I face an issue for a client who need to launch an application from a ASP.Net website client side. For the moment the solution is using ActiveX, but we all want to find an other way to do this action.
I read this links to find informations :
Is it possible to run an .exe or .bat file on 'onclick' in HTML
https://msdn.microsoft.com/en-us/library/aa767914%28v=vs.85%29.aspx
I know that for security issues, browsers don't allow the launch of client applications, but did someone find a hack to do something like that and have a sample to post ?
Have a good day
The technology exists for YEARS and it's called ClickOnce.
https://msdn.microsoft.com/en-us/library/142dbbz4%28v=vs.90%29.aspx
It requires the .NET Framework at the client side and a support from a browser (some browsers require a plugin to correctly handle ClickOnce apps).
Applications are deployed either in a form of a self-extracting installer (setup.exe) or a link to an XML document, the manifest, that describes location of other components (appname.application). In any case, a client just clicks a link, the app is downloaded and run locally, using local client permissions.
In particular, the app can read/write local files, use certificates from the local store, print documents using local printers, call other services ever if they are cross-domain etc.
And note that such ClickOnce application can run client local processes without any restrictions. We use this feature for years and it sounds like this is exactly your scenario.
Theoretically it could happen if a service was listening on some predefined port and the application simply sent a specific request to that port.
Other than that, I don't think it's possible to directly execute an application on the user's computer.
Related
I know this is security-wise an absolute No-Go. But I have a customer, who has an angular application running internally only. This means the workers of the customer don't have internet access in the browser in which they use the application, and it is running in a virtual machine.
So they don't really care about browser-security, since they only use the application on it.
Now they have following use case:
User clicks a button in the Angular app
A powershell script on the local machine gets executed
So my question is, is there a way to call a local Powershell script with using Angular/Javascript?
My current idea
I could start a local NodeJS server on the virtual machines (always when they are booting) running on localhost:8080 for example, which listens for Rest calls.
When the user hits the button, the Angular app will make a Rest-Call to localhost:8080, which is the client node-server and the node-server executes the Powershell-script.
I see that's possible with: Execute Powershell script from Node.js
So does this make sense?
Or is there a better way to accomplish something like this? (As I said if there's a possibility to turn off browser security it's ok.)
Other way to achieve this is by registering a custom protocol with your application. That is how lot of apps like slack, skype etc work. But, your initial solution seems more platform independent.
I have added a chrome extension called "External Application Button".
What it does is we can add external application like sublime.exe, vscode.exe etc to our browser toolbar and on click , it opens the exe.
So using jquery or javascript is it possible to make that button click happen?
My main goal is to make that application run using jquery or javascript code in a webpage.
Both for an extension and a webpage it's impossible to do it on its own, without installing extra software. You are "sandboxed" in what you can do on a computer from your code, and limited to whatever APIs browsers provide.
To invoke an application external to the browser, an extension needs to use something called Native Host. This is why installing something extra is required to make that extension work.
Regular webpages can't use Native Hosts, so that route is closed.
Can we do it from webpage code, if we allow installing an extension?
Yes, an extension that talks to a webpage (through content scripts, or externally_connectable mechanism) can allow websites to trigger extension code, that triggers native host code, that does what you want.
You can't do that with arbitrary third party extensions, so you'll need to write your own.
Can you do it anyway, without an extension, if we allow installing an extra component?
In principle, yes. A typical way to do it is to install a helper program that opens a web server on a local port, e.g. localhost:12345. Then any JavaScript context can try connecting to it.
In practice, there are complications.
How do you secure your local server from arbitrary connections? You'd need some pre-shared secret to not allow other sites, or other software on the local machine, to abuse this.
Connecting to non-HTTPS domains from HTTPS websites is a problem. Making a certificate for localhost that's trusted by the browser is also a problem (that has security implications if circumvented). That complicates installation of the extra component.
Another idea: your extra component can register itself as a protocol handler. For example, you can add a launch-app: protocol and tell the system that your helper application needs to be invoked. Example: Steam uses this approach to communicate with its client from the browser (e.g. to install / start a game).
Note that this is one-way communication, but for the "launch a program" use case it's enough.
Then you can just provide links to that special protocol to do that. Again, this requires installation of an extra component in the target system. You can't do that with just the browser.
So the overall answer is: it's complicated, and needs extra software installation.
I have a folder structure in FTP, that I am trying to access and open in file explorer on the client-side using javascript in my asp.net application. Using window.open("ftp://192.168.1.10/clients/112"); opens the folder in the web browser how do I make it open in the file explorer.
The real answer is that you do not understand what you, in any way, are doing. You are trying to cross standards which is prevented inherently, but by your lack of technical knowledge, you don't know help when you see it. The part below shows ways to possibly handle it.
For a machine to connect to an ftp server, they need to authenticate and do so over the correct protocol. That is not the protocol that browsers use.
Now, that is not to say that I can't go in my browser, type ftp://... and see a directory. But that is totally different. Your browser switches protocols based on your url. That can't just happen when your a webpage in a clients browser.
Your web server can conduct ftp traffic though. You can read that structure and show it to your user. https://msdn.microsoft.com/en-us/library/ms229716(v=vs.110).aspx
A clever guy can make this happen. It used to be easy in flash/flex, but.. progress.
I built a CRM for a client of mine, and now they've requested an interesting feature:
For each customer record, they have a matching directory of files on their local computer. They want the ability to open that folder in Windows Explorer directly from within the web app (the app doesn't need access to the directory/files; it just has to launch Windows Explorer so that the user can interact with their files).
This is obviously not possible with regular JavaScript running in the browser (thankfully). I thought there might be some way to accomplish this by building a Chrome extension for this purpose, but it seems Chrome extensions/apps can only access a sandboxed filesystem, which doesn't serve my needs at all. Building an NPAPI plugin in out of the question since Chrome is discontinuing support for NPAPI.
File URIs don't solve this problem either. Their display is ugly, there's no drag-and-drop, no big icons/thumbnails, no sorting etc. They want the full capability of the Windows Explorer.
The only viable option I thought of is to create a local node.js server, make a localhost CORS request to that server, and then run an exec command from node.
Any better idea?
One possibility is to register a custom URI protocol handler with the user's operating system, and then your web page can contain links using your custom protocol, such as openfolder://c/path/to/folder This sort of customization is probably most commonly seen in practice with itunes:// links.
A quick Google search led me to this decent looking tutorial: https://support.shotgunsoftware.com/hc/en-us/articles/200213756-How-to-launch-external-applications-using-custom-protocols-rock-instead-of-http-
The downside is that the user will have to run a small installer of some sort in order to set the correct registry entries (or whatever the non-Windows equivalent is for other OSes) and to drop a small script on disk. That would be much lighter-weight than running a node.js server like you proposed, though.
The linked tutorial uses a Python script, but even that is probably overkill for your needs. A batch file would likely suffice.
EDIT: One additional note, please be aware of the security implications of implementing a custom handler like this. Any webpage in any browser can potentially take advantage of your custom protocol, and an attacker would be able to pass arbitrary data to your script. You should take steps to ensure that the script will not accidentally execute arbitrary commands that may be injected by a malicious web page, and that it will only open a folder and nothing else.
That would require each customer to run a node.js server, which seems unrealistic in your case.
You could use File URIs.
Browsers will refuse to open them by default. However, as suggested in this answer, you could ask your customers to install LocalLinks.
What I want is to print from a cash register from an asp application, what this basically means is to call an exe file that operates directly with the cash reigister with the txt file to be printed. A more correct formulation of this problem can be found on this link .
The solution given there are the following three:
Using a link pointing to exe file - an exe file is downloaded and it operates
the driver.
Using a resident program on the client computer listening on a port - the server
connects to it and operates the driver.
Using an ActiveX Object - the driver is operated by client script from the
internet browser.
I want to do this not using any resident program, but directly from the browser. In that respect I found a solution in Java using Applets, which is fine, but I have to do it with ASP.NET, and the only way I can do that is by using an ActiveX Object, and the problem with the is that they only work on Internet Explorer, which is not an option.
After thoroughly searching the internet my problems ca be concentrated in the following question: How ca I run an exe from client side on any browser without using ActiveX Objects?
I know that this questions was posed thousands of times, but is there any plug-in, loophole, some form of java applet from an asp page :), anything that can help me solve this problem?
UPDATE:
Thanks for the comment and answer. The solution we finally choose is than whenever a printing request is formed the main asp application updates the database with that request and a resident application scans the same database for changes and creates and prints the txt.
Luckily it is not possible (imagine the security issues if it was possible).
However, you still have some options:
Offer the .exe to download. This is the most portable way
Use a .NET ClickOnce setup. This will start an installer with a single click in IE and browsers which have the ClickOnce extension enabled. In other browsers it will provide you with a setup.exe download.