.net activeX equivalent

views:

497

answers:

.net activeX equivalent

Is there a pure .NET replacement for ActiveX? I'm asking if there is a way for me to write a thick client side control to be loaded and interacted with in a web page in .NET, with NO com.

Edit: I don't want ActiveX in pure .NET, I want a .NET alternative to ActiveX.

+2 A:

I'm afraid there is no perfect managed only equivalent of ActiveX. Mostly for good reason. ActiveX is a dangerous technology security wise and duplicating it's effects in many ways would require duplicating the lack of security.

Have you tried SilverLight?

It's not a perfect ActiveX replacement because it doesn't grant you unferreted access to the machine. But it does provide the ability to write rich client side controls in .Net.

JaredPar 2009-04-14 17:30:54

you can right pure managed ActiveX, see my answer.

dr. evil 2009-04-14 18:24:23

@Slough, you can code ActiveX controls in managed code but there is no managed ActiveX. I believe the user is asking about the latter

JaredPar 2009-04-14 18:27:16

I think I'm missing something. If you code an ActiveX in managed code output won't be native code (or is it something special like Ngen?). If output is not native code that means it's managed. So there is something called managed ActiveX? Am I wrong?

dr. evil 2009-04-14 18:36:49

@Slough, the user asked though "is there a managed *replacement* for ActiveX" not "can I code a ActiveX like client in managed code". The OP may have intended the latter but I read it as the former. There is no managed framework which replaces ActiveX

JaredPar 2009-04-14 18:50:12

@Slough, JaredPar is right, see edit.

C. Ross 2009-04-14 18:57:20

@JaredPar, SilverLight may be the answer in the end, but how stable are the development tools so far?

C. Ross 2009-04-14 18:57:51

@C.Ross, using VS to code silverlight works great. However I work on Visual Studio and own a subset of the SilverLight story so I'm biased :)

JaredPar 2009-04-14 19:01:08

I'm sorry I got it wrong :)

dr. evil 2009-04-14 19:32:30

@JaredPar, see http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=187 . He doesn't include ComVisible in the assembly. This is not ActiveX, and BTW all the 'dangerious' aspects of ActiveX have been rectified. And if the control's signatory is trusted it has completed access.

Jonathan C Dickinson 2009-04-14 19:55:37

@Jonathan, having a control with the power of ActiveX and the security problems fixed is simply not possible. These are mutually exclusive properties.

JaredPar 2009-04-14 20:09:28

@JaredPar, if you work at Microsoft I highly recommend you read up on this. Surely you must understand CAS if you *work on Visual Studio*?

Jonathan C Dickinson 2009-04-15 07:41:01

@JaredPar, and I said, you only have the power of ActiveX if the publisher (assembly signer) is trusted; otherwise you are pretty much in a sandbox.

Jonathan C Dickinson 2009-04-15 07:42:05

@Jonathan, I very much understand CAS. My point is that ActiveX has 0 security. If you add CAS to a managed application you get something that cannot possibly be a 100% ActiveX replacement because it will have limitatations that ActiveX does not.

JaredPar 2009-04-15 13:20:24

(cont) the OP is asking for a managed framework that is an ActiveX replacement. Various managed frameworks exist (with CAS) but they will not ever allow the full range of operations that an ActiveX control had because of the inherent insecurity in doing so.

JaredPar 2009-04-15 13:37:51

@JaredPar, "will not ever allow" is entirely flawed. You can add a publisher rule to your local CAS Policy (using caspol.exe) to grant Full Trust in all situations to a specific publisher. If all of what I say is wish-wash; then how does Unity do what it does?

Jonathan C Dickinson 2009-04-20 07:58:02

@Jonathan I am unfamiliar with Unity. But there is a very basic principal here. ActiveX's power relies it it's ability to do anything and hence be insecure. Any security restrictions you place on content creates a new product, not a 100% replacement. I'm not saying it's impossible to create an ActiveX *like* component. It's just one of the following must be true 1) Hosted apps are less powerful or 2) they are insecure.

JaredPar 2009-04-20 14:03:43

+3 A:

You can use UserControl it can be embedded inside IE, I don't know what you mean by interaction with the web browser, but it can call out scripts on the page and post events that can be handled by scripts on the page.
Notice that .NET must be preinstalled in order for the control to work.
You can also go with Silverlight as JaredPar mention, but then your api is more limited.

Shay Erlichmen 2009-04-14 17:40:06

I found a tutorial http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=187 . Maybe add it to the answer.

Jonathan C Dickinson 2009-04-14 19:54:44

@Jonathan, 10x but this article is outdated (looks like .net v1.0).

Shay Erlichmen 2009-04-14 20:47:48

@Shay, it does still apply. If he has access to the policy on client machines (so he can trust his key on them) he should be able to do anything he wants.

Jonathan C Dickinson 2009-04-16 07:19:06

ansaurus

tags:

views:

answers:

.net activeX equivalent

related questions