I am attempting to write a small, lightweight client, using vb.net winforms, that can install without needing elevated privileges. Before I ask my questions, let me give you a bit of an idea of what it is supposed to do.
The app will start when Windows loads, set like this from the install, with a system/notification tray icon that can be clicked on to load up specific functionality. The application install from a website, or possibly a file share, haven't quite decided yet. This client will initially request user credentials for one of our web programs, and it will talk to an already built web service to determine what functionalities of our services they have licensed access to. After this, credentials will be encrypted and saved to the users pc locally. Every five minutes, the client will pass the credentials to the websites they have access to and check to see the status of jobs that are being processed, and download available reports if needed.
So, here is what I am trying to understand. If I configure this app as a ClickOnce application, once it installs from the url or shared drive, the user will not need to do anything else, correct? Or do they have to visit that url every time they boot up to reinstall/run the client?
Another thing, I wanted to get some opinions on the best ways to do some of the things this app will be doing. I have a good idea of where I am going with it, but I have no idea of which solution to go with yet.
For instance, what is the best way to store user passed credentials on their system for a "remember me"?
Also, is the best way to have the client install with automatically starting on windows startup to configure it to create a shortcut of itself in the windows startup folder?
I am trying to keep this as lightweight as possible, and using a very small GUI, so it shouldn't be too intrusive, so any ideas on how to ensure that, while keeping it from needing admin privs to install, will also help.
If I configure this app as a ClickOnce application, once it installs
from the url or shared drive, the user will not need to do anything
else, correct? Or do they have to visit that url every time they boot
up to reinstall/run the client?
Well if they need to reinstall it, they would have to download the setup.exe file again, but why would users need to do that? CilckOnce supports automatic updates. Visiting url is certainly not needed for running the program.
what is the best way to store user passed credentials on their system
for a "remember me"?
Probably storing them as application settings. Haven't used visual studio 2012, but in visual studio 2010 you have to right-click on project in solutions explorer, go to project propeties and then create variables in Settings tab. Then you can access those variables in code using My.Settings.variableName. Not sure about security though, if you need any.
As for privileges, I think you just need a privilege to install a program. Maybe you should publish a primitive clickOnce application and experiment with it and that will answer all your other questions about clickOnce.
Related
Currently I am working on the development of CATIA by C++ and Automation Interface. Everything is based on local environment of every client machine. After updating our program, clients have to deploy it manually after receiving the updated one.
We are considering if there is a way we could put our program on the server, and we assign the authorizations to the specific clients to access it. They still need install CATIA in their local machine, but our customization programs are on the website.
Our program is based on COM component, so this is a priority.
Any feasible idea?
Thanks in advance.
I'm developing programs for Catia too (VB .NET) and there might be a solution to use webbrowser to manage the programs but I'm unable to help with that :)
Instead what I use is selfdeveloped feature which updates the tools exe files on client from network storage or FTP.
Think of it as algorithm which searches certain folders or storage and decides if the program should update itself and lets the user know. Then you run the updater which is not part of the tool (separate program) and he make the changes on the main exe (copy files, config, remove add etc.)
This way you don't have to take care of the deployment and the user only clicks the update. That's it :)
I am working on customizing the oracle service cloud customer portal, but since OSvC provides only WebDAV to connect to it. It is very time-consuming to edit files and then upload them to WebDAV even for a single word change.
I am looking for a solution to serve it locally make desired changes and then upload the desired code to webDEV.
But after searching the file structure I can not make which framework it uses, I tried to use websites like https://builtwith.com/ and WhatRuns but they are also not able to find anything useful.
Although after searching in the file structure, I find some files of CodeIgnitor but the structure is way more different than the CodeIgnitor folder structure.
The short answer is no, you will not be able to run Customer Portal locally. While it is a fork of CodeIgniter from many years ago, there are server-side dependencies that will prevent you from running it in a local sandbox.
That said, it is possible to automate many of the manual tasks of interacting with WebDAV for change testing. If you edit locally, then you can use scripting hooks or event RPA robots to automate some of the manual file movement. Personally I have a flow to edit remotely in my test environment with an editor (like VSCode or Nova) that can connect to a remote server via WebDAV and edit files directly in the development area of a site. Then, when finished, I have a script that pulls down the latest version of all files and then allows me to commit changes to Git for SCM.
Another option is RPA. You can develop a robot that can be run to automate the manual tasks that you face in your workflow. Personally, I think that scripting is a better solution than RPA since you can automate all of the actions via scripting or a shell. But, it's another option to consider.
Another way of "Live editing" the OSvC CP code is to connect to WebDav via a software that supports it like Mountain Duck which uploads your code to OSvC on save.
OR use the better solution Windows Explorer which supports connecting to WebDav and treating it like a network drive, by going on My Computer -> Computer -> Map Network Drive then put https://yoursite.custhelp.com/dav/cp click Next then you'll be promoted to login using your OSvC login.
I am a novice so please help me a bit.
I am using Flex Builder 4.6 to make a desktop app, I want to make people login before they can access the app, I want them to login with the same user info they use on my wordpress site, The database is hosted via godaddy and i have all the phpmyadmin information. I have googled and googled but I am either not doing the right set of words or this isn't possible because I cant find any examples on how to do this.
right now its a blank app with a username and password text input along with a button to login.
I'm afraid that you can't do this directly and would need to leverage Java (or similar) such as using a server application.
I've never seen or heard of anyone doing this directly via AIR. I suppose it's theoretically possible, albeit not trivial.
Edit:
Thinking about it...this would probably be a kludgy/hacky solution, you could try leveraging Java directly from the users PC by packaging a Java "service utility" with your overall install process, which would interface with your AIR Flex app. They'd need to have Java installed, and additional firewall permissions could be a pain.
You'd need to use NativeProcess.
developed a win. form vb.net db app that uses an access.accdb backend. I am struggling to find the best deployment strategy. In the past, I have distributed the .exe and access.accdb from the /bin/debug folder. This works, but Im not sure if it's the best method.
this db app. will be used by 5-10 ppl, non-simultaneous
my current plan is to put the .exe and access.accdb on a network share drive, users will launch from network share
users do not have admin privs, the computers have strict security settings
I have noticed that when launching the .exe from network share, you get the unknown publisher warning; this message does not appear when launching from local drive. Due to users security restrictions, I know that simply hitting 'continue/run' on the publisher warning is NOT an option. There is no 'continue/run' button.
So, I assume I have to buy a code signing cert and strong name sign the assembly?
I also read here http://msdn.microsoft.com/en-us/library/142dbbz4%28v=vs.80%29.aspx that clickonce deployment does not require admin privs, and can be launched from network share and ran from cache.
In this case, I buy Authenticode cert and sign the clickonce manifest?
Any advice?
edit
I left out a key function of the app that will affect deployment.
Users can select files and upload them. The basePath/filename is stored in the db. uploading and retrieving the file via openFileDialog and datagridview.cellContentClick is all relative to where the .exe is launched from (application.startupPath). I didn't want to hard code full paths into the db, because I'm sure it will be moved, (both app and files) over time to a new location.
ClickOnce deployment is the way to go here.
You do not have to buy anything, you can self sign your assembly with a strong name.
This should be fine for an internal application
My company produces a cross-platform server application which loads its configuration from user-editable configuration files. On Windows, config file ACLs are locked down by our Setup program to allow reading by all users but restrict editing to Administrators and Local System only.
Unfortunately, on Windows Server 2008, even local administrators no longer have admin privileges (because of UAC) unless they're running an elevated app. This has caused complaints from users who cannot use their favorite text editor to open and save config files changes-- they can open the files (since anyone can read) but can't save.
Anyone have recommendations for what we can do (if anything) in our app's Setup to make editing easier for admins on Windows Server 2008?
Related questions: if a Windows Server 2008 admin wants to edit an admins-only config file, how does he normally do it? Is he forced to use a text editor which is smart enough to auto-elevate when elevation is needed, like Windows Explorer does in response to access denied errors? Does he launch the editor from an elevated command-prompt window? Something else?
In my opinion an administrator that doesn't manage to right-click notepad and select "run as administrator" shouldn't be an administrator, but well... in real life there are such administrators around.
UAC works by disabling the administrator group SID from the user's security token, until you run a program with elevated priviliges. When running in non-elevated mode there is unfortunately no way to utilize the administrative rights.
One workaround, which unfortunately requires a non-trivial amount of work could be to:
Create a custom file name suffix for your config file.
Create a small application which is registered as the handler for that config file.
Mark the small application as requiring elevated priviliges (you can do this as you are creating a new application).
The only thing that the small application should do is to locate the registered handler for .txt file in the registry and then use it to open the file - with elevated priviliges.
This isn't complicated for admins worth their salt. Open the text editor elevated, open file, save, done. Most people who edit configuration files are used to the ritual now. Unix people do this reflexively (with sudo); it's only difficult on Windows because it's still slightly unfamiliar territory for some users.
Realistically, they'd have the same problem if it were an HKLM registry setting, except they'd have to elevate regedit or Powershell or whatever they normally use to edit registry settings.
If they can't figure it out, they could choose to disable UAC entirely, or turn it down a notch or two, but I suspect if they can't figure out how to open an editor elevated this will create more problems than it will solve.
You should have to think before making big changes to system-wide config files. The UAC elevation is just enough thinking that it should give you pause if you didn't mean to make a system-wide change.
If it weren't a service, you could use %USERPROFILE% to store configuration settings, but generally, services run under a different user credential than the sysadmin's normal account.
Dotnet applications could choose to store information to the folder returned by Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData); people may need elevation to write to that folder outside your service, but if they don't like your admin UI and they do like their text editor, it's the same as the original problem: they just need to learn how to use UAC.
For the second question: for a quick solution i add notepad to the windows shortcut bar, right click, run as administrator, open the file, make the changes and save it.
We moved all of our app setting to the database.
See my blog post here. You can easily see how you can create a web page to edit that and have all of the permissions live in the web application.