Interacting with Windows Application from .NET Web Service

I am developing a .NET web service using Windows Server 2003 and IIS 6.0
which consumes customer information and then attempts to create a new
customer account in an accounting application (i.e. QuickBooks). For
unattended access to the accounting application, an exception for the
application attempting to access the accounting application must be granted
through the accounting application user interface the first time.

I am able to activate this exception dialog box through a Windows
application, however, calls to my web service results in an error,
essentially telling me that I don't have the necessary exception, but not
activating the exception dialog box in order to grant the exception. Once I
have the exception, the web service can access the application without user
intervention.

Something is preventing the web service from activating the necessary
accounting application exception dialog box. I have attempted numerous
configurations including the following: running the application pool under
an administrative account (for testing purposes), setting the "Allow service
to interact with the desktop" property for the World Wide Web Publishing and
IIS Admin Service, verfiying the ACLs of the appropriate folders, and
changing app pool uesr accounts. In addition, there is a configuration where
I can use an out-of-process COM server supplied by accounting application to
perform the same operation. This configuration yields the same error.

What other configuration issues might prevent the web service from
successfully activating the exception dialog box? Is there an issue that
would prevent the web service from interacting with the desktop?
Alternatively, Is there a way to configure a specific security context for
the accounting application? I would appreciate any insights.

Thank you.

Re: Interacting with Windows Application from .NET Web Service

We can go through a lot of potential differences to try and find your
issue, but I think it is faster to think about the issue this way:

What configuration is required by the specific Windows application to
trigger the exception dialog box?


There are a gazillion possible issues to sort through, but only one
exact list of requirements, so it is usually easier to gather the
requirements than reverse engineer the requirements through issues
observed through experimentation.

For example, user logon from IIS are considered non-interactive and
cannot be changed. Default Windows login is interactive. If the
exception dialog triggers only on interactive use, then it won't be
triggered from IIS and will actually be considered "by-design" by both
IIS and the other Windows application.

Of course, I think the issue is within the particular Windows
application's definition and support of "unattend", but you've got to
obtain that definition before you start on your development.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//







On Dec 27, 1:25=A0pm, David Lloyd
wrote:
> I am developing a .NET web service using Windows Server 2003 and IIS 6.0
> which consumes customer information and then attempts to create a new
> customer account in an accounting application (i.e. QuickBooks). =A0For
> unattended access to the accounting application, an exception for the
> application attempting to access the accounting application must be grante=
d
> through the accounting application user interface the first time. =A0
>
> I am able to activate this exception dialog box through a Windows
> application, however, calls to my web service results in an error,
> essentially telling me that I don't have the necessary exception, but not
> activating the exception dialog box in order to grant the exception. =A0On=
ce I
> have the exception, the web service can access the application without use=
r
> intervention.
>
> Something is preventing the web service from activating the necessary
> accounting application exception dialog box. =A0I have attempted numerous
> configurations including the following: =A0running the application pool un=
der
> an administrative account (for testing purposes), setting the "Allow servi=
ce
> to interact with the desktop" property for the World Wide Web Publishing a=
nd
> IIS Admin Service, verfiying the ACLs of the appropriate folders, and
> changing app pool uesr accounts. =A0In addition, there is a configuration =
where
> I can use an out-of-process COM server supplied by accounting application =
to
> perform the same operation. =A0This configuration yields the same error.
>
> What other configuration issues might prevent the web service from
> successfully activating the exception dialog box? =A0Is there an issue tha=
t
> would prevent the web service from interacting with the desktop? =A0
> Alternatively, Is there a way to configure a specific security context for=

> the accounting application? =A0I would appreciate any insights. =A0
>
> Thank you.

Re: Interacting with Windows Application from .NET Web Service

Thank you for your response.

The exception dialog box is launced from the QuickBooks application the
first time the "integrated application" (in this case the web service) tries
to access the QuickBooks file. The idea is to have QuickBooks open on the
web server, call the web service, have the open QuickBooks application
display the execption dialog box (a QuickBooks form), fill in the dialog box
for the exception, and click OK. Subsequent calls from the Web Service will
see the previously granted exception and be allowed access automatically.
This is similar to how MAPILabs Outlook Security Add-In functions for
granting security exceptions to Outlook from third-party applications.

I have traversed the QuickBooks developer information and newsgroups
exhaustively prior to this post for the information you suggested. I am not
the first to blaze this trail according to the QuickBooks newgroups, but
there are really no comprehensive documentation/replies that one can use to
discern the appropriate configuration. Windows Server 2003 is not
considered a supported QuickBooks operating system although shared QuickBooks
files routinely reside on servers with this O/S.

Given the lack of QuckBooks related information, I decided to try and
approach the issue from a more general IIS configuration standpoint. From
what I have read in the IIS/Web Service newsgroups, others have tried similar
configurations but there solutions (see first post) have not worked in my
particular instance.

Thanks again.

"David Wang" wrote:

> We can go through a lot of potential differences to try and find your
> issue, but I think it is faster to think about the issue this way:
>
> What configuration is required by the specific Windows application to
> trigger the exception dialog box?
>
>
> There are a gazillion possible issues to sort through, but only one
> exact list of requirements, so it is usually easier to gather the
> requirements than reverse engineer the requirements through issues
> observed through experimentation.
>
> For example, user logon from IIS are considered non-interactive and
> cannot be changed. Default Windows login is interactive. If the
> exception dialog triggers only on interactive use, then it won't be
> triggered from IIS and will actually be considered "by-design" by both
> IIS and the other Windows application.
>
> Of course, I think the issue is within the particular Windows
> application's definition and support of "unattend", but you've got to
> obtain that definition before you start on your development.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
>
>
>
>
> On Dec 27, 1:25 pm, David Lloyd
> wrote:
> > I am developing a .NET web service using Windows Server 2003 and IIS 6.0
> > which consumes customer information and then attempts to create a new
> > customer account in an accounting application (i.e. QuickBooks). For
> > unattended access to the accounting application, an exception for the
> > application attempting to access the accounting application must be granted
> > through the accounting application user interface the first time.
> >
> > I am able to activate this exception dialog box through a Windows
> > application, however, calls to my web service results in an error,
> > essentially telling me that I don't have the necessary exception, but not
> > activating the exception dialog box in order to grant the exception. Once I
> > have the exception, the web service can access the application without user
> > intervention.
> >
> > Something is preventing the web service from activating the necessary
> > accounting application exception dialog box. I have attempted numerous
> > configurations including the following: running the application pool under
> > an administrative account (for testing purposes), setting the "Allow service
> > to interact with the desktop" property for the World Wide Web Publishing and
> > IIS Admin Service, verfiying the ACLs of the appropriate folders, and
> > changing app pool uesr accounts. In addition, there is a configuration where
> > I can use an out-of-process COM server supplied by accounting application to
> > perform the same operation. This configuration yields the same error.
> >
> > What other configuration issues might prevent the web service from
> > successfully activating the exception dialog box? Is there an issue that
> > would prevent the web service from interacting with the desktop?
> > Alternatively, Is there a way to configure a specific security context for
> > the accounting application? I would appreciate any insights.
> >
> > Thank you.
>
>

Re: Interacting with Windows Application from .NET Web Service

The usual parameters to consider are:
1. Is Service able to touch the WindowStation of the desktop
application, considering that is like a security attack
2. Is User Token the same from Service as from Interactive Login.
LogonType can be permanently different, along with other restrictions
due to Local security policy

What I understand from your reverse engineering is that Assuming the
exception is granted, the Web Service is able to trigger the desktop
application code and do its work. Thus the problem is getting the
application's exception dialog to appear on [first] use by the Web
Service.

While I think we can take many educated guesses, who knows the
condition that causes the exception dialog to pop up? Well, I just
don't like guessing. I'd rather attach a debugger, breakpoint where
that UI pops up from well known Win32 API calls, and then start
reading the assembly code near when the dialog is triggered, trying to
find the condition that causes it to show the UI. Not trivial, but I
think it's the only directed approach short of Intuit support.

Personally, I'd rather push for official and better support of
automation because ultimately folks like you should determine what
Intuit provides for functionality, and it's better for everyone to
build functionality on supported, intended behavior instead of an
undergroud, reverse-engineered sort of "solution".


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Dec 31, 7:50=A0am, David Lloyd
wrote:
> Thank you for your response. =A0
>
> The exception dialog box is launced from the QuickBooks application the
> first time the "integrated application" (in this case the web service) tri=
es
> to access the QuickBooks file. =A0The idea is to have QuickBooks open on t=
he
> web server, call the web service, have the open QuickBooks application
> display the execption dialog box (a QuickBooks form), fill in the dialog b=
ox
> for the exception, and click OK. =A0Subsequent calls from the Web Service =
will
> see the previously granted exception and be allowed access automatically. =
=A0
> This is similar to how MAPILabs Outlook Security Add-In functions for
> granting security exceptions to Outlook from third-party applications.
>
> I have traversed the QuickBooks developer information and newsgroups
> exhaustively prior to this post for the information you suggested. =A0I am=
not
> the first to blaze this trail according to the QuickBooks newgroups, but
> there are really no comprehensive documentation/replies that one can use t=
o
> discern the appropriate configuration. =A0 Windows Server 2003 is not
> considered a supported QuickBooks operating system although shared QuickBo=
oks
> files routinely reside on servers with this O/S.
>
> Given the lack of QuckBooks related information, I decided to try and
> approach the issue from a more general IIS configuration standpoint. =A0Fr=
om
> what I have read in the IIS/Web Service newsgroups, others have tried simi=
lar
> configurations but there solutions (see first post) have not worked in my
> particular instance.
>
> Thanks again.
>
>
>
> "David Wang" wrote:
> > We can go through a lot of potential differences to try and find your
> > issue, but I think it is faster to think about the issue this way:
>
> > What configuration is required by the specific Windows application to
> > trigger the exception dialog box?
>
> > There are a gazillion possible issues to sort through, but only one
> > exact list of requirements, so it is usually easier to gather the
> > requirements than reverse engineer the requirements through issues
> > observed through experimentation.
>
> > For example, user logon from IIS are considered non-interactive and
> > cannot be changed. Default Windows login is interactive. If the
> > exception dialog triggers only on interactive use, then it won't be
> > triggered from IIS and will actually be considered "by-design" by both
> > IIS and the other Windows application.
>
> > Of course, I think the issue is within the particular Windows
> > application's definition and support of "unattend", but you've got to
> > obtain that definition before you start on your development.
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //
>
> > On Dec 27, 1:25 pm, David Lloyd
> > wrote:
> > > I am developing a .NET web service using Windows Server 2003 and IIS 6=
..0
> > > which consumes customer information and then attempts to create a new
> > > customer account in an accounting application (i.e. QuickBooks). =A0Fo=
r
> > > unattended access to the accounting application, an exception for the
> > > application attempting to access the accounting application must be gr=
anted
> > > through the accounting application user interface the first time. =A0
>
> > > I am able to activate this exception dialog box through a Windows
> > > application, however, calls to my web service results in an error,
> > > essentially telling me that I don't have the necessary exception, but =
not
> > > activating the exception dialog box in order to grant the exception. =
=A0Once I
> > > have the exception, the web service can access the application without=
user
> > > intervention.
>
> > > Something is preventing the web service from activating the necessary
> > > accounting application exception dialog box. =A0I have attempted numer=
ous
> > > configurations including the following: =A0running the application poo=
l under
> > > an administrative account (for testing purposes), setting the "Allow s=
ervice
> > > to interact with the desktop" property for the World Wide Web Publishi=
ng and
> > > IIS Admin Service, verfiying the ACLs of the appropriate folders, and
> > > changing app pool uesr accounts. =A0In addition, there is a configurat=
ion where
> > > I can use an out-of-process COM server supplied by accounting applicat=
ion to
> > > perform the same operation. =A0This configuration yields the same erro=
r.
>
> > > What other configuration issues might prevent the web service from
> > > successfully activating the exception dialog box? =A0Is there an issue=
that
> > > would prevent the web service from interacting with the desktop? =A0
> > > Alternatively, Is there a way to configure a specific security context=
for
> > > the accounting application? =A0I would appreciate any insights. =A0
>
> > > Thank you.- Hide quoted text -
>
> - Show quoted text -