Is my C# app installed?
-
Wow, here's a tough one for the gurus out there. I have a C# application that works wonderfully. However, I'd like to determine on a web page whether or not the user has it installed or not. I have tried mime types, but they don't always work for some reason. I was thinking about code signing a VB6 ocx, but Windows XP SP2 blocks all the ocx's now? Or is there a way around THAT one. And even if I DID do that, do I code sign the ocx THEN package/deploy it into the setup? WOW... HELP!?!??
-
Wow, here's a tough one for the gurus out there. I have a C# application that works wonderfully. However, I'd like to determine on a web page whether or not the user has it installed or not. I have tried mime types, but they don't always work for some reason. I was thinking about code signing a VB6 ocx, but Windows XP SP2 blocks all the ocx's now? Or is there a way around THAT one. And even if I DID do that, do I code sign the ocx THEN package/deploy it into the setup? WOW... HELP!?!??
It would be simpler if the client informs the server when it is run first time, maybe to a database or through a web service. cool man
-
It would be simpler if the client informs the server when it is run first time, maybe to a database or through a web service. cool man
-
I'm not sure I understand your response... what I'm trying to do, is detect on a webpage if the client has installed this rich client application or not. If yes, proceed to a different area. If no, proceed to download page.
Do it how other sites do it with ActiveX controls - if you can't instantiate it, redirect to a download page. There really is not provided method for determining if an application is installed from a web page. System components (like the CLR) will typically add a versioned identifier to the UserAgent string, but it every control did this the UserAgent string would be huge. The delivery is what's important, though. Is your smart client distributed over the Internet using touchless deployment? If the user does not have the appropriate permissions to execute the assembly, it will not load. GotDotNet[^] does it this way. The only installation needed merely installs a CodeGroup into the machine policy. If your smart client is actually installed onto the user's hard drive, it must be scriptable otherwise you won't have a way of determining whether or not its installed since you can't instantiate it. Read Exposing .NET Framework Components to COM[^], as well as an older article I wrote, User Controls for Windows and the Web[^], for more details. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles]
-
Do it how other sites do it with ActiveX controls - if you can't instantiate it, redirect to a download page. There really is not provided method for determining if an application is installed from a web page. System components (like the CLR) will typically add a versioned identifier to the UserAgent string, but it every control did this the UserAgent string would be huge. The delivery is what's important, though. Is your smart client distributed over the Internet using touchless deployment? If the user does not have the appropriate permissions to execute the assembly, it will not load. GotDotNet[^] does it this way. The only installation needed merely installs a CodeGroup into the machine policy. If your smart client is actually installed onto the user's hard drive, it must be scriptable otherwise you won't have a way of determining whether or not its installed since you can't instantiate it. Read Exposing .NET Framework Components to COM[^], as well as an older article I wrote, User Controls for Windows and the Web[^], for more details. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles]
-
See that's what I thought, however, I've code signed the ocx, and Windows XP SP2 still brings up that stupid bar at the top indicating that there's unsafe code trying to run in the browser? Any way around that? There MUST be.
This has absolutely nothing to do with OCX's, which are (typically) compiled VB projects with a modified PE/COFF header that relocates the entry point to msvbvm60.dll (or whichever VB VM is applicable). If you read my old article and the link to MSDN I gave you, you will see that you simply drop the assembly in a virtual path and reference the assembly and type (separated by #) in an
OBJECTtag. You can sign it with an authenticode certificate if you like, but it's not required (just a CodeGroup in the appropriate policy that allows execution of your code, depending on what permissions your code requires, i.e.FileIOPermission, etc.). If you want to know about the changes made by XP SP2 and how to prepare for it, as with everything related to Microsoft development go to http://msdn.microsoft.com[^]. A quick search yields Description of the Internet Explorer Information Bar in Windows XP SP2[^]. Even without searching, though, realize that there is no way to get around it from a content author. What would be the point of having any security, then? Signing it simply improves the information presented to the user so it can be installed. This really is no different from before, just a little more instinctive for the users, the majority of which simply click "Yes" or "OK" to any prompt they're given (there's user studies to back this up). Again, though, no OCX is required. If you deploy your smart client using touchless deployment (described in more detail at http://msdn.microsoft.com/library/en-us/cpguide/html/cpcondeployingcommonlanguageruntimeapplicationusingie55.asp[^]). This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [ -
This has absolutely nothing to do with OCX's, which are (typically) compiled VB projects with a modified PE/COFF header that relocates the entry point to msvbvm60.dll (or whichever VB VM is applicable). If you read my old article and the link to MSDN I gave you, you will see that you simply drop the assembly in a virtual path and reference the assembly and type (separated by #) in an
OBJECTtag. You can sign it with an authenticode certificate if you like, but it's not required (just a CodeGroup in the appropriate policy that allows execution of your code, depending on what permissions your code requires, i.e.FileIOPermission, etc.). If you want to know about the changes made by XP SP2 and how to prepare for it, as with everything related to Microsoft development go to http://msdn.microsoft.com[^]. A quick search yields Description of the Internet Explorer Information Bar in Windows XP SP2[^]. Even without searching, though, realize that there is no way to get around it from a content author. What would be the point of having any security, then? Signing it simply improves the information presented to the user so it can be installed. This really is no different from before, just a little more instinctive for the users, the majority of which simply click "Yes" or "OK" to any prompt they're given (there's user studies to back this up). Again, though, no OCX is required. If you deploy your smart client using touchless deployment (described in more detail at http://msdn.microsoft.com/library/en-us/cpguide/html/cpcondeployingcommonlanguageruntimeapplicationusingie55.asp[^]). This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [I know what you're saying with the touchless deployment, however I cannot do this because of the fact that I am embedding the Windows Media player within the app itself and the security sandbox won't allow for the dynamic winforms. I've had this discussion with Mark Boulter who actually created the concept. Unless you're him? :confused: So the security sandbox will NOT let me deploy my app this way. However, it must be possible since there are many objects that can be instantiated within IE without that security bar popping up.??? I really really appreciate your help here. I should also add that there are other things that won't let me deploy in the touchless manner such as odd shaped forms without the borders,... etc. In other words, it's not just the media player.
-
I know what you're saying with the touchless deployment, however I cannot do this because of the fact that I am embedding the Windows Media player within the app itself and the security sandbox won't allow for the dynamic winforms. I've had this discussion with Mark Boulter who actually created the concept. Unless you're him? :confused: So the security sandbox will NOT let me deploy my app this way. However, it must be possible since there are many objects that can be instantiated within IE without that security bar popping up.??? I really really appreciate your help here. I should also add that there are other things that won't let me deploy in the touchless manner such as odd shaped forms without the borders,... etc. In other words, it's not just the media player.
If you read the linked page, it states that ActiveX controls that are yet installed will invoke the information bar. No, I'm not Mark but I was using and helping to develop touchless deployment long before most even heard of it. I was previously a software architect that designed a massive N-tier application that utilizes this technology and, with the help of several others, pushed that in .NET 1.1 some rights are granted to the Internet zone - enough to at least load a loader assembly (which GotDotNet does, IIRC, to demand the rest of the permissions in a nice little scripted runtime), as well as a way to pass cookie data through IEExec (although I had a better way that they've never implemented, nor will they probably ever). So, you're saying that you're containing an
AxHostto embed WMP in your Windows Forms application? We (speaking on behalf of my former employer before I came here) successfully did it using a touchless deployment scenario for Windows Forms and embedded the WebBrowser control just fine. Or are you saying that you're embedding the WMP control in IE, which hosts a Windows Forms control? Sorry, I'm just a little confused about your scenario. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles] -
If you read the linked page, it states that ActiveX controls that are yet installed will invoke the information bar. No, I'm not Mark but I was using and helping to develop touchless deployment long before most even heard of it. I was previously a software architect that designed a massive N-tier application that utilizes this technology and, with the help of several others, pushed that in .NET 1.1 some rights are granted to the Internet zone - enough to at least load a loader assembly (which GotDotNet does, IIRC, to demand the rest of the permissions in a nice little scripted runtime), as well as a way to pass cookie data through IEExec (although I had a better way that they've never implemented, nor will they probably ever). So, you're saying that you're containing an
AxHostto embed WMP in your Windows Forms application? We (speaking on behalf of my former employer before I came here) successfully did it using a touchless deployment scenario for Windows Forms and embedded the WebBrowser control just fine. Or are you saying that you're embedding the WMP control in IE, which hosts a Windows Forms control? Sorry, I'm just a little confused about your scenario. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles]Not embedded within IE control which is in a winforms control, no. The mediaplayer is hosted just within the app. But remember, due to the nature of the transparency of the borders, etc. (odd shaped windows form), THAT portion cannot operate as touchless deployment either (or as Mark always called it "dynamic winforms"). Although I would like to see how you got the AxHosted media control through the security? That would be interesting to review. Aside from this though, you wrote this "If you read the linked page, it states that ActiveX controls that are yet installed will invoke the information bar." What do you mean by those that are 'yet installed'? - Also very funny: I'm a former MS employee myself. :-D
-
Not embedded within IE control which is in a winforms control, no. The mediaplayer is hosted just within the app. But remember, due to the nature of the transparency of the borders, etc. (odd shaped windows form), THAT portion cannot operate as touchless deployment either (or as Mark always called it "dynamic winforms"). Although I would like to see how you got the AxHosted media control through the security? That would be interesting to review. Aside from this though, you wrote this "If you read the linked page, it states that ActiveX controls that are yet installed will invoke the information bar." What do you mean by those that are 'yet installed'? - Also very funny: I'm a former MS employee myself. :-D
I don't have access to that code anymore (I no longer work for that company), but since our application was so large and required just about every permission I created an installer that added a code group (using a
UrlMembershipCondition) that required the FullTrust permission set. Hosting the WebBrowser control was no different than hosting it in a locally launched Windows Forms application. "Yet" installed means the ActiveX control (and related libs, etc.) haven't been installed yet. I.e., you install a fresh copy of Windows. You don't have QuickTime (I'd love to go without that resource hog, but unfortunately can't due to people actually distro'ing QT content!), Flash, etc. When you go to a page that requires them (assuming they have the right codebase), you'll get the bar in IE (with XP SP2). They haven't been installed yet. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles] -
I don't have access to that code anymore (I no longer work for that company), but since our application was so large and required just about every permission I created an installer that added a code group (using a
UrlMembershipCondition) that required the FullTrust permission set. Hosting the WebBrowser control was no different than hosting it in a locally launched Windows Forms application. "Yet" installed means the ActiveX control (and related libs, etc.) haven't been installed yet. I.e., you install a fresh copy of Windows. You don't have QuickTime (I'd love to go without that resource hog, but unfortunately can't due to people actually distro'ing QT content!), Flash, etc. When you go to a page that requires them (assuming they have the right codebase), you'll get the bar in IE (with XP SP2). They haven't been installed yet. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles]Well, I do now have the activeX control showing the picture on the webpage without a warning, HOWEVER, if I script ANYTHING to it (even just getting a true / false property value) it triggers the stupid SP2 stuff. So here's my question: CAN I through javascript detect if this object exists? I know I can do a Javascript attempt such as var myClient = new ActiveXObject("Project.ClassName"); within a try catch, however even though this OCX is SIGNED, it says that it cannot create the object? Although putting the OBJECT tag with the classid shows up just fine. Is this more SP2 B.S.?
-
Well, I do now have the activeX control showing the picture on the webpage without a warning, HOWEVER, if I script ANYTHING to it (even just getting a true / false property value) it triggers the stupid SP2 stuff. So here's my question: CAN I through javascript detect if this object exists? I know I can do a Javascript attempt such as var myClient = new ActiveXObject("Project.ClassName"); within a try catch, however even though this OCX is SIGNED, it says that it cannot create the object? Although putting the OBJECT tag with the classid shows up just fine. Is this more SP2 B.S.?
You have to mark your ActiveX control "safe for scripting". This really isn't anything new in XP SP2, though. IE always acted this way when scripting ActiveX controls, but reacts a little different now (i.e., how it interacts with the user). I suggest reading about IE security zones and settings in MSDN Library. Most of this comes down to the user's security settings. You can't get around them (knock on wood), otherwise what's the point of security? You have to work within them and utilize what you can. If you want to use javascript to see if an object exists, there's always
typeofyou can use like so:if (typeof("myControl") == "object") window.alert("It exists!");
The fact that your ActiveX control is signed will 1) dictate what the user sees and how confident they should be (a nicer UI for signed components), and 2) the different security zone settings for signed and unsigned components, as well as signed and unsigned .NET Components (when the .NET Framework is installed). I also urge you to explore the security zones settings if you haven't already. Be sure to set them all to default (click the "Default" button after selecting each one) at first to get a glimpse of what you're dealing with. This posting is provided "AS IS" with no warranties, and confers no rights. Software Design Engineer Developer Division Sustained Engineering Microsoft [My Articles]