architecture review
Hi all,
I want to have a web based intranet application(created using dotnet3) which needs to invoke
other custom windows applications residing on the client side(those will be exe) from
link given on my application's webpage .
i.e. Those external windows application links will be given on the my application's webpage and when client clicks on these links, the corresponding windows application residing on the client's system would be invoked.
Kindly let me know whether this architecture is OK from security aspect
and if all needed to be done in this way,what all needs to be done for achieving security in this case.
I hope i am able to clarify the proposed architecture.
kindly post whatever you make out from this posting based on your experience as
i have to give feedback on security of this architecture by EOD.
regards
The ability to launch local EXE files via a web page is a hacker's dream, which is why most web browsers go out of their way to make it difficult or impossible. You'll find a lot of struggles making your solution work as described.
-Ryan / Kardax
In general Ryan is right and it doesn't sound like a good idea
To be specific you need to analyze the security threats you are up against to get a final answer for example it might be acceptable if it is for a closed network where the system users are not considered a threat and you have other security measures to ensure outsiders don't have access to the network or system
Arnon
I agree with totally. I Don't see how you could do that, it would be a hackers dream and for security not such a good idea.
Even if you could launch an app from within a webpage, you'll need to find out in which machine you are (?) and which user is logged on (this is easier). And even if you have that you'll need to remotly launch an application. So to be short, not a good idea.
However you still have your problem.
You could build a custom win app which would invoke those applications. You could build services that read centrally managed databases on users and applications and that to invoke and execute locally. Or create a custom windows shell ...
I hope this helps,
Hans.
Hi,
Any thoughts on Smart client? or deeper solution would be to use citrix and using citrix's plug-in in asp.net
Makes sense?
I can't say I know enough about your situation to say that's the definite answer
but from what I do understand it sound like Citrix Presentation Server will give you what you want and depending on your security needs you may also need the Citrix Access Gateway
Arnon
rajwebdev is correct in what he is saying.We were also thinking about smart client but another idea which came was that intranet web application will be more suitable in this situation. Reason given is
1.It is easy to migrate from intranet web app model to asp(application service provider) model rather than using smart client.
2. It would require us to only update the site server raher than all site client while using smart client , when we want to push an update to the application
3. we can better use wpf and wpfe while usig web applications. it will give us all benefits of above two points.
What is view of people out here about this.
Cheers
1. Is correct although if the smart client is communicating to webservices, an ASP model is still possible.
2. Oneclick deployment will give you the ability to control the versions and updates of the software out there.
3. WPF I thought is for smart client applications where WPF/E will give you the web based approach you are talking about.
The question comes down to the following, how difficult is the logistics of deployment, what are the policies of the companies that will be using your application in an ASP model ? You will find that often many companies for better or worse have policies around using intranet based applications exclusively which is often driven from Infrastructures dislike for handling deployment.
Aslo do you need the interactivity of a windows client? Can the functionality you require be implemented to satisfaction using technologies such as AJAX? One thing to keep in mind is the cost of developing, while most things can be done on the web these days, it can take a lot more working round.
We have a web based application that I architected, this was done for the reason you mentioned in that our client planned to allow other companies to use the system in an outsourcing manner. This has taken some extra work (including the pain of using AJAX in CTP modes) but has been worth it as now many large organisations are willing to use this application as it requires no extra security holes for their companies desktops.
It sounds to me like you are trading a relatively simple problem (deployment) for a much harder problem with some sort of web app client hybrid or a Citrix solution.
ClickOnce is a very good deployment technology that takes much of the pain out of smart client deployments and would be a good alternative for your application.
However in my opinion I would not make the choice of web app vs. smart client primarily on deployment considerations alone. The primary concern is the user experience. Smart Clients or WPF apps provide for amazing user experiences with slightly more complex deployment. Of course you have to consider the client runtime environment (supported OS configurations, .NET runtime availability etc.).
Since you mentioned Application Service Providers (ASP) I can assume that at some point you are interested in providing "Software As A Service" or SaaS. While it is true that most SaaS applications today are web applications, there are many who are using a Smart Client + Web Services model with great success.
Consider - iTunes and Zune both of which use a Smart Client + Services on the backend. They use a Smart Client because of the richer user experience.
Bottom line: Do something simple - deployment is a problem that can be managed.
Hi thompson,
if the application will be used over intranet then i propose the following model but its old fashion...
you can Build ActiveX Document that can be hosted in the IE, and this ActiveX Document invoked .NET Windows Forms or what ever components, so it can be updated centrally from the server, and you can sign this component using Certificates ot any other things
Regards
