Challenge to all you ASP gurus - free beers to the winner!

Challenge to all you ASP gurus - free beers to the winner!

am 01.04.2008 17:39:35 von martin

Ok, this is a challenge to the gurus out there - I thought I was a
guru too, but cannot get this to work for the life of me, so, a 6-pack
of beers to the first person who can help!

I have an existing Windows.Forms.Usercontrol. This control is an
emulator for a portable device my company uses in it's factories and
warehouses. The control connects to a domain SQL Server and carries
out read and write operations on the database.

The usercontrol is currently hosted in a Windows application on a
windows form.

What I need to do is to host the control on a webpage, so that users
can access it through the intranet. The control must be a client-side
control, and will only be available on the company intranet.

So, I've managed to host the control in a webpage succesfully using
the object tag:

wrote in message
news:70ae0079-b7cd-4cd5-a742-2c424ad1c241@c26g2000prf.google groups.com...
> Ok, this is a challenge to the gurus out there - I thought I was a
> guru too, but cannot get this to work for the life of me, so, a 6-pack
> of beers to the first person who can help!
>
> I have an existing Windows.Forms.Usercontrol. This control is an
> emulator for a portable device my company uses in it's factories and
> warehouses. The control connects to a domain SQL Server and carries
> out read and write operations on the database.
>
> The usercontrol is currently hosted in a Windows application on a
> windows form.
>
> What I need to do is to host the control on a webpage, so that users
> can access it through the intranet. The control must be a client-side
> control, and will only be available on the company intranet.
>
> So, I've managed to host the control in a webpage succesfully using
> the object tag:
>
> from the web app.

Steve Orr also has an article on embedding windows controls into ASP.NET:
http://steveorr.net/articles/WinformControls.aspx

It briefly talks about the sandbox. An even better article, from the
standpoint of accessing a web service, is this one:
http://www.15seconds.com/issue/030610.htm

> This all works ok, and the control displays.
>
> However, when the control attempts to connect to the SQL Server, it
> fails due to a security exception.

You have, potentially, both a sandbox issue and a context issue.

> Fair enough, I understand why that's happening. The framework is
> limiting access to local system resources to stop malicious code being
> executed.

This is one of two things that can be happening (maybe both). It could be a
sandbox issue (your view of the issue), but it could also be SQL login
failure, as the embedded control is not getting a user context that the
server trusts. If the former, you may not be able to break through the walls
of the box without completely compromising security. If the later, you have
to either find context from the user or open security up.

And, it is probably a bit of both.

> First thing I tried was to add my site to the Trusted sites list -
> this had zero effect!

The site is not running the code on the browser side, so this will have no
effect.

> The next thing I tried, was impersonation. Using the LogonUser api, I
> attempted to logon the control to a domain user account, and run it
> under those credentials. Unfortunately, the framework security does
> not allow access to the LogonUser api call!

You are very limited on what you can actually do on the box. Calling local
APIs, for example, is frowned apon if it could compromise security (as the
LogonUser API can).

> My final attempt - which I thought MUST work - was to move all the
> database functionality out into a webservice, and use this webservice
> object from the existing usercontrol. Unfortunately, this didn't work
> either - I get a security exception when connecting to the webservice
> - apparently this is denied as well.

Remoting is completely verbotten in an embedded windows control. You should
be able to use Web Services, however. Check out the articles.

> I know I could rewrite the control as a webcontrol, but that would
> really be re-inventing the wheel. Am I being naive in thinking that
> there must be a way to reuse my existing component?

Once again, separation of concerns is the key, at least for me. I do not see
it as "reinventing the wheel". But, it is not as simple as dropping a
pre-made control on a page.

Rewriting as a user control or server control need not be rewriting the
entire logic. Refactor all of the working bits into a library of classes and
make the windows control a small skin. At this point, flipping to another UI
is a matter of creating a new "view". The refactoring will take a bit of
time, but then when you decide to go to Silverlight, you can easily slap
another UI on top.

If you look at it, this is precisely what MS is trying to solve with the MVC
Framework (force separation of concerns) as well as WPF (Silverlight or XBAP
in browsers).

> Any help at all on this - even if it's to tell me I'm being a moron -
> will be greatly appreciated!

I would read the articles first. I would then consider putting functionality
into a library and making the UI thin, even if you are only refactoring as a
"just in case". Even if you skip this step, I would consider treating the UI
piece as a control and feeding it the parameters. In addition, I would
consider putting up a factory method for your database access, as there will
likely be some differences in how the access is done.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

*************************************************
| Think outside the box!
|
*************************************************

Re: Challenge to all you ASP gurus - free beers to the winner!

am 02.04.2008 01:01:00 von brucebarker

1.1 is a bummer. this is the part that get improved with each release. the
security is implemented by .net not IE, so you need to configure .net
security. for 1.1 there is only the caspol.exe utility. it command line, and
must be run on the client box.

http://msdn2.microsoft.com/en-us/library/cb6t8dtz(VS.71).asp x

you will probably have to write a application to run caspol for your users.

-- bruce (sqlwork.com)


"Martin" wrote:

> Meant to add, it's .NET Framework 1.1 on an XP box.
>
> TIA,
> Martin
>

Re: Challenge to all you ASP gurus - free beers to the winner!

am 02.04.2008 10:29:19 von martin

Hi Gregory,

Thanks for the comprehensive reply - really appreciated. The article
on 15Seconds.com has given me some really useful pointers - it appears
I should be able to interact with a webservice from the embedded
control, so that looks like the path I will go down - initially at
least. But you've also given me some good alternatives to look at as
well.

So, where do I send those beers? :-)

Martin

Re: Challenge to all you ASP gurus - free beers to the winner!

am 02.04.2008 11:38:00 von martin

Hi Bruce,

Yeah, I'm trying to get my company to join the 21st century, but for
now 1.1 is the standard!

I had looked at the Caspol utility, but got scared!

Thanks for the response.

Martin