Com/ActiveX component to use on HTML page with javascript

[Mikael Svenson]

I have managed to make an ActiveX component in C#, and I've made
refrenced it with
<object classid="CLSID:4606E9A6-F60D-4623-8892-DABE54E05282" height="10"
id="EventTester" width="10" viewastext></object>

which works just fine.

(I have specified the guid for the class, interface and assembly, and
have it strongly named)

The problem is that the component is unsigned, and requires the user to
accept it.

My question is, how can I make a component which I can reference from a
html page without needing the user to accept it.

The component will be installed on the client machine with an installer.
With C++ and regsvr32 this works just fine. You set your object tag once
it's registered and you're ready to go, but this don't seem to be the
case with .Net components.

Say I want to make a DLL which returns the Windows Version or something
with a string property.

<javascript>
alert( EventTester.Version );
</javascript>

And there is some code in the C# class which returns this.

Any help on the matter would be appreciated. I have googled quite a lot
already on this

Regards,
Mikael Svenson

 

[Dmitriy Lapshin [C# / .NET MVP]]

Hi,

If I got you right, you should sign the component assembly with a Software
Publisher Certificate. You can make one for testing purposes with .NET
Framework SDK tools such as makecert.exe and cert2spc.exe.

 

[Mikael Svenson]

If I sign it, will the user be prompted once to accept the certificate,
or will it just breeze by?

What I'm trying to accomplish is to use a .dll (or) ActiveX component
from a webpage to do certain tasks. Say the component checks a DB on
certain intervals and triggers an event which the web page acts on in
javascript.

Will it be different if I make the component a ServicedComponent instead
and register it with regsvcs.exe?

Regards,
Mikael Svenson

Hi,

If I got you right, you should sign the component assembly with a Software
Publisher Certificate. You can make one for testing purposes with .NET
Framework SDK tools such as makecert.exe and cert2spc.exe.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://www.x-unity.net/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

I have managed to make an ActiveX component in C#, and I've made
refrenced it with
<object classid="CLSID:4606E9A6-F60D-4623-8892-DABE54E05282" height="10"
id="EventTester" width="10" viewastext></object>

which works just fine.

(I have specified the guid for the class, interface and assembly, and
have it strongly named)

The problem is that the component is unsigned, and requires the user to
accept it.

My question is, how can I make a component which I can reference from a
html page without needing the user to accept it.

The component will be installed on the client machine with an installer.
With C++ and regsvr32 this works just fine. You set your object tag once
it's registered and you're ready to go, but this don't seem to be the
case with .Net components.

Say I want to make a DLL which returns the Windows Version or something
with a string property.

<javascript>
alert( EventTester.Version );
</javascript>

And there is some code in the C# class which returns this.

Any help on the matter would be appreciated. I have googled quite a lot
already on this

Regards,
Mikael Svenson

 

[Jerry Pisk]

It won't breeze by unless the user sets their IE to do so (but I don't know
who in their right mind would do that). There's absolutely nothing you can
do to force an ActiveX object installation on the user, they will always
have to accept it (and even have the option to reject it for good starting
with WinXP SP2) - with the exception of those who blindly accept everything
but as I said, you don't want those users.

Jerry

If I sign it, will the user be prompted once to accept the certificate,
or will it just breeze by?

What I'm trying to accomplish is to use a .dll (or) ActiveX component
from a webpage to do certain tasks. Say the component checks a DB on
certain intervals and triggers an event which the web page acts on in
javascript.

Will it be different if I make the component a ServicedComponent instead
and register it with regsvcs.exe?

Regards,
Mikael Svenson

Hi,

If I got you right, you should sign the component assembly with a Software
Publisher Certificate. You can make one for testing purposes with .NET
Framework SDK tools such as makecert.exe and cert2spc.exe.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://www.x-unity.net/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

I have managed to make an ActiveX component in C#, and I've made
refrenced it with
<object classid="CLSID:4606E9A6-F60D-4623-8892-DABE54E05282" height="10"
id="EventTester" width="10" viewastext></object>

which works just fine.

(I have specified the guid for the class, interface and assembly, and
have it strongly named)

The problem is that the component is unsigned, and requires the user to
accept it.

My question is, how can I make a component which I can reference from a
html page without needing the user to accept it.

The component will be installed on the client machine with an installer.
With C++ and regsvr32 this works just fine. You set your object tag once
it's registered and you're ready to go, but this don't seem to be the
case with .Net components.

Say I want to make a DLL which returns the Windows Version or something
with a string property.

<javascript>
alert( EventTester.Version );
</javascript>

And there is some code in the C# class which returns this.

Any help on the matter would be appreciated. I have googled quite a lot
already on this

Regards,
Mikael Svenson

 

[Mikael Svenson]

Ok, so the reason using a graph component from Office works, is because
it's made by Microsoft? And I agree totally with the security issues. I
just thought that if you install and register a dll on the machine thru
a setup, that would be the same as to authorize it, and thus IE could
use it without any pop-ups afterwards.

My scenario would be as follow:

1. User installs an application, with dll's which are registred
2. My appbar/winform uses IE as part of the GUI
3. the GUI instantiates the dll, and subscribes to events for it

I might just go with making the whole app a winform, and not using
IE/html for part of the GUI stuff. I have IE as a component in an
appbar, and it would be very easy to change GUI stuff if I could have it
as a webpage somewhere. But I might just go with putting more stuff in
the winform, and use .Net's dll autoupgrade feature instead.

Thanks for the replies

Regards,
Mikael Svenson

It won't breeze by unless the user sets their IE to do so (but I don't know
who in their right mind would do that). There's absolutely nothing you can
do to force an ActiveX object installation on the user, they will always
have to accept it (and even have the option to reject it for good starting
with WinXP SP2) - with the exception of those who blindly accept everything
but as I said, you don't want those users.

Jerry

If I sign it, will the user be prompted once to accept the certificate,
or will it just breeze by?

What I'm trying to accomplish is to use a .dll (or) ActiveX component
from a webpage to do certain tasks. Say the component checks a DB on
certain intervals and triggers an event which the web page acts on in
javascript.

Will it be different if I make the component a ServicedComponent instead
and register it with regsvcs.exe?

Regards,
Mikael Svenson

Hi,

If I got you right, you should sign the component assembly with a Software
Publisher Certificate. You can make one for testing purposes with .NET
Framework SDK tools such as makecert.exe and cert2spc.exe.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://www.x-unity.net/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

I have managed to make an ActiveX component in C#, and I've made
refrenced it with
<object classid="CLSID:4606E9A6-F60D-4623-8892-DABE54E05282" height="10"
id="EventTester" width="10" viewastext></object>

which works just fine.

(I have specified the guid for the class, interface and assembly, and
have it strongly named)

The problem is that the component is unsigned, and requires the user to
accept it.

My question is, how can I make a component which I can reference from a
html page without needing the user to accept it.

The component will be installed on the client machine with an installer.
With C++ and regsvr32 this works just fine. You set your object tag once
it's registered and you're ready to go, but this don't seem to be the
case with .Net components.

Say I want to make a DLL which returns the Windows Version or something
with a string property.

<javascript>
alert( EventTester.Version );
</javascript>

And there is some code in the C# class which returns this.

Any help on the matter would be appreciated. I have googled quite a lot
already on this

Regards,
Mikael Svenson

 

[Jerry Pisk]

The Office components work because they're registered during Office
installation. You can do your own thing, you can register your controls from
within the installation process. Once the controls are registered you can
use them without IE wanting to install them again. If you're going to embed
IE in your app you can even control the security settings in it, so you can
have it allow ActiveX controls even when the user disabled them for
standalone IE.

Jerry

Ok, so the reason using a graph component from Office works, is because
it's made by Microsoft? And I agree totally with the security issues. I
just thought that if you install and register a dll on the machine thru
a setup, that would be the same as to authorize it, and thus IE could
use it without any pop-ups afterwards.

My scenario would be as follow:

1. User installs an application, with dll's which are registred
2. My appbar/winform uses IE as part of the GUI
3. the GUI instantiates the dll, and subscribes to events for it

I might just go with making the whole app a winform, and not using
IE/html for part of the GUI stuff. I have IE as a component in an
appbar, and it would be very easy to change GUI stuff if I could have it
as a webpage somewhere. But I might just go with putting more stuff in
the winform, and use .Net's dll autoupgrade feature instead.

Thanks for the replies

Regards,
Mikael Svenson

It won't breeze by unless the user sets their IE to do so (but I don't know
who in their right mind would do that). There's absolutely nothing you can
do to force an ActiveX object installation on the user, they will always
have to accept it (and even have the option to reject it for good starting
with WinXP SP2) - with the exception of those who blindly accept everything
but as I said, you don't want those users.

Jerry

If I sign it, will the user be prompted once to accept the certificate,
or will it just breeze by?

What I'm trying to accomplish is to use a .dll (or) ActiveX component
from a webpage to do certain tasks. Say the component checks a DB on
certain intervals and triggers an event which the web page acts on in
javascript.

Will it be different if I make the component a ServicedComponent instead
and register it with regsvcs.exe?

Regards,
Mikael Svenson


:

Hi,

If I got you right, you should sign the component assembly with a Software
Publisher Certificate. You can make one for testing purposes with ..NET
Framework SDK tools such as makecert.exe and cert2spc.exe.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://www.x-unity.net/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

I have managed to make an ActiveX component in C#, and I've made
refrenced it with
<object classid="CLSID:4606E9A6-F60D-4623-8892-DABE54E05282" height="10"
id="EventTester" width="10" viewastext></object>

which works just fine.

(I have specified the guid for the class, interface and assembly, and
have it strongly named)

The problem is that the component is unsigned, and requires the

user
to

accept it.

My question is, how can I make a component which I can reference

from
a

html page without needing the user to accept it.

The component will be installed on the client machine with an installer.
With C++ and regsvr32 this works just fine. You set your object

tag
once

it's registered and you're ready to go, but this don't seem to be the
case with .Net components.

Say I want to make a DLL which returns the Windows Version or something
with a string property.

<javascript>
alert( EventTester.Version );
</javascript>

And there is some code in the C# class which returns this.

Any help on the matter would be appreciated. I have googled quite

a
lot

already on this

Regards,
Mikael Svenson

 

[Mikael Svenson]

That's what I hoped for. If I regasm /tlb mycomponent.dll on my dev
machine, and reference it with <object like I initially mentioned, I
still get the "unsafe activex" component. But guess I can dig into the
IE functions and just allow it all.

If you want I can post my code and settings to see if I'm doing
something wrong.

If I change the security settings for my IE instance, will this affect
the other IE's the user might have running?

-m

The Office components work because they're registered during Office
installation. You can do your own thing, you can register your controls from
within the installation process. Once the controls are registered you can
use them without IE wanting to install them again. If you're going to embed
IE in your app you can even control the security settings in it, so you can
have it allow ActiveX controls even when the user disabled them for
standalone IE.

Jerry

Ok, so the reason using a graph component from Office works, is because
it's made by Microsoft? And I agree totally with the security issues. I
just thought that if you install and register a dll on the machine thru
a setup, that would be the same as to authorize it, and thus IE could
use it without any pop-ups afterwards.

My scenario would be as follow:

1. User installs an application, with dll's which are registred
2. My appbar/winform uses IE as part of the GUI
3. the GUI instantiates the dll, and subscribes to events for it

I might just go with making the whole app a winform, and not using
IE/html for part of the GUI stuff. I have IE as a component in an
appbar, and it would be very easy to change GUI stuff if I could have it
as a webpage somewhere. But I might just go with putting more stuff in
the winform, and use .Net's dll autoupgrade feature instead.

Thanks for the replies

Regards,
Mikael Svenson

It won't breeze by unless the user sets their IE to do so (but I don't know
who in their right mind would do that). There's absolutely nothing you can
do to force an ActiveX object installation on the user, they will always
have to accept it (and even have the option to reject it for good starting
with WinXP SP2) - with the exception of those who blindly accept everything
but as I said, you don't want those users.

Jerry

If I sign it, will the user be prompted once to accept the certificate,
or will it just breeze by?

What I'm trying to accomplish is to use a .dll (or) ActiveX component
from a webpage to do certain tasks. Say the component checks a DB on
certain intervals and triggers an event which the web page acts on in
javascript.

Will it be different if I make the component a ServicedComponent instead
and register it with regsvcs.exe?

Regards,
Mikael Svenson


:

Hi,

If I got you right, you should sign the component assembly with a
Software
Publisher Certificate. You can make one for testing purposes with .NET
Framework SDK tools such as makecert.exe and cert2spc.exe.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://www.x-unity.net/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

I have managed to make an ActiveX component in C#, and I've made
refrenced it with
<object classid="CLSID:4606E9A6-F60D-4623-8892-DABE54E05282"
height="10"
id="EventTester" width="10" viewastext></object>

which works just fine.

(I have specified the guid for the class, interface and assembly, and
have it strongly named)

The problem is that the component is unsigned, and requires the user
to
accept it.

My question is, how can I make a component which I can reference from
a
html page without needing the user to accept it.

The component will be installed on the client machine with an
installer.
With C++ and regsvr32 this works just fine. You set your object tag
once
it's registered and you're ready to go, but this don't seem to be the
case with .Net components.

Say I want to make a DLL which returns the Windows Version or
something
with a string property.

<javascript>
alert( EventTester.Version );
</javascript>

And there is some code in the C# class which returns this.

Any help on the matter would be appreciated. I have googled quite a
lot
already on this

Regards,
Mikael Svenson

 

[Jerry Pisk]

Actually you shouldn't change IE's settings, all you need is to implement
the IObjectSafety interface (and return the appropriate values).

Jerry

That's what I hoped for. If I regasm /tlb mycomponent.dll on my dev
machine, and reference it with <object like I initially mentioned, I
still get the "unsafe activex" component. But guess I can dig into the
IE functions and just allow it all.

If you want I can post my code and settings to see if I'm doing
something wrong.

If I change the security settings for my IE instance, will this affect
the other IE's the user might have running?

-m

The Office components work because they're registered during Office
installation. You can do your own thing, you can register your controls from
within the installation process. Once the controls are registered you can
use them without IE wanting to install them again. If you're going to embed
IE in your app you can even control the security settings in it, so you can
have it allow ActiveX controls even when the user disabled them for
standalone IE.

Jerry

Ok, so the reason using a graph component from Office works, is because
it's made by Microsoft? And I agree totally with the security issues. I
just thought that if you install and register a dll on the machine thru
a setup, that would be the same as to authorize it, and thus IE could
use it without any pop-ups afterwards.

My scenario would be as follow:

1. User installs an application, with dll's which are registred
2. My appbar/winform uses IE as part of the GUI
3. the GUI instantiates the dll, and subscribes to events for it

I might just go with making the whole app a winform, and not using
IE/html for part of the GUI stuff. I have IE as a component in an
appbar, and it would be very easy to change GUI stuff if I could have it
as a webpage somewhere. But I might just go with putting more stuff in
the winform, and use .Net's dll autoupgrade feature instead.

Thanks for the replies

Regards,
Mikael Svenson

Jerry Pisk wrote:

It won't breeze by unless the user sets their IE to do so (but I

don't
know

who in their right mind would do that). There's absolutely nothing

you
can

do to force an ActiveX object installation on the user, they will always
have to accept it (and even have the option to reject it for good starting
with WinXP SP2) - with the exception of those who blindly accept everything
but as I said, you don't want those users.

Jerry

If I sign it, will the user be prompted once to accept the certificate,
or will it just breeze by?

What I'm trying to accomplish is to use a .dll (or) ActiveX component
from a webpage to do certain tasks. Say the component checks a DB on
certain intervals and triggers an event which the web page acts on in
javascript.

Will it be different if I make the component a ServicedComponent instead
and register it with regsvcs.exe?

Regards,
Mikael Svenson


:

Hi,

If I got you right, you should sign the component assembly with a
Software
Publisher Certificate. You can make one for testing purposes

with
.NET

Framework SDK tools such as makecert.exe and cert2spc.exe.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://www.x-unity.net/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

I have managed to make an ActiveX component in C#, and I've made
refrenced it with
<object classid="CLSID:4606E9A6-F60D-4623-8892-DABE54E05282"
height="10"
id="EventTester" width="10" viewastext></object>

which works just fine.

(I have specified the guid for the class, interface and

assembly,
and

have it strongly named)

The problem is that the component is unsigned, and requires

the
user

to
accept it.

My question is, how can I make a component which I can

reference
from

a
html page without needing the user to accept it.

The component will be installed on the client machine with an
installer.
With C++ and regsvr32 this works just fine. You set your

object
tag

once
it's registered and you're ready to go, but this don't seem to

be
the

case with .Net components.

Say I want to make a DLL which returns the Windows Version or
something
with a string property.

<javascript>
alert( EventTester.Version );
</javascript>

And there is some code in the C# class which returns this.

Any help on the matter would be appreciated. I have googled

quite
a

lot
already on this

Regards,
Mikael Svenson