We are developing a web-based point-of-sale application, which, while it mostly runs in a browser, also requires integration with hardware devices such as credit card readers. In order to provide hardware integration, we have implemented several simple ActiveX controls in C++ using ATL.
We are not experienced Windows developers, and are having difficulty understanding the installation process and security model for ActiveX controls. Obviously, this is a prerequisite to our users actually being able to run our application. :)
We are trying to determine what are the finest-grained and most restrictive set of permissions required for a typical unprivileged user (non-admin, non-power user) to install and update a particular ActiveX control (as opposed to any ActiveX control) from a signed .cab file served over HTTP as part of a web application. We need to know this for XP (SP2+) & IE6, as well as for more recent OS/browser combinations. We want this information so we can help our IT staff properly configure the machines on which the software will run.
We have done quite a lot of digging on the internet, and have not been able to find adequate documentation. We have also talked with some folks at Microsoft, who also could not provide us with the information we need.
Using the Sysinternals process monitor and some trial and error, we have been able to determine that the following registry permissions are sufficient to enable an unprivileged user to be prompted to install an ActiveX control on XP SP2 / IE6 (i.e. the user will see a the yellow bar at the top of IE saying "This site wants to install some software"):
HKLM\Software\Microsoft\Tracing (key only, create subkey permission)
HKLM\Software\Microsoft\Code Store Database (key only, create subkey permission)
The process of actually installing the control is much more complicated, and we haven't made much progress in sorting it out, beyond a general awareness that the user will need to write to C:\windows\downloaded program files\ and HKLM\Software\Microsoft\Code Store Database\Distribution Units\{guid}
(We are investigating the capability of Vista and Windows 7 to install ActiveX controls as an unprivileged user, but we need to support XP as well. We are also considering adopting AIR 2 as our platform, which provides native code integration, but that also doesn't address our immediate needs.)
It has been many, many, moons since I've had to be concerned with developing ActiveX controls embedded in a web page for a commercial product.
Kudo's to you and your team for doing
things the right way. I've seen too
many commercial, web based,
applications force enterprises to
lower the security requirements of
Internet Explorer because they
couldn't take the time to properly
package their application.
The basic premise that I remember was that you had to implement at least one specific interface, IObjectSafety, add a couple of specific component category ids during component registration, and sign your .cab with a certificate from a trusted CA such as Verisign.
Check out:
Safe Initialization and Scripting for ActiveX Controls
Packaging ActiveX Controls
Non Admin ActiveX Controls
If that doesn't work, try go get a hold of your local Microsoft Developer Evangelist to help point you in the right direction.
If you have a Microsoft Support Contract, then contact your Technical Account Manager (TAM) or Application Developer Consultant (ADC) for additional help.
Good Luck,
Z
Related
I'm developing a Unity's cross-platform application (Win, macOS, Android, iOs) and I wanted to include a facebook login so users could sign up via Facebook. I've already been able to do it in Android and iOS platforms through the following link:
https://developers.facebook.com/docs/unity/gettingstarted
This method doesn't work for standalone desktop platforms. I've been looking for a solution to the problem, but I haven't found anything.
Does anyone know a solution or a plugin for Unity that can include Facebook Login for Desktop Standalone platforms?
Facebook still does not have any way to use its official SDK in Standalone builds (it's 2019 now, and posts requesting that feature can be seen dated as far as 2013...)
The options (as of now) are:
1. Manually build Facebook login flow
(that requires server-side support and opening a webpage outside of Unity) - see here:
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/
Pros:
Cheapest option if you can self-host executables
Good start option
Some major gamedev companies went for such solution (even Blizzard!)
Cons:
You will need to minimalize Unity game to log-in
Requires some time to code and test properly
Note:
Tested in one of my own games;
2. Use third-party provider
(like Google's Firebase)
Pros:
You have it up and running in matter of minutes
You can integrate other login methods
Cons:
You are locked in with that provider
It costs you on per-user base
Note:
Also tested in some other of my games;
There are several urban legends that Firebase is way more costly then it promises; See here ("How we spent 30k USD in Firebase in less than 72 hours") and here ("Unexpected monthly bill of more than 1.000€")
3. Embed Chromium directly into Unity, use in-browser authentication
You will need either free and open software chromium framework (here or here), or if you need premium support - this plugin.
Then you must follow this tutorial:
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/
But this time - using embedded browser, which does not requires external server.
Pros:
No recurring paymants
Does not take your users away from your game
Cons:
This is treated as new browser for user; Cookies, stored session, etc. will not be available
Let me stress that out again: users will have to explicitly login to Facebook, without their favorite password managers
Still need some time to code and test propertly
Note:
I did NOT throughtly tested that. Use at your own risk - I would actually recomend either 1. or 2.
We have developed a .Net 4.0 VSTO Excel AddIn in VS2010 that we are deploying via ClickOnce. Our deployable seems fine on Windows XP but is extremely problematic when installed on Windows 7. The problems all seem to relate to when the AddIn needs to be removed via Excel (i.e. it has been soft deleted by Excel [eg. due to failure, etc] and it is then 'Remove'd by the user via the Excel | Options | AddIns | Manage | COM AddIns dialog.
The above leads to a situation where an AddIn is re-installed after the above has occurred, it is not exposed within Excel - i.e. the Excel AddIns tab (which would normally appear if there is one or more AddIns installed) vanishes forever. It becomes even more of a problem when we are developing/debugging, as we are renaming/removing AddIn instances on the fly - so much so that developing VSTO on Windows 7 is no longer feasible
Note that the AddIn is not in the hard deleted (disabled) list - it has been removed. I have tried installing/re-installing/uninstalling, rebooting, removing registry items (cleaning up cache/after-uninstall), removing file system files from C:\Documents and Settings\\Local Settings\Apps\2.0, clearing cache (via mage and/or rundll32 as per Clear the .NET-downloaded application cache without Mage?). There seems to be a clear difference of behaviour between XP and Windows 7.
Has anyone had similar problems ?
The only alternative I can see is a deployment project with a fully blown MSI, however this is no where near as neat - requires local Admin access, etc
Many thanks
Travis
Not sure if you have read about the tutorials about publishing Office solution using Clickonce. If you haven't, you can find them via the links below. Worth reading.
http://msdn.microsoft.com/en-us/library/vstudio/bb772100(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/vstudio/bb608591(v=vs.100).aspx
Regarding using windows installer, it's not extremely hard to do, especially with Visual Studio 2010 setup project. Here's a very detailed tutorial that can guide you through all these. It helped me a lot when I was trying to deploy the Excel add-in, and I hope it'd help you too in some way.
http://msdn.microsoft.com/en-us/library/ff937654.aspx
Also you might want to ask yourself these questions to determine whether or not using Clickonce/Windows installer is the right choice.
When it comes to your choice in deployment technologies, you don't
need to limit yourself to just one option. The key is to choose the
right tool for the right job. While there is no single rule or simple
answer, there are some general guidelines you can use to help make the
best decision for your specific needs.
Does the application install any COM components?
Does the application require registering any components for COM-Interop?
Does the application install any services? Does the application have to
install to a specific location or to the Global Assembly Cache (GAC)?
Does the application have any components that are conditionally
installed, based on the operating system or runtime environment?
Does the application require user input at installation time?
Does the application require configuration of system-level services such as
Active Directory or COM+?
After the application is installed, does it create files, write to the
registry, or affect the system in some way that would leave resources behind when the application is removed?
If you answered yes to any of
these questions, then Windows Installer is the best choice for
your needs. However, if you don't need to address the scenarios
described in the list above, then ClickOnce is an excellent candidate
for your deployment solution. If you want to leverage the distinct
benefits provided by ClickOnce, then understanding the capabilities of
ClickOnce early in your application design process is critical.
Deploying an early version of an application with ClickOnce, but then
belatedly realizing a need to move to Windows Installer, would create
a difficult upgrade path that can be avoided through careful up-front
planning.
From my experience, on one of my production projects we have also used MSI. And problems with click once were avoided. So my answer - yes you need to have MSI Project or MSI installations. And with MSI installations you can either use default MSI Project or external, e.g. Wix or Wise Installer or something else. Second way with custom installer is much more harder.
For situations with removing I've used mage and manual delete add-in from cache and registry. It helps, but looks like hacks.
Also each time when dealing with VSTO ClickOnce unclear, I've thought to use some external libraries. Unfortunately I haven't such opportunity to use something 3rd party to make my work easier due to requirement to project. But you can check and try. May be Add-in-Express libraries will help you, especially when they have good technical support.
What we found was that the way to get ClickOnce working for VSTO on Windows 7 was to do this within Excel - i.e.
Add/Remove Programs : uninstall
Excel | Options | AddIns | COM | Go
Add | browse to the ClickOnce setup.exe | OK | etc
Close down Excel
Go into Excel
AddIn appears
I'm sure you can play with the Add/Remove programs uninstall (versioning) so the user doesn't necessarily have to manually uninstall
ClickOnce is gr8 when it works - it's journey to get there tho and needs to be tightened up big style
In developing a number of WP7 apps, I have a need to show clients how the app will be when deployed. The clients are a) not in the same location as I am, b) not technical at all, and c) may not even be using a PC. The purpose is to demo, get feedback and make any needed changes.
I'm not finding any realistic options to just simply show them what it would look, feel and run on a Windows Phone 7 (using the ApplicationBar, etc.). I found this link - http://www.redmondpie.com/standalone-windows-phone-7-series-emulator-9140536/ - but it's rather hacky for me to ask someone to do to set up an emulator on their machine without also installing VS Express, etc.
Does anyone know of any links to an official emulator that can be run on a PC, has a simple install and can load WP7 apps?
Have you considered using a product such as Citrix GoTo. Clients do not need to be particularly technical to join such a meeting, you can then take them through a demo. This will cost you though.
A free alternative would be to set aside a PC running the emulator with your software loaded. Create a VPN for you clients to connect to and let them use Remote Desktop Connection to connect to the PC. They can then play around with it remotely.
Have you considered using SketchFlow? Although by default the UI is "sketchy" (sorry), you can apply styles to the controls you drop on your pages, including the very same styles that are used by Windows Phone controls.
If you use a Silverlight SketchFlow project, you can deploy the content to a web server and provide a link that can be consumed on any machine that will render Silverlight content...they can go through the navigation, provide feedback, etc.
Christian Schormann has a writeup on what is required to use it in the pre-release tools... http://electricbeach.org/?p=573
You should take a look at this: http://justinangel.net/WindowsPhone7EmulatorAutomation. I believe it will answer your question exactly.
The question says it all, we know most of the hosted web-based UI prototyping tools out there, but we would like to have ours hosted on our own internal servers, preferably with on-line multi-user collaboration functionality (i.e. users modifying the prototype, making comments, etc. in parallel).
Any suggestions will be appreciated.
Sketchflow (in the top-end version of Expression Blend from Microsoft) meets almost all your criteria. It ain't cheap, but it is very powerful.
The deployment package of a Sketchflow build can just be placed on an internal server (no IIS required to deploy).
Multiple users can overlay their comments and pen drawings over the top of the screens. Their feedback is packaged as a unit and sent back. All feedback can then be loaded back into the Expression Blend project and the feedback from 1 or more users viewed overlaid on the correct screens.
It does not meet your multiple-user authoring requirement though, but as they say "too many cooks...".
Most tools are either desktop based or hosted. Seen very few which offer a downloadble multi user version. iRise is one choice with the editor as a desktop product and a centralized server for sharing among users. The budget is typically from $50K to $250K. A similar option exists for Serena composer as well, not sure of the price though.
Both iRise and Serena are not real collaborative tools, the central server is only for sharing the finished prototypes and getting feedback.
If the requirement is for a completely web based multi user tool then 10screens can be an option - http://www.10screens.com. The same product available on the site in a hosted mode can be downloaded and installed on your own servers.
The team I'm working with have created a CRM4 add-on which encapsulates 'standard' CRM customisations (such as modifying existing entities, adding our own custom entities), reports, plug-ins, and our own web pages (in IFrames) and web services. All pretty typical stuff.
I'm writing all the requisite installation code to simplify / automate the install process so that our ISV add-on can downloaded and trialled by anyone, but have been asked to think of appropriate way restrict functionality - to encourage people to purchase a license.
I'm not that familiar with the concepts/best practices/pitfalls when it comes to the 'licensing' of .net apps (especially CRM4 add-ons) so am asking you if you have any suggestions. We're looking for something fairly simple, and should be reasonably 'crackable', since we believe that having to enter a license code is generally a PITA.
Does the CRM API have anything to offer the ISV developer? (I see that one is able to nterrogate the License entity, but I'm assuming that this is for the CRM license itself)
Are there any existing code samples / projects / frameworks that are appropriate to use or implement?
I'm tempted to create a Registry Key upon installation of the add-on which, if after a month the correct license key has not been entered, will restrict functionality. Is this the best way to do this? Have you seen any other add-ons do it differently / better?
In terms of restricting functionality, I'm thinking of throwing InvalidPluginExecutionExceptions. Surely there must be a more 'graceful' way to do this?
All thoughts and suggestions appreciated.
Regards,
Peter.
My thoughts:
Yes, you can query the License entity to get the number of licensed users, which is a common license type from what I've seen. Lots of 3rd party vendors charge by the number of licensed users, regardless of how many of those users actually use the customization. I try to stay away from these because the license costs are often prohibitive for enterprise deployments.
Not that I know of.
I like this option, and have seen at least one 3rd party tool use this method. They allow you to declare the license key in your .config file, and if their runtime doesn't find it there it checks a known registry key. The tool comes with an app that registers the license key in the registry for you. I'd be careful to test and make sure your custom code can read the registry in a least-privilege environment.
Definitely not graceful to throw exceptions, but it does prove your point. :) Other than that, just outright skipping your code is another possibility, although that could have data implications. If you must throw exceptions, I would suggest trying to run some javascript on form load of your entities that warns the user that their license is expired and a save will result in an error. Some more nefarious schemes could include Thread.Sleep, kinda like the old shareware nagscreens. :)
Another idea - can you set up an Enterprise IFD deployment so you can give customers remote access to your demo, including their own demo organization? This depends on your audience, but your customers may not have the luxury (time, dev environment) of downloading and installing your trial. They may just want to see it in action - once you qualify the sale maybe you offer free remote installation and not spend so much time on a flawless setup package? Again, depends on your audience and the volume of licenses you expect to sell. Technically, you could dynamically provision organizations using the SDK and make the online trial process completely automatic. Of course this is a big investment, but allows you to maintain absolute control over your demo/IP.
Hope that helps!