views:

687

answers:

3

I have come across some articles on the web about .Net applets and I was wondering how it differed from an activex control (created using a .Net language)? (to clarify, this is with regards to applets that run inside a web-browser)

(Is the difference: ActiveX controls written in a .Net language are called .Net Applets?)

Are there any advantages in using one over the other?

Also, what does Microsoft reference this technology as? (A search on MSDN doesnt bring anything up called .Net Applets!)

ps: from what I can see ActiveX controls need to be COM registered, whereas .Net applets dont. Also, in the web-page, activeX controls are referenced using their CLSID, whereas the .NET applets seem to be referenced by a full name (path, dll name, namespace and class)

A: 

ActiveX controls don't have the same security restrictions than .NET applets, that can be an advantage or disadvantage depending on what you want to do. .NET applets are in general easier to develop, ActiveX you create with VB6 or C++.

Otávio Décio
+1  A: 

"ActiveX control (created using a .Net language)" and ".NET applet" are both slang for ".NET assembly hosted in IE".

In fact, .NET assemblies can be hosted in a variety of applications. See:

Creating a Host to the .NET Common Language Runtime

mbeckish
+6  A: 

ActiveX controls are simply COM objects that, at a minimum, implement IUnknown. Recent versions of IE have started to also require the object to implement IObjectSafety. To do anything useful, the object needs to implement some other Ole interfaces as well, such as IDispatch, IOleObject, etc. The object needs to be create-able via CoCreateInstance() which means you have to register it in some way with the registry. You don't have to use a guid in the tag, you can also use the AppId if you register one.

You can also write some managed code and get that running inside IE as well. The way that works is the CLR registers a MIME filter when it is installed. Then when IE sees you're sending down something of the proper mime type, it hands the code off to the CLR to handle. The CLR does sandbox the code to the extent that it is only granted Internet permissions, so it can't do everything the framework exposes. You'll have to check specific documentation for what can and can't be done in this security zone.

Some trade-offs:

Ease of Installation: ActiveX controls require you to pack everything up into a .CAB file with an .INI file that describes the installation requirements in a fairly cryptic manner. If you have to install additional dependencies with your modules (such as ATL/MFC dlls, or other third party modules) it gets pretty tricky. With the .net module, you just send it down with the right MIME type, but you have to make sure your users have the right version of the framework (which you can check via user agent string on your website).

Security: ActiveX controls are just native code running on the users system, so in theory they can do whatever they want. In practice LoRIE limits it in many cases and you have to do a bunch of special casing of things like Registry and File System access (see Understanding and Working in Protected Mode).

Threading: Since ActiveX controls run on the browsers UI thread, you have to make sure you don't do long blocking operations on that thread, so you have to do the threading yourself. If your long blocking operation manipulates the DOM, you have to Marshal the IHTMLxxx interfaces yourself, either using the GIT or COM Marshalling functions. I'm not sure if the .net applets run on the browsers UI thread or not, but it's easier to handle in C# I'm sure.

Browser Objects: If you want to use IE / Shell objects in your managed extension, you have to write the interop yourself most of the time since the Framework doesn't do a great job of wrapping those interfaces in managed objects. See http://pinvoke.net to get a little help getting started.

Compatibility: There are issues with hosting different versions of the runtime in the same process. Until recently it wasn't possible at all, but I think with the 3.x versions it has started to become possible to an extent. The upshot is if you target .net 2.0 and someone else already loaded .net 1.0 as part of their browser extension, you lose. In general IE and the Windows Shell don't support managed extensions. This .net app MIME filter stuff may be a notable exception, but be aware that there may be potential issues.

jeffamaphone
What does LoRIE stand for?
Rick Minerich
Low Rights IE. It is the stuff in IE7+ that runs IE in Low Integrity processes instead of the default integrity level. Also known as "Protected Mode IE". See http://msdn.microsoft.com/en-us/library/bb250462.aspx
jeffamaphone