Thanks for the responses from everyone. I appreciate you taking the time to respond. I have a few quick follow up questions and points that I would like to get some opinions on, and I have commented on the 3 or 4 responses below.
Thanks for your time. Best regards, Jon >>You need to educate your customer about web application security. In >>particular, the reason why accessing the local drive in the way you want >>is not allowed is to avoid a web site clandestinely (sic) reading your >>private data. As Brad said, you need a client-side native component that >>is privileged to read the local disk to do what you want. They are very educated, as they are a .Net software development company with a great deal of Windows and Web experience. This app just falls into an odd niche that they do not have any experience with, mainly Windows CE apps interfacing with WebServices. This is an odd application that they have no experience with and asked me if I could do this. I told them that I also had no knowledge of being able to do this and knew of no one that had done this as there are security issues to consider. I did tell them that a client app would be the solution, but they wanted to consider the possibility of working around that for this particular application due to their customers requirements. I understand that it would be a hole for any virus or malicious code to attack. What I was hoping is that there was some way to register the site in the firewall, Windows, host file, etc. to allow this process to run. Also, this is all within a LAN so some security vulnerabilities are acceptable to the client within the LAN itself. >>You will need to convince the user to download and install some native >>code (ActiveX control, plugin, etc.) that can do the work. I think that the best option is certainly a Windows Smart client or service app accessing a WebService over the LAN connection. That is what I suggested to the client. They asked me to research the option of not having a client application since it is all within the LAN. I certainly have never written anything like that and I simply told them that it is probably possible, but there are reasons that no one does this stuff. Their example was Windows Update, but that example fails because Windows is certainly a client app installed on the client machine. My preference would be a service app. Does WinCE support service applications? I have written many .Net Windows Service applications, but not for WinCE. In the list of possible project types, they list: Device, Control, Class, Console. I do not see anything for a service. Is this possible? There are obviously services running in WinCE, but it doesnt look like .Net supports this type of project. >>Most firewalls and internet proxies block activities such as a program >>reading a client directory on a PC from a website or writing to a client >>machine. With a service oriented architecture the website replaces the >>application that previously downloaded to the client machine. That's only an issue if you are outside the firewall and proxy. Running Windows CE with the server being within the LAN, seems to offer this client the possibility of making something like this possible. I'm not saying that it's a good idea, but it does seem possible. I do not want to simply throughout their idea and I want to take a close look and answer the questions and concerns honestly. That's why I'm letting you know why they are considering this as a possibility. -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Bob Uva Sent: Sunday, November 26, 2006 12:00 PM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: Re: [ADVANCED-DOTNET] WebForm Access to Local PC To elaborate a little on Brad's comment, You need to educate your customer about web application security. In particular, the reason why accessing the local drive in the way you want is not allowed is to avoid a web site clandestinely (sic) reading your private data. As Brad said, you need a client-side native component that is privileged to read the local disk to do what you want. Although I haven't written any real smart-clients, I would suggest you try to convince your client that such a program would be seamless and would be able to run as a Windows CE app as well. You could set it up so that it is a pretty dumb client as well -- just monitors a directory location for files of a particular type, does some validation on the file (e.g., makes sure it is actually a Word file) and then uploads it and it only. It should also log whatever it does so that you have an audit trail to show your client. Bob -------------- Original message ---------------------- From: Brad Wilson <[EMAIL PROTECTED]> > With pure DHTML, you cannot do what you want. > > You will need to convince the user to download and install some native code > (ActiveX control, plugin, etc.) that can do the work. > > On 11/25/06, Jon Rothlander <[EMAIL PROTECTED]> wrote: > > > > Does anyone know of any articles, websites, examples, etc. that detail how > > to have a webpage spawn an upload process on a client machine (much like > > windows update does but as an upload and not a download) which will check > > for files on the client system and upload them as needed to the server? > > > > The idea is for the client to just hit the website and the website will > > fire > > off a process to pull files off the client machine. I figure that I could > > do this via a client service app interfacing with a webservice, but I was > > hoping that there's an easy way to handle this without a local application > > on the client. > > > > That's what's making this a little hard to think through... no client > > application. I want the user to hit a webpage and then have a process > > fired > > that scans the client machine (a specific directory) for files. If they > > are > > there, I want the process to copy the file (or maybe just the data within) > > up to the server. Then the server application will open the file and > > process the data into the database. > > > > What I am trying to do is to remove a manual upload process that the user > > has to perform. What they do is use a Word template and enter data. Then > > they email the Word document to another user that enters/copies the data > > into the server database. What I want to do is to create a process where > > they create the Word document and save it in a given directory and then > > hit > > a webpage for uploading. The webpage scans the user's machine and uploads > > any files it finds. Then a service app parses the Word document and > > updates > > the database. > > > > If anyone has some ideas or suggestions, please let me know. I'm pretty > > sure I can get this to work but the architecture is a little odd and I am > > not sure if there are better ways to handle this. > > > > I have considered that security may be an issue and I need to think that > > through. I have also considered that if I did write a client app, that I > > could create some sort of smart client that would auto-updated the client > > app as new versions are released. I'm trying to avoid that if I can, as > > the > > client has some concerns about his customers and a client application > > running on their machine. I think a web-based version would be a much > > better fit, if there are not significant issues in regards to doing this. > > Another option would be to create a service app for the client machine > > that > > monitors a given directory. Then when files are added to the directory, > > the > > service app would parse the data and hit a webservice to update the > > server's > > database. I'm not sure about that either, as the client wants to have the > > ability to run this on a PDA as well. Are there any concerns about > > writing > > .Net Windows Services for mobile apps? > > > > Any information or suggestions would be very much appreciated. If there > > is > > a much easier way to handle this, I am open to ideas. > > > > Best regards, > > Jon > > > > =================================== > > This list is hosted by DevelopMentor(r) http://www.develop.com > > > > View archives and manage your subscription(s) at > > http://discuss.develop.com > > > > > > -- > Brad Wilson > http://www.agileprogrammer.com/dotnetguy/ > http://www.flickr.com/photos/dotnetguy/ > > "If programmers got paid to remove code from software instead of writing new > code, software would be a whole lot better." > - Nicholas Negroponte > > =================================== > This list is hosted by DevelopMentor� http://www.develop.com > > View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
