreDevToolsEnabled = false;
+#endif
+            Browser.CoreWebView2.Settings.IsStatusBarEnabled = true;
+
+            var bootstrapScript = $"window.__GWP_HOST_CONFIG__ = {JsonSerializer.Serialize(new
+            {
+                mediaGatewayEndpoint = m_playbackConfiguration.MediaGatewayEndpoint,
+                serverVersion = m_playbackConfiguration.ServerVersion,
+            })};";
+            await Browser.CoreWebView2.AddScriptToExecuteOnDocumentCreatedAsync(bootstrapScript);
+
+            Browser.CoreWebView2.AddHostObjectToScript("tokenProvider", m_tokenProvider);
+            Browser.CoreWebView2.NavigationStarting += OnNavigationStarting;
+            Browser.CoreWebView2.NavigationCompleted += OnNavigationCompleted;
+            Browser.CoreWebView2.Navigate(s_appUri.ToString());
+            StatusTextBlock.Text =
+                $"WebView2 ready. Native playback configuration loaded for {m_playbackConfiguration.MediaGatewayEndpoint}.";
+        }
+        catch (Exception exception)
+        {
+            StatusTextBlock.Text = "Failed to initialize WebView2.";
+            MessageBox.Show(this, exception.ToString(), "WebView2 initialization failed", MessageBoxButton.OK, MessageBoxImage.Error);
+        }
+    }
+
+    private void OnNavigationStarting(object? sender, CoreWebView2NavigationStartingEventArgs e)
+    {
+        if (Uri.TryCreate(e.Uri, UriKind.Absolute, out var uri) && uri.Host != s_appUri.Host)
+        {
+            e.Cancel = true;
+        }
+    }
+
+    private void OnNavigationCompleted(object? sender, CoreWebView2NavigationCompletedEventArgs e)
+    {
+        StatusTextBlock.Text = e.IsSuccess
+            ? "Local GWP host page loaded. Enter a camera GUID to start playback."
+            : $"Navigation failed with error {e.WebErrorStatus}.";
+    }
+
+    private void OnClosed(object? sender, EventArgs e)
+    {
+        (m_tokenProvider as IDisposable)?.Dispose();
+        m_tokenProvider = null;
+    }
+
+    private void OnServerCertificateErrorDetected(object? sender, CoreWebView2ServerCertificateErrorDetectedEventArgs e)
+    {
+        e.Action = CoreWebView2ServerCertificateErrorAction.AlwaysAllow;
+
+        if (Uri.TryCreate(e.RequestUri, UriKind.Absolute, out var uri))
+        {
+            StatusTextBlock.Text = $"Allowed certificate warning for development endpoint {uri.Host}.";
+        }
+    }
+
+    private void RefreshButton_Click(object sender, RoutedEventArgs e)
+    {
+        if (Browser.CoreWebView2 is null)
+        {
+            return;
+        }
+
+        Browser.Reload();
+    }
+
+    private void UsernameTextBox_TextChanged(object sender, TextChangedEventArgs e) => SyncNativeCredentials();
+
+    private void PasswordBox_PasswordChanged(object sender, RoutedEventArgs e) => SyncNativeCredentials();
+
+    private void SdkCertificateTextBox_TextChanged(object sender, TextChangedEventArgs e) => SyncNativeCredentials();
+
+    private void DevToolsButton_Click(object sender, RoutedEventArgs e)
+    {
+#if DEBUG
+        Browser.CoreWebView2?.OpenDevToolsWindow();
+#endif
+    }
+
+    private void OnPreviewKeyDown(object sender, KeyEventArgs e)
+    {
+#if DEBUG
+        if (e.Key != Key.F12)
+        {
+            return;
+        }
+
+        Browser.CoreWebView2?.OpenDevToolsWindow();
+        e.Handled = true;
+#endif
+    }
+
+    private void SyncNativeCredentials()
+    {
+        m_tokenProvider?.UpdateAuthentication(UsernameTextBox.Text, PasswordBox.Password, SdkCertificateTextBox.Text);
+    }
+}
diff --git a/Samples/Genetec Web Player/GwpDesktopPlayerSample/README.md b/Samples/Genetec Web Player/GwpDesktopPlayerSample/README.md
new file mode 100644
index 0000000..db6557e
--- /dev/null
+++ b/Samples/Genetec Web Player/GwpDesktopPlayerSample/README.md	
@@ -0,0 +1,89 @@
+# GWP Desktop Player Sample
+
+This sample demonstrates the feasible hosting model for the Genetec Web Player inside a .NET WPF application:
+
+- WPF hosts a `WebView2` control.
+- The `WebView2` instance serves a local page from the virtual host `https://app.local`.
+- The local page loads `gwp.js` directly from the target Media Gateway and runs GWP in the browser environment it expects.
+- Token retrieval runs in .NET via a COM-visible `TokenProvider` exposed to JavaScript through `AddHostObjectToScript`.
+- The hosted page receives non-secret bootstrap settings and requests opaque camera tokens from the native token provider. Media Gateway credentials stay in the WPF host process.
+
+## Run
+
+```powershell
+dotnet run
+```
+
+### Native playback configuration
+
+The WPF host loads Media Gateway settings from environment variables before it creates the WebView:
+
+- `GWP_MEDIA_GATEWAY_ENDPOINT`
+- `GWP_USERNAME`
+- `GWP_PASSWORD`
+- `GWP_SDK_CERTIFICATE`
+- `GWP_SERVER_VERSION` (optional)
+
+If you do not set them, the sample falls back to the local development defaults:
+
+- Media Gateway endpoint: `https://localhost/media`
+- Username: `admin`
+- Password: blank
+- SDK certificate: Genetec development certificate
+
+After startup, the WPF header lets the operator edit the username, password, and SDK certificate natively. Those values stay in the host process and become the authentication inputs used by the .NET `TokenProvider` for later token requests.
+
+Example:
+
+```powershell
+$env:GWP_MEDIA_GATEWAY_ENDPOINT = 'https://localhost/media'
+$env:GWP_USERNAME = 'admin'
+$env:GWP_PASSWORD = ''
+$env:GWP_SDK_CERTIFICATE = 'KxsD11z743Hf5Gq9mv3+5ekxzemlCiUXkTFY5ba1NOGcLCmGstt2n0zYE9NsNimv'
+$env:GWP_SERVER_VERSION = '5.12.0.0'
+dotnet run
+```
+
+## Required environment setup
+
+### 1. Trust the Media Gateway certificate
+
+If the Media Gateway certificate is self-signed or otherwise untrusted, WebView2 will fail to load `gwp.js` or connect to the gateway.
+
+For development (`Debug` builds only), this sample automatically allows certificate warnings for `localhost`, `127.0.0.1`, and `::1` inside both WebView2 and the .NET `TokenProvider`. These bypasses are compiled out in `Release` builds. Production deployments should use a trusted certificate.
+
+### 2. Allow the hosted page origin in Media Gateway CORS
+
+This sample uses the origin `https://app.local`.
+
+If strict CORS is enabled, add that origin to `MediaGateway.gconfig`:
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration>
+    <MediaGateway EnforceStrictCrossOrigin="true">
+        <AllowedOrigin Origin="https://app.local" />
+    </MediaGateway>
+</Configuration>
+```
+
+Restart the Media Gateway role after the change.
+
+### 3. Use a matching GWP build
+
+The sample loads `gwp.js` from `${mediaGatewayEndpoint}/v2/files/gwp.js` so the player version matches the Security Center version.
+
+## Scope and limitations
+
+- This sample demonstrates a feasible hosting pattern. It is not a production-ready security design.
+- Media Gateway authentication is configured in the WPF host and token requests are executed by native `HttpClient`.
+- Username, password, and SDK certificate can be edited in the WPF header at runtime. They never enter the browser page, but they remain operator-supplied authentication values that should be handled carefully in a real application.
+- The default SDK certificate is the Genetec development certificate intended for SDK development only, until the operator overrides it in the WPF header.
+- The effective trust boundary for this sample is the local `https://app.local` page plus the `gwp.js` file loaded from the configured Media Gateway. For production, move to a fully native authentication flow, for example through the Security Center SDK `Engine`, and consider how you want to version and trust the GWP asset itself.
+- DevTools access and certificate bypass are gated behind `#if DEBUG` and are compiled out of `Release` builds.
+- A Content Security Policy meta tag restricts script sources, connections, and media to `self`, `https:`, `wss:`, and `blob:`.
+- The WPF host blocks top-level navigations away from the `app.local` virtual host.
+- Player startup is cancellable. Clicking Stop during script load or session establishment cancels the in-flight start and cleans up any partially created player.
+- WebView2 user data is stored under `%LOCALAPPDATA%\GwpDesktopPlayerSample\WebView2Data`.
+- Browser autoplay rules apply to audio.
+- Video rendering and overlays remain in the HTML layer, not the WPF visual tree.
diff --git a/Samples/Genetec Web Player/GwpDesktopPlayerSample/TokenProvider.cs b/Samples/Genetec Web Player/GwpDesktopPlayerSample/TokenProvider.cs
new file mode 100644
index 0000000..78ad7e3
--- /dev/null
+++ b/Samples/Genetec Web Player/GwpDesktopPlayerSample/TokenProvider.cs	
@@ -0,0 +1,158 @@
+// Copyright 2025 Genetec Inc.
+// Licensed under the Apache License, Version 2.0
+
+using System;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Genetec.Dap.CodeSamples;
+
+internal sealed class NativePlaybackConfiguration
+{
+    private const string DefaultMediaGatewayEndpoint = "https://localhost/media";
+    private const string DefaultUsername = "admin";
+    private const string DefaultSdkCertificate = "KxsD11z743Hf5Gq9mv3+5ekxzemlCiUXkTFY5ba1NOGcLCmGstt2n0zYE9NsNimv";
+
+    public string MediaGatewayEndpoint { get; }
+
+    public string Username { get; }
+
+    public string Password { get; }
+
+    public string SdkCertificate { get; }
+
+    public string? ServerVersion { get; }
+
+    private NativePlaybackConfiguration(
+        string mediaGatewayEndpoint,
+        string username,
+        string password,
+        string sdkCertificate,
+        string? serverVersion)
+    {
+        MediaGatewayEndpoint = NormalizeEndpoint(mediaGatewayEndpoint);
+        Username = RequireValue(username, nameof(username));
+        Password = password;
+        SdkCertificate = RequireValue(sdkCertificate, nameof(sdkCertificate));
+        ServerVersion = string.IsNullOrWhiteSpace(serverVersion) ? null : serverVersion.Trim();
+    }
+
+    public static NativePlaybackConfiguration LoadFromEnvironment() =>
+        new(
+            mediaGatewayEndpoint: ReadValue("GWP_MEDIA_GATEWAY_ENDPOINT", DefaultMediaGatewayEndpoint),
+            username: ReadValue("GWP_USERNAME", DefaultUsername),
+            password: Environment.GetEnvironmentVariable("GWP_PASSWORD") ?? string.Empty,
+            sdkCertificate: ReadValue("GWP_SDK_CERTIFICATE", DefaultSdkCertificate),
+            serverVersion: Environment.GetEnvironmentVariable("GWP_SERVER_VERSION"));
+
+    private static string NormalizeEndpoint(string mediaGatewayEndpoint)
+    {
+        var candidate = RequireValue(mediaGatewayEndpoint, nameof(mediaGatewayEndpoint)).TrimEnd('/');
+        if (!Uri.TryCreate(candidate, UriKind.Absolute, out _))
+        {
+            throw new InvalidOperationException(
+                $"The configured Media Gateway endpoint '{candidate}' is not a valid absolute URI.");
+        }
+
+        return candidate;
+    }
+
+    private static string ReadValue(string environmentVariableName, string fallbackValue)
+    {
+        var candidate = Environment.GetEnvironmentVariable(environmentVariableName);
+        return string.IsNullOrWhiteSpace(candidate) ? fallbackValue : candidate.Trim();
+    }
+
+    private static string RequireValue(string value, string parameterName)
+    {
+        if (string.IsNullOrWhiteSpace(value))
+        {
+            throw new InvalidOperationException($"The configured value for '{parameterName}' cannot be empty.");
+        }
+
+        return value.Trim();
+    }
+}
+
+[ClassInterface(ClassInterfaceType.AutoDual)]
+[ComVisible(true)]
+public sealed class TokenProvider : IDisposable
+{
+    private readonly object m_credentialSync = new();
+    private readonly NativePlaybackConfiguration m_configuration;
+    private readonly HttpClient m_httpClient;
+    private bool m_hasUsername;
+    private bool m_hasSdkCertificate;
+    private string m_authorizationParameter = string.Empty;
+
+    internal TokenProvider(NativePlaybackConfiguration configuration)
+    {
+        m_configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
+
+        var handler = new HttpClientHandler();
+#if DEBUG
+        handler.ServerCertificateCustomValidationCallback =
+            HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
+#endif
+        m_httpClient = new HttpClient(handler);
+        UpdateAuthentication(m_configuration.Username, m_configuration.Password, m_configuration.SdkCertificate);
+    }
+
+    internal void UpdateAuthentication(string username, string password, string sdkCertificate)
+    {
+        var normalizedUsername = username?.Trim() ?? string.Empty;
+        var normalizedPassword = password ?? string.Empty;
+        var normalizedSdkCertificate = sdkCertificate?.Trim() ?? string.Empty;
+        var authorizationParameter = Convert.ToBase64String(
+            Encoding.UTF8.GetBytes($"{normalizedUsername};{normalizedSdkCertificate}:{normalizedPassword}"));
+
+        lock (m_credentialSync)
+        {
+            m_hasUsername = normalizedUsername.Length > 0;
+            m_hasSdkCertificate = normalizedSdkCertificate.Length > 0;
+            m_authorizationParameter = authorizationParameter;
+        }
+    }
+
+    public async Task<string> GetToken(string cameraId)
+    {
+        if (string.IsNullOrWhiteSpace(cameraId))
+        {
+            throw new ArgumentException("A camera GUID is required.", nameof(cameraId));
+        }
+
+        string authorizationParameter;
+        bool hasUsername;
+        bool hasSdkCertificate;
+        lock (m_credentialSync)
+        {
+            hasUsername = m_hasUsername;
+            hasSdkCertificate = m_hasSdkCertificate;
+            authorizationParameter = m_authorizationParameter;
+        }
+
+        if (!hasUsername)
+        {
+            throw new InvalidOperationException("A native username is required before requesting a token.");
+        }
+
+        if (!hasSdkCertificate)
+        {
+            throw new InvalidOperationException("A native SDK certificate is required before requesting a token.");
+        }
+
+        using var request = new HttpRequestMessage(
+            HttpMethod.Get,
+            $"{m_configuration.MediaGatewayEndpoint}/v2/token/{Uri.EscapeDataString(cameraId.Trim())}");
+        request.Headers.Authorization = new AuthenticationHeaderValue("Basic", authorizationParameter);
+
+        using var response = await m_httpClient.SendAsync(request).ConfigureAwait(false);
+        response.EnsureSuccessStatusCode();
+        return await response.Content.ReadAsStringAsync().ConfigureAwait(false);
+    }
+
+    void IDisposable.Dispose() => m_httpClient.Dispose();
+}
diff --git a/Samples/Genetec Web Player/GwpDesktopPlayerSample/wwwroot/index.html b/Samples/Genetec Web Player/GwpDesktopPlayerSample/wwwroot/index.html
new file mode 100644
index 0000000..b5fe91d
--- /dev/null
+++ b/Samples/Genetec Web Player/GwpDesktopPlayerSample/wwwroot/index.html	
@@ -0,0 +1,554 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:; script-src 'self' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src https: wss:; media-src https: blob:;">
+  <title>GWP Desktop Player Sample</title>
+  <style>
+    :root {
+      --bg: #edf3f8;
+      --surface: rgba(255, 255, 255, 0.92);
+      --surface-strong: #ffffff;
+      --ink: #102033;
+      --muted: #54667a;
+      --line: #d6e0ea;
+      --accent: #0f766e;
+      --accent-strong: #115e59;
+      --warning: #92400e;
+      --danger: #b91c1c;
+      --shadow: 0 24px 60px rgba(16, 32, 51, 0.12);
+    }
+
+    * {
+      box-sizing: border-box;
+    }
+
+    body {
+      margin: 0;
+      font-family: "Segoe UI", "Aptos", sans-serif;
+      color: var(--ink);
+      background:
+        radial-gradient(circle at top left, rgba(15, 118, 110, 0.12), transparent 28%),
+        radial-gradient(circle at right, rgba(22, 101, 52, 0.10), transparent 22%),
+        linear-gradient(180deg, #f8fbfd 0%, var(--bg) 100%);
+      min-height: 100vh;
+    }
+
+    html,
+    body {
+      height: 100%;
+    }
+
+    .shell {
+      display: grid;
+      grid-template-columns: 360px minmax(0, 1fr);
+      gap: 18px;
+      padding: 18px;
+      min-height: 100vh;
+      height: 100vh;
+    }
+
+    .panel {
+      background: var(--surface);
+      backdrop-filter: blur(10px);
+      border: 1px solid var(--line);
+      border-radius: 22px;
+      box-shadow: var(--shadow);
+      min-height: 0;
+    }
+
+    .controls {
+      padding: 22px;
+      display: flex;
+      flex-direction: column;
+      gap: 18px;
+      min-height: 0;
+      overflow: auto;
+    }
+
+    h1 {
+      margin: 0;
+      font-size: 1.8rem;
+      line-height: 1.1;
+    }
+
+    .lede {
+      margin: 8px 0 0;
+      color: var(--muted);
+      line-height: 1.45;
+    }
+
+    .origin {
+      margin-top: 8px;
+      padding: 10px 12px;
+      border-radius: 12px;
+      background: #ecfdf5;
+      border: 1px solid #a7f3d0;
+      color: #065f46;
+      font-size: 0.95rem;
+    }
+
+    .field-grid {
+      display: grid;
+      gap: 12px;
+    }
+
+    label {
+      display: grid;
+      gap: 6px;
+      font-size: 0.92rem;
+      color: var(--muted);
+    }
+
+    input {
+      width: 100%;
+      padding: 11px 12px;
+      border-radius: 12px;
+      border: 1px solid var(--line);
+      background: var(--surface-strong);
+      color: var(--ink);
+      font: inherit;
+    }
+
+    .row {
+      display: grid;
+      grid-template-columns: repeat(2, minmax(0, 1fr));
+      gap: 10px;
+    }
+
+    .actions {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 10px;
+    }
+
+    button {
+      appearance: none;
+      border: none;
+      border-radius: 999px;
+      padding: 10px 16px;
+      font: inherit;
+      cursor: pointer;
+      transition: transform 120ms ease, opacity 120ms ease, background-color 120ms ease;
+    }
+
+    button:hover {
+      transform: translateY(-1px);
+    }
+
+    button.primary {
+      background: var(--accent);
+      color: white;
+    }
+
+    button.primary:hover {
+      background: var(--accent-strong);
+    }
+
+    button.secondary {
+      background: #dce8f2;
+      color: var(--ink);
+    }
+
+    .note {
+      margin-top: auto;
+      padding: 14px;
+      border-radius: 14px;
+      background: #fff7ed;
+      border: 1px solid #fed7aa;
+      color: var(--warning);
+      font-size: 0.93rem;
+      line-height: 1.45;
+    }
+
+    .stage {
+      display: flex;
+      flex-direction: column;
+      min-height: 0;
+      overflow: hidden;
+    }
+
+    .stage-header {
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      padding: 18px 22px 0;
+    }
+
+    .status-chip {
+      padding: 8px 12px;
+      border-radius: 999px;
+      background: #e0f2fe;
+      color: #075985;
+      font-size: 0.9rem;
+    }
+
+    #playerContainer {
+      margin: 18px 22px 14px;
+      width: auto;
+      aspect-ratio: 16 / 9;
+      min-height: 320px;
+      max-height: min(56vh, 560px);
+      flex: 0 0 auto;
+      border-radius: 20px;
+      overflow: hidden;
+      position: relative;
+      background:
+        linear-gradient(135deg, #07111f 0%, #11263f 100%);
+      border: 1px solid #17324f;
+    }
+
+    #playerContainer::before {
+      content: "GWP video surface";
+      position: absolute;
+      inset: 16px auto auto 16px;
+      padding: 6px 10px;
+      border-radius: 999px;
+      background: rgba(12, 23, 42, 0.65);
+      color: rgba(255, 255, 255, 0.72);
+      font-size: 0.82rem;
+      letter-spacing: 0.03em;
+      z-index: 0;
+    }
+
+    .log {
+      margin: 0 22px 22px;
+      padding: 14px;
+      border-radius: 16px;
+      background: #08111f;
+      color: #d8e6f5;
+      min-height: 180px;
+      overflow: auto;
+      flex: 1 1 auto;
+      height: 100%;
+      font: 0.88rem/1.45 Consolas, "Cascadia Code", monospace;
+      white-space: pre-wrap;
+    }
+
+    .log .error {
+      color: #fca5a5;
+    }
+
+    .log .warn {
+      color: #fdba74;
+    }
+
+    @media (max-width: 1100px) {
+      .shell {
+        grid-template-columns: 1fr;
+        height: auto;
+      }
+
+      #playerContainer {
+        min-height: 240px;
+        max-height: min(42vh, 420px);
+      }
+    }
+  </style>
+</head>
+<body>
+  <div class="shell">
+    <section class="panel controls">
+      <div>
+        <p class="lede">This page runs with the origin shown below. Add that origin to the Media Gateway allowed origins list when strict CORS is enabled.</p>
+        <div class="origin" id="originDisplay"></div>
+      </div>
+
+      <div class="field-grid">
+        <label>
+          Media Gateway endpoint
+          <input id="mediaGatewayEndpoint" type="text" readonly>
+        </label>
+        <label>
+          Server version
+          <input id="serverVersion" type="text" readonly>
+        </label>
+        <label>
+          Camera GUID
+          <input id="cameraGuid" type="text" placeholder="00000000-0000-0000-0000-000000000000" spellcheck="false">
+        </label>
+      </div>
+
+      <div class="actions">
+        <button id="startButton" class="primary">Start Player</button>
+        <button id="stopButton" class="secondary">Stop</button>
+        <button id="liveButton" class="secondary">Live</button>
+        <button id="pauseButton" class="secondary">Pause</button>
+        <button id="resumeButton" class="secondary">Resume</button>
+        <button id="toggleAudioButton" class="secondary">Toggle Audio</button>
+      </div>
+
+    </section>
+
+    <section class="panel stage">
+      <div class="stage-header">
+        <div id="statusChip" class="status-chip">Idle</div>
+      </div>
+
+      <div id="playerContainer"></div>
+      <div id="log" class="log"></div>
+    </section>
+  </div>
+
+  <script>
+    const hostConfig = Object.freeze(window.__GWP_HOST_CONFIG__ ?? {});
+    const state = {
+      player: null,
+      gwpLoadedFor: null,
+      startGeneration: 0,
+      activeStartGeneration: null,
+    };
+
+    const elements = {
+      originDisplay: document.getElementById('originDisplay'),
+      statusChip: document.getElementById('statusChip'),
+      log: document.getElementById('log'),
+      playerContainer: document.getElementById('playerContainer'),
+      mediaGatewayEndpoint: document.getElementById('mediaGatewayEndpoint'),
+      serverVersion: document.getElementById('serverVersion'),
+      cameraGuid: document.getElementById('cameraGuid'),
+      startButton: document.getElementById('startButton'),
+      stopButton: document.getElementById('stopButton'),
+      liveButton: document.getElementById('liveButton'),
+      pauseButton: document.getElementById('pauseButton'),
+      resumeButton: document.getElementById('resumeButton'),
+      toggleAudioButton: document.getElementById('toggleAudioButton'),
+    };
+
+    elements.originDisplay.textContent = `Current origin: ${window.location.origin}`;
+    elements.mediaGatewayEndpoint.value = hostConfig.mediaGatewayEndpoint ?? 'Native Media Gateway endpoint not configured';
+    elements.serverVersion.value = hostConfig.serverVersion ?? 'Use Media Gateway default';
+
+    function setStatus(text) {
+      elements.statusChip.textContent = text;
+    }
+
+    function logLine(message, level = 'info') {
+      const line = document.createElement('div');
+      const stamp = new Date().toLocaleTimeString();
+      if (level !== 'info') {
+        line.classList.add(level);
+      }
+      line.textContent = `[${stamp}] ${message}`;
+      elements.log.prepend(line);
+    }
+
+    async function ensureGwpLoaded(mediaGatewayEndpoint) {
+      const scriptUrl = `${mediaGatewayEndpoint}/v2/files/gwp.js`;
+
+      if (window.gwp && state.gwpLoadedFor === scriptUrl) {
+        return;
+      }
+
+      if (window.gwp && state.gwpLoadedFor !== scriptUrl) {
+        throw new Error('GWP was already loaded from a different Media Gateway. Refresh the page before switching servers.');
+      }
+
+      await new Promise((resolve, reject) => {
+        const script = document.createElement('script');
+        script.src = scriptUrl;
+        script.onload = resolve;
+        script.onerror = () => reject(new Error(`Failed to load ${scriptUrl}. Check certificate trust and endpoint correctness.`));
+        document.head.appendChild(script);
+      });
+
+      state.gwpLoadedFor = scriptUrl;
+      logLine(`Loaded gwp.js from ${scriptUrl}`);
+    }
+
+    function disposePlayer() {
+      if (!state.player) {
+        return;
+      }
+
+      try {
+        state.player.stop();
+      } catch {
+      }
+
+      try {
+        state.player.dispose();
+      } catch {
+      }
+
+      state.player = null;
+      setStatus('Stopped');
+      logLine('Player disposed');
+    }
+
+    function cancelPendingStart() {
+      if (state.activeStartGeneration === null) {
+        return false;
+      }
+
+      state.startGeneration++;
+      return true;
+    }
+
+    function buildTokenRetriever() {
+      const provider = window.chrome.webview.hostObjects.tokenProvider;
+      return async (cameraId) => {
+        return await provider.GetToken(cameraId);
+      };
+    }
+
+    function wireEvents(player) {
+      player.onErrorStateRaised.register((error) => {
+        setStatus(`Error ${error.errorCode}`);
+        logLine(`Error ${error.errorCode}: ${error.value}`, 'error');
+      });
+
+      player.onPlayerStateChanged.register((event) => {
+        logLine(`Player state changed: ${event.playerState} ${event.value ?? ''}`.trim());
+      });
+
+      player.onStreamStatusChanged.register((event) => {
+        setStatus(event.state);
+        logLine(`Stream status: ${event.state} ${event.value ?? ''}`.trim());
+      });
+
+      player.onAudioStateChanged.register((event) => {
+        logLine(`Audio enabled: ${event.isAudioEnabled}`);
+      });
+
+      player.onAudioAvailabilityChanged.register((event) => {
+        logLine(`Audio available: ${event.isAudioAvailable}`);
+      });
+
+      player.onFrameRendered.register((frameTime) => {
+        setStatus(`Rendering ${frameTime.toISOString()}`);
+      });
+    }
+
+    async function startPlayer() {
+      if (state.activeStartGeneration !== null) {
+        logLine('A player startup is already in progress.', 'warn');
+        return;
+      }
+
+      const generation = ++state.startGeneration;
+      state.activeStartGeneration = generation;
+
+      function cancelled() {
+        return state.startGeneration !== generation;
+      }
+
+      let pendingPlayer = null;
+      try {
+        const mediaGatewayEndpoint = (hostConfig.mediaGatewayEndpoint ?? '').trim().replace(/\/+$/, '');
+        const cameraGuid = elements.cameraGuid.value.trim();
+        const serverVersion = (hostConfig.serverVersion ?? '').trim();
+
+        if (!mediaGatewayEndpoint) {
+          throw new Error('The native Media Gateway endpoint is not configured.');
+        }
+
+        if (!cameraGuid) {
+          throw new Error('Camera GUID is required.');
+        }
+
+        await ensureGwpLoaded(mediaGatewayEndpoint);
+        if (cancelled()) {
+          setStatus('Stopped');
+          logLine('Start cancelled during script load');
+          return;
+        }
+
+        disposePlayer();
+
+        const tokenRetriever = buildTokenRetriever();
+        pendingPlayer = window.gwp.buildPlayer(elements.playerContainer);
+        wireEvents(pendingPlayer);
+
+        logLine(`Starting player for ${cameraGuid}`);
+        await pendingPlayer.start(cameraGuid, mediaGatewayEndpoint, tokenRetriever, serverVersion || undefined);
+        if (cancelled()) {
+          setStatus('Stopped');
+          logLine('Start cancelled during session establishment');
+          try { pendingPlayer.stop(); } catch {}
+          try { pendingPlayer.dispose(); } catch {}
+          pendingPlayer = null;
+          return;
+        }
+
+        pendingPlayer.playLive();
+        state.player = pendingPlayer;
+        pendingPlayer = null;
+        setStatus('Live');
+        logLine(`GWP version ${window.gwp.version()}`);
+        logLine('Live playback started');
+      } finally {
+        if (pendingPlayer) {
+          try { pendingPlayer.stop(); } catch {}
+          try { pendingPlayer.dispose(); } catch {}
+        }
+        if (state.activeStartGeneration === generation) {
+          state.activeStartGeneration = null;
+        }
+      }
+    }
+
+    elements.startButton.addEventListener('click', async () => {
+      try {
+        await startPlayer();
+      } catch (error) {
+        setStatus('Start failed');
+        logLine(error instanceof Error ? error.message : String(error), 'error');
+      }
+    });
+
+    elements.stopButton.addEventListener('click', () => {
+      if (cancelPendingStart()) {
+        setStatus('Cancelling');
+        logLine('Stop requested during startup');
+      }
+
+      disposePlayer();
+    });
+
+    elements.liveButton.addEventListener('click', () => {
+      if (!state.player) {
+        return;
+      }
+
+      state.player.playLive();
+      setStatus('Live');
+      logLine('Switched to live');
+    });
+
+    elements.pauseButton.addEventListener('click', () => {
+      if (!state.player) {
+        return;
+      }
+
+      state.player.pause();
+      setStatus('Paused');
+      logLine('Playback paused');
+    });
+
+    elements.resumeButton.addEventListener('click', () => {
+      if (!state.player) {
+        return;
+      }
+
+      state.player.resume();
+      setStatus('Resumed');
+      logLine('Playback resumed');
+    });
+
+    elements.toggleAudioButton.addEventListener('click', () => {
+      if (!state.player) {
+        return;
+      }
+
+      const nextValue = !state.player.isAudioEnabled;
+      state.player.setAudioEnabled(nextValue);
+      logLine(`Requested audio state ${nextValue}. Browser autoplay policy still applies.`, 'warn');
+    });
+
+    window.addEventListener('beforeunload', () => disposePlayer());
+    logLine('Page ready');
+  </script>
+</body>
+</html>