|
Yes, it's very difficult to do if you're using the ListView defined in the BCL. That encapsulates the Windows Common Controls List-View. Drawing iconic headers and colored cells isn't too hard, but siting other controls requires quit a bit of work.
There are third-party controls, however, that do this. They are more analogous to the DataGrid, but provide all the functionality of both plus more. Infragistics[^] and Developer Express[^] are just a couple of the third-party component developers that have such controls.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles] [My Blog]
|
|
|
|
|
|
I was hoping to be able to create something similar to a traditional ActiveX control that can be embeded into a web page so that my customers can go to a web page and have my control help fix problems on their computer with embedable WinForm controls.
To my disappointment it appears the security on embeded WinForms is a little lacking. It doesn't prompt the user on wether they want to trust my control. It automatically doesn't trust it and gives it very minimal rights. If they want to be able to use my control they have to manually adjust the .NET security on their computer.
The problem lies in the fact my customers barely know how to turn on their computer let alone doing anything like adjusting their security permissions. Have anyone been able to create a .NET control that is embedded on a web page that prompts the user for trusted permissions. Similar to that of a traditional ActiveX control found on Windows Update and the like.
If this isn't possible, then is it at least possible to create an ActiveX control in .NET that will do what I want? Ugh I dread the thought of having to write anymore ATL COM in C++ since .NET is so much easier to maintain and develop. 
- Drew
|
|
|
|
|
Previously I was an architect that designed and developed a massive N-tier application using embedded Windows Forms controls and touchlessly-deployed Windows Forms Applciation and not once did customers have to manually change their CAS settings. You wrap this in an install. I wrote an Installer derivative that enumerate the Machine policy (all the code necessary is defined in the BCL) and added (or removed upon uninstall) our UrlMembershipCondition. This was executed as a custom action from Windows Installer (using VS.NET's Windows Installer projects - while severely limited in support for MSI features - makes this possible very easily).
.NET CAS doesn't prompt the user because users often make uninformed and ill-choices, clicking "Yes" to everything they read. It's a much tigher sandbox than what ActiveX has - if you can even call that a sandbox.
If you want more information on embeddeding Windows Forms controls - and even supporting client scripting (that depends on IE ActiveX security settings), read an old article of mine at http://www.devhood.com/Tutorials/tutorial_details.aspx?tutorial_id=388[^].
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles] [My Blog]
|
|
|
|
|
This means you had a seperate link that ran an .msi installation and changed their security settings to trust your url and any code on the page? If that is what I understand, then it isn't really touch-less than, correct? I really didn't want the customer to have to do anything but visit the site. The custom control I am developing needs access to the registry and/or the ability to run processes on the client machine. If I have misunderstood what you are saying you did then please let me know. The only way I see it is I would need a seperate executable they would need to download and run that would automatically change their security settings to allow my code to run with all permissions. If it is really that easy to do I dont see it as being much more secure.
-
Drew
|
|
|
|
|
Truly touchless deployment requires that your control only do what it is allowed to do (in .NET 1.0 this was nothing; thanks to the requests of several of us early adopters of touchless deployment, .NET 1.1 grants the Internet_Zone some permissions). There's simply no way around that (it's like being able to force installation of your ActiveX controls on unsuspecting clients - that's bad).
In .NET 2.0 there will be a technology called ClickOnce[^] that can save you from writing your own installation routine, but this won't be truly touchless either. It should - assuming no further changes - prompt the user to install an application and can update that application. The assemblies, however, are not downloaded in the same manner (i.e., automatic updates when IEExec checks for new versions of assemblies from their respective codebases).
There's just no getting around it: you can't force yourself on users; the framework won't allow it. If it did, then someone with malicous intent could force their malicous code on users, too.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles] [My Blog]
|
|
|
|
|
I completely agree that forcing an application to run would be futile and very bad. That is not what I want or am I proposing. I did like the idea of allowing the user to select 'Yes' when an ActiveX control is loaded on a page. The control needs to be signed by the producer and the user needs to accept the control. This is much easier for my customers to understand as opposed to having to run another application to get permissions to run yet another control that is hosted on a web page.
In my case if they have to download an application that will automatically change their security settings then I might as well code the functionality I need into the application they need to download. I don't really need to do too much but I do need unrestrictive access. Specifically in the case that I am trying to solve I have many customers that are affected by the Office 2000 HTML Source Editing bug where it trys to install the dhtmled control when triedit is first loaded. The control already exists and doesn't need to be installed again. Also the customers have no idea where their CD is and don't understand why they need it to run an application developed by us.
I understand the reason's, but I'm not sure there are many real world products that will be able to run within the constraints of the security model currently in place. These applications would need to be thin clients that do all I/O and processing on the server. This is useful for those that wish to write thin clients but not those that want to run a full client side application from a web page.
In some sense I really wanted to be able to create a Windows Update type system in .NET, except it would update my product and anything else that needs to be fixed. There are many reasons I'm sure Microsoft themselves have still stuck with ActiveX controls, one being the fact that the .NET runtime isn't always installed and is installed through the Windows Update mechanism for most users.
I completely understand the security ramifications and agree with them, however it does seem nice when you would able to give your customer a URL, tell them to hit yes and that be it, especially when you spend hours explaining to them how to just turn on their computer.
This is where Microsoft gets into trouble all the time. They pick ease of use over security sometimes and I completely understand. The time will come when we don't have to pick one over the other but I don't think that time is now.
-
Drew
|
|
|
|
|
afinnell wrote:
I did like the idea of allowing the user to select 'Yes' when an ActiveX control is loaded on a page.
But as I said - from my experience in this field and from user studies into this problem, the vast majority of users will simply click "Yes" to whatever they are asked and most won't even understand unless you give them a long description that - because of the length - they probably won't read anyway.
afinnell wrote:
This is where Microsoft gets into trouble all the time. They pick ease of use over security sometimes and I completely understand. The time will come when we don't have to pick one over the other but I don't think that time is now.
Your problem is quite the opposite. With .NET Code Access Security, security takes a front seat to user experience, which is good for many reasons. For one - it's security. 'nough said.
Second is that smart-client development and deployment is more common in corporate networks where IT can push out security policies so the user doesn't have to worry about it.
ClickOnce bridges this gap and - if you think about it - is no different in terms of deployment than ActiveX controls (though it still uses a much better sandbox). The assemblies are downloaded and installed - just like ActiveX DLLs/OCXs/etc., or even Java JARs or .class files (if you're using the Microsoft JVM, which is now deprecated). It prompts the user.
ClickOnce is truly your answre here, but you could work around this problem by writing an ActiveX control that adds the code access policy (just an INF won't be enough since you need to modify CAS policy, which can be done directly to the .config file BUT BE CAREFUL and always backup the original).
In either case, they are not truly touchless. Using a strict touchlessly deployed application - unless you're doing something VERY basic (just look at the default privileges granted to the Internet_Zone in the Microsoft .NET Framework 1.1 Configuration snap-in) - is impossible for security-driven reasons.
I don't forsee this changing in our future until people change. It's practically impossible - even for AI (hey, bad people can fool humans, too) - to detect a malicious user from a decent user.
These are my opinions based on experience and research and not those of my employers.
This posting is provided "AS IS" with no warranties, and confers no rights.
Software Design Engineer
Developer Division Sustained Engineering
Microsoft
[My Articles] [My Blog]
|
|
|
|
|
ClickOnce bridges this gap and - if you think about it - is no different in terms of deployment than ActiveX controls (though it still uses a much better sandbox). The assemblies are downloaded and installed - just like ActiveX DLLs/OCXs/etc., or even Java JARs or .class files (if you're using the Microsoft JVM, which is now deprecated). It prompts the user.
This is my fault for not being more dilegant with regards to reading about ClickOnce. This is almost exactly what I want. I'll just need to wait until .NET 2.0 comes out of beta. You are correct, ClickOnce really does bridge the gap. Thanks for bringing it to my attention.
Your problem is quite the opposite. With .NET Code Access Security, security takes a front seat to user experience, which is good for many reasons. For one - it's security. 'nough said.
I agree.
I don't forsee this changing in our future until people change. It's practically impossible - even for AI (hey, bad people can fool humans, too) - to detect a malicious user from a decent user.
I think this sums it all up. The focus will need to be on training people and not allowing them to do things that are unsecure just because they are ignorant on the subject matter. That's why we have the proliferation of virii everywhere.
This has been a very insightful conversation. I went in expecting the .NET 1.1 framework to already be up to standards in regards to web deployement, however I see that they are making great strides to achieve this in .NET 2.0.
Thanks
-
Drew
|
|
|
|
|
I am currently working on a server monitoring system. I need to know if it is possible to get the status of the backup using WMI.
If so, how can I get the status of the backup?
Any help would be greatly appriciated
"Every rule in a world of bits and bytes can be bend or eventually be broken"
|
|
|
|
|
TapeMiniWMIControl
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/storage/hh/storage/tapemini_37bf2bb8-34fb-422c-bcab-93c9585eae34.xml.asp
|
|
|
|
|
http://network.programming-in.net/articles/wmi.asp?wmi=CIM_TapeDrive
WMI class ' CIM_TapeDrive ' reference for C# and VB.NET
CIM_TapeDrive
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/cim_tapedrive.asp
|
|
|
|
|
Thanks for the tip
"Every rule in a world of bits and bytes can be bend or eventually be broken"
|
|
|
|
|
Hi I'm new to C# or to .net, right now im using 2.0, and I would like to know how to remove a certain element from an array, such as: array2[t]. also i would like to remove an element from a multidimensional array such as array[t,all 35 elements], note array2 is strings and array is all int's. PLZ help;P
|
|
|
|
|
There is a utility class called System.Array that has several static methods for use working with arrays. The following line block copies array elements above the removed item:
<br />
Array.Copy(theArray, removeAt+1, theArray, removeAt, theArray.Count-removeAt+1);<br />
Hope this helps,
CKF
|
|
|
|
|
how would you just remove an element though
|
|
|
|
|
I apologize for the short reply, here's a more detailed reply...
I also noticed I mistakenly referred to Array.Count instead of Array.Length. That was dumb too.
<br />
string[] theArray = "This will become an array of strings".Split(new char[] {' '});<br />
int removeIndex = 1;
string[] newArray = new string[theArray.Length-1];<br />
for(int i=0; i < theArray.Length; ++i)<br />
{<br />
if (i < removeIndex)<br />
newArray[i] = theArray[i];<br />
else if (i > removeIndex)<br />
newArray[i-1] = theArray[i];<br />
} <br />
string[] anotherNewArray = new string[theArray.Length-1];<br />
if (removeIndex == 0)<br />
{<br />
Array.Copy(theArray, 1, anotherNewArray, 0, anotherNewArray.Length);<br />
}<br />
else if (removeIndex == theArray.Length-1)<br />
{<br />
Array.Copy(theArray, 0, anotherNewArray, 0, anotherNewArray.Length);<br />
}<br />
else<br />
{<br />
Array.Copy(theArray, 0, anotherNewArray, 0, removeIndex);<br />
Array.Copy(theArray, removeIndex+1, anotherNewArray, removeIndex, <br />
theArray.Length-removeIndex-1<br />
);<br />
} <br />
If possible, you should use one of the collection classes (System.Collections namespace) to manage the array for you, particularly if you frequently add and remove elements. The methods described above are not efficient for frequently changing arrays.
Regards,
CKF
|
|
|
|
|
[2]
-
Hi..,
[1]
-
How to make printable report from windows form in c#. Like if a enduser select
starting date and ending date so a report generated like this stlye:
Report Heading
______________
Student Name (Seleted from Winform)
Period 1/10/2004 to 17/10/2004
------------------------------
[DataGrid Values from DataBase on the bases of query]
Date Title Fee Fine
---- ----- --- ---
99/99/9999 | October Month Fee | 1331 | 100
99/99/9999 | October Month Fee | 1331 | 100
99/99/9999 | October Month Fee | 1331 | 100
99/99/9999 | October Month Fee | 1331 | 100
_______________________________
Total: 224545 666444
_______________________________
Close: asdasds
______________________________________________________________________________
Date Page No 1 of 4
______________________________________________________________________________
Report End Heading
If some one know so please email me at: waqasb4all@yahoo.com
-----------------------------------------------------------------------------------
Does anybody know how to build application custom skin in c#. Like Yahoo Messanger
ver 6 have different skin in path C:\Program Files\Yahoo!\Shared\Graphics\
in this path there are two skins folder (1) Indigo (2) Maverick
so in these folders there are some .bmp file exits and a xml file. Basiclly me
problem is that i want to know how they load different skins in such way. if some
have knowledge about it some please tell me.
Thanks...?
Muhammad Waqas Butt
---------------------------------------------------------------
Muhammad Waqas Butt
waqas4all@yahoo.com
|
|
|
|
|
WaqasButt wrote:
Basiclly me
problem is that i want to know how they load different skins in such way.
Easy, the XML file would contain info on what image files in each folder go on what button, on startup it reads the XML file, uses the current skin name to load the right bitmaps and applies them to the buttons.
Christian
I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
|
|
|
|
|
Hi Christian,
Thanks buddy for thinking on my question. Actually i do not understand this question that's why i ask to other if somebody know in real how this could possible in C#.Net so please Please Email me.... Anyways Thanks again
![Rose | [Rose]](https://codeproject.global.ssl.fastly.net/script/Forums/Images/rose.gif) Muhammad Waqas Butt
waqasb4all@yahoo.com
|
|
|
|
|
I'd suggest that if you totally cannot understand my reply, then you should worry about learning some basic programming before considering such a task.
That's not an insult, it's sincere advice. You have to crawl before you walk.
Christian
I have several lifelong friends that are New Yorkers but I have always gravitated toward the weirdo's. - Richard Stringer
|
|
|
|
|
Hi Buddy ,
I understand what you mean. So it's a fact that i am new in C#.net but i am interested to do GUI based work. Well if you think that i need some extra knowledge so if it possible please refere me some books, code and web sites.
But anyways thanks for you advise...
Muhammad Waqas Butt
|
|
|
|
|
Hi all,
I am trying to get on top of interprocess communication. Most -if not all- of the articles around handle IPC either through a mailbox mechanism or memory mapped file wrappers. The latter is probably best and by far the fastest, but I got the feeling everybody is serializing and deserializing objects to do this.
In my project I have to exchange (an awful lot of) short messages between processes. There is no need for serialization, the message type and structure is known (style 4 msg length bytes, 4 transaction bytes, message payload etc).
The question: would it be possible NOT to do serialization and free the CPU of this burden, but instead write bytes directly to a mem stream in one process and read that same semaphore in another process? Somehow? 
Thanks in advance,
Peter Stevens
|
|
|
|
|
Just in case you haven't seen it, there's a really good article posted here called "A C# Framework for Interprocess Synchronization and Communication" By Christoph Ruegg (an Aug 2004 prize winner) that deals with most of the guts work you would need for such a thing.
For what its worth, I'd recommend considering the long-term maintenance and growth of your solution before moving away from binary serialization. If you use a custom method to marshal your data structure you are coupling your IPC code with your message structure and changes in the message structure will likely require changes in the IPC code -- higher long-term maintenance and testing costs. If however you stick with binary serialization, changes in your message structure may not require changes to your infrastructure. Write a loop that shoots 100,000 messages across both IPC mechanisms and you will discover for certain whether you can affort to stay with serialization. But of course I concede that performance easily trumps maintenance in some projects so if this is the case for you just disregard my rambling.
I hope the article has what your need,
CKF
|
|
|
|
|
Many thanks for your replay. I know the risks of moving away from serialization (and standards) but I desperately need the speed. The type of solution is a protocol front-end handling over 100K messages per second on a quad Xeon machine. I was surprised when we were testing how far we could go in opening the message payload for inspection reasons: the performance price for a single extra string operation (such as UrlDecode) costs about 3.000 messages per second less throughput... Imagine.
I've been looking at Christoph's framework, it's a great thing, but it becomes unstable when moving more than 12 Mbit/s (which is around 10.000 msg/sec). The single-process architecture, as it exists today, behaves predictably and inspects and routes up to 180 Mbit/s of message data between components. Also, we've seen some exceptions when either the producer or the consumer dissapears from the process list under load conditions above 5 Mbit/s. Maybe it's synchro-related or the custom queue implementation, I'm not sure.
Anyway, thanks again for thinking along...
Peter.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
