Discussion:
MDX Control in IE?
(too old to reply)
Jaret Brower
2005-05-23 17:41:11 UTC
Permalink
Is it possible to have a MDX9 UserControl in an ASP.NET Web Application?

I've tried to embed the control in the .aspx file using the <object> tag.
When the web app is running it finds the UserControl assembly but it seems
like it won't run any of the lines of code that have anything to do with MDX.

I have a label sitting in the control and this shows w/o a problem when I
have all MDX code commented out, as soon as I uncomment this code, I'm unable
to see anything (including the label). I get the little Icon with the
triangle/circle/square. Is this problem due to some sort of security?
Rhett Gong [MSFT]
2005-05-24 03:26:27 UTC
Permalink
Hi Jaret,
I am not sure what type of your MDX control is, but if you could use the
control in the winform application, to my experience, it should be a
security problem in aspnet. You may try "caspol.exe -e off" to turn off
.net security check and see if your control could run correctly. If yes,
then you need to configure your code security through .net configuration
tool.

In addition, here are some useful articles on using controls in explorer, I
think you may have interest to take a look.
#Host Secure, Lightweight Client-Side Controls in Microsoft Internet
Explorer
http://msdn.microsoft.com/msdn?mag/issues/02/01/UserCtrl/defa?ult.aspx

#Using Windows Forms Controls in Internet Explorer
http://samples.gotdotnet.com/quickstart/winforms/doc/WinFormsIeSourcing.aspx

#Embedded Windows User Controls into Internet Explorer ?
http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=187&print
er=t
http://msdn.microsoft.com/msdn?mag/issues/02/06/rich/default.?aspx

Thanks,
Rhett Gong [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp
&SD=msdn

This posting is provided "AS IS" with no warranties and confers no rights.
Zman
2005-05-24 05:51:14 UTC
Permalink
Rhett is correct - this won't work becuase of Code Access Security. For a
.Net control to host managed directX you need to grant it FullTrust. This is
not something you should ask end users to do, since it would enable you to
silenty do anything to their computer via a web page. [if you turned of CAS
with Rhett's command then turn it back on now otherwise you have opened up
your PC caspol -e on]

The problem here is that even if you configure your PC to trust a site or a
strong name you have to convince me to do the same and unless you are a big
coproration I'm unlikley to accept that. YOu might suggest sending me an MSI
to do the changes - that would be a bad thing to do too.

Bottom line its technically possible but unwise from a security posint of
view.
--
Zman (mailto:***@thezbuffer.com)
http://www.thezbuffer.com
News and Resources for Managed DirectX
Post by Rhett Gong [MSFT]
Hi Jaret,
I am not sure what type of your MDX control is, but if you could use the
control in the winform application, to my experience, it should be a
security problem in aspnet. You may try "caspol.exe -e off" to turn off
net security check and see if your control could run correctly. If yes,
then you need to configure your code security through .net configuration
tool.
In addition, here are some useful articles on using controls in explorer, I
think you may have interest to take a look.
#Host Secure, Lightweight Client-Side Controls in Microsoft Internet
Explorer
http://msdn.microsoft.com/msdn?mag/issues/02/01/UserCtrl/defa?ult.aspx
#Using Windows Forms Controls in Internet Explorer
http://samples.gotdotnet.com/quickstart/winforms/doc/WinFormsIeSourcing.aspx
#Embedded Windows User Controls into Internet Explorer ?
http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=187&print
er=t
http://msdn.microsoft.com/msdn?mag/issues/02/06/rich/default.?aspx
Thanks,
Rhett Gong [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp
&SD=msdn
This posting is provided "AS IS" with no warranties and confers no rights.
supoch14
2008-08-22 19:23:02 UTC
Permalink
Post by Zman
Rhett is correct - this won't work becuase of Code Access Security. For a
..Net control to host managed directX you need to grant it FullTrust. This is
not something you should ask end users to do, since it would enable you to
silenty do anything to their computer via a web page. [if you turned of CAS
with Rhett's command then turn it back on now otherwise you have opened up
your PC caspol -e on]
The problem here is that even if you configure your PC to trust a site or a
strong name you have to convince me to do the same and unless you are a big
coproration I'm unlikley to accept that. YOu might suggest sending me an MSI
to do the changes - that would be a bad thing to do too.
Bottom line its technically possible but unwise from a security posint of
view.
--
http://www.thezbuffer.com
News and Resources for Managed DirectX
Post by Rhett Gong [MSFT]
Hi Jaret,
I am not sure what type of your MDX control is, but if you could use the
control in the winform application, to my experience, it should be a
security problem in aspnet. You may try "caspol.exe -e off" to turn off
net security check and see if your control could run correctly. If yes,
then you need to configure your code security through .net configuration
tool.
In addition, here are some useful articles on using controls in explorer, I
think you may have interest to take a look.
#Host Secure, Lightweight Client-Side Controls in Microsoft Internet
Explorer
http://msdn.microsoft.com/msdn?mag/issues/02/01/UserCtrl/defa?ult.aspx
#Using Windows Forms Controls in Internet Explorer
http://samples.gotdotnet.com/quickstart/winforms/doc/WinFormsIeSourcing.aspx
#Embedded Windows User Controls into Internet Explorer ?
http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=187&print
er=t
http://msdn.microsoft.com/msdn?mag/issues/02/06/rich/default.?aspx
Thanks,
Rhett Gong [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp
&SD=msdn
This posting is provided "AS IS" with no warranties and confers no rights.
supoch14
2008-08-22 19:22:04 UTC
Permalink
Post by Rhett Gong [MSFT]
Hi Jaret,
I am not sure what type of your MDX control is, but if you could use the
control in the winform application, to my experience, it should be a
security problem in aspnet. You may try "caspol.exe -e off" to turn off
.net security check and see if your control could run correctly. If yes,
then you need to configure your code security through .net configuration
tool.
In addition, here are some useful articles on using controls in explorer, I
think you may have interest to take a look.
#Host Secure, Lightweight Client-Side Controls in Microsoft Internet
Explorer
http://msdn.microsoft.com/msdn?mag/issues/02/01/UserCtrl/defa?ult.aspx
#Using Windows Forms Controls in Internet Explorer
http://samples.gotdotnet.com/quickstart/winforms/doc/WinFormsIeSourcing.aspx
#Embedded Windows User Controls into Internet Explorer ?
http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=187&print
er=t
http://msdn.microsoft.com/msdn?mag/issues/02/06/rich/default.?aspx
Thanks,
Rhett Gong [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp
&SD=msdn
This posting is provided "AS IS" with no warranties and confers no rights.
supoch14
2008-08-22 19:21:01 UTC
Permalink
Post by Jaret Brower
Is it possible to have a MDX9 UserControl in an ASP.NET Web Application?
I've tried to embed the control in the .aspx file using the <object> tag.
When the web app is running it finds the UserControl assembly but it seems
like it won't run any of the lines of code that have anything to do with MDX.
I have a label sitting in the control and this shows w/o a problem when I
have all MDX code commented out, as soon as I uncomment this code, I'm unable
to see anything (including the label). I get the little Icon with the
triangle/circle/square. Is this problem due to some sort of security?
Loading...