I have created an MSI / exe file using Visual Studio Installer. I want to run this installer from a web browser.
The purpose for doing this is that one of my client wants to perform a digital signature, the private key token of which is stored in the USB attached to the client machine.
As the USB can't be accessed from the browser due to security reasons (restricted access), I am trying to create a windows form installer app, which opens from any browser application (made in say MVC etc.), accesses the private key, and returns the encrypted string back to the browser from the windows app.
So my primary questions are:
1.) How to run the installer from the web browser. If installer already installed, how to check for newer versions?
2.) How to pass a string from web app to the windows form app
3.) How to return the modified string from windows form app back to the same web browser application
So any suggestions / recommendations / approach you can guide me through.
Thanks In Advance!!!..
There is a way to make it work.
Let's say you created a windows application for the clients and the name of the application is "AwesomeApp"
If you want to launch the application from the browser then you need to write an HTML href tag like this
<a href="AwesomeApp://<input arguments>" role="button" class="btn btn-primary">
Launch AwesomeApp</a>
When a user clicks on this button, the browser is going to ask to open your application. If the user clicks on "yes" then your application will be launched with input arguments
Now let's move to another part of the problem, how can you open a browser from your windows application
Definitely, you cannot talk back to the same tab that you opened in the browser. What you can do is that you can launch the browser with a specific string appended with your main Url.
Launching browser totally depends on what language you are using to develop windows application.
I guess you will be able to achieve what you wanted from this.
Related
Can someone please help me why the button "Allow" in the screen below is disabled? WE are using a Delphi application in order to have user single sign on with google using the TWebBrowser built in delphi to start the process. Here is what our payload looks like: (Is there a way to bypass this check? maybe send other parameters to the url request? or other ideas how can we authenticate google using the client_id..etc. )
We have been reading similar posts in Stackoverflow, but no solutions.
Thanks
https://accounts.google.com/o/oauth2/auth?
client_id=1000217514248-pqeu5oqj3easr************************&
redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob
&response_type=code&
state=995F6663-D8FE-4***************&
scope=openid+email
&code_challenge=0C336C62-1B4E-49F7-*************&
login_hint=test%40test.be
&hd=test.be&
as=S-737348098%3A1615472*****6&flowName=GeneralOAuthFlow
You need to make sure that you are opening the browser window on the users installed browser.
You cant open the consent screen from any type of embeded browser or iframe . You need to open a new window in the users installed browser
I had that same problem before. Google is detecting an old and insecure browser and will not allow the authorization to proceed.
I ended up creating a TCustomAuthenticator descendent class for this. This should work on older versions of Delphi.
It implements a OAuth2 Authenticator:
Allows authorization via externel browser
Uses PKCE flow for added security
Generates new tokens when they expire (using the refresh token)
In the repository there's a Demo app too.
Feel free to use it if you like:
https://github.com/imperyal/delphi-google-oauth2
We stopped using embedded browsers...we used the common Google services in order to have the pop up from default browser in order to login. The current DELPHI version uses Internet Explorer 11 as internal browser, i believe that New versions of delphi have Edge as internal browser which this will not have the disabled button on.
When I use a service used for online authentication, I get an url to navigate to that will automatically open an app that is used for the passcode input.
The url is in this format:
bankid:///?autostarttoken=2a1b5e2c-c9fb-4402-1239-2a1619d655e9&redirect=null
The navigation to this kind of urls do only make sense on a mobile unit where a certain app is installed.
Nevertheless, desktop browsers (not everyone) also try to navigate to such an url, like it would ever be possible. That of course results in an error page.
Why do they do that?
Do I need to use a hidden form?
Will every mobile unit honor that?
The custom URL scheme is used to be able to start an application locally, in this case the BankID client which handles the 2FA.
This works nicely on both mobile and desktop, as long as the custom url scheme is registered. AFAIK for mobile, if the URL scheme is not registered locally, it will query the appstore and let the user install from there. The BankID is available for both iPhone and Android in the appstore. On Windows it also query the appstore, but the BankID client is not available as Windows App, so it has to be installed manually from https://install.bankid.com. On Mac I have no idea if it queries the app store, but I know it has to be installed manually from https://install.bankid.com
Android, iPhone, Windows Phone, Windows mobile, Windows XP and later, MacOSX all honors the custom URL scheme but it also need to be honored by the browser, which all the major browsers do.
Historically, before mobile, we used to start programs using the NSS plugin support in the browsers. NSS plugin support was removed by the browsers since it was easy to mis-use from a security point of view.
That's why the custom URL schemes are used.
As you can read about in the BankID relying party guidelines, there is a transition to use https://app.bankid.com links to start the client instead. Basically, that's just a custom url scheme similar to bankid:// but registers both protocol (https://) and host (app.bankid.com), which then starts the app. This has the added benefit that if a user who hasn't got the client installed and is not able to find the client via a appstore or similar, will get the web site available, which then can help the user to install the client.
As the idea of an applink is to let the user navigate to the website if the URL is not registered locally, don't hide the navigation.
I've deployed an app to the IIS(and it works) and now I need to upload files to it. On Visual Studio I can upload files by running it with the admin role, but once published, it says that: "ASP.NET is not authorized to access the requested resource".
Anyone knows how to fix it?
Can you check the application pools for .Net Framework associated with the classic or integrated mode. if it is classic mode means, you have to change the integrated mode, then restart the IIS server. After successfully restarted IIS server, you can run the application now.
Step:
Go to application deployed folder location in Windows Explorer
Right click the main folder or specific folder or file, and then click Properties.
In the Properties dialog box, click the Security tab.
On the Security tab, you can see the list of users. If the Network Service account or ASP.NET account is not listed, add it.
In the Properties dialog box, click the Edit of Network Service or ASP.NET user name, and in the Permissions for NETWORK SERVICE section, select the Read, Write, and Modify permissions.
Click Apply, and then click OK.
you can see the screen by screen step following link
http://www.banmanpro.com/support2/permissions.asp
Edit:
Here's the screenshoot.
After I installed my APP in Google Chrome, I noticed that if I open the Store in Safari, It show a Install the APP page in my Iframe. I don't want my clients to see that Installation Process. If someone Installed the APP in the Store, I want to check if the Store has Installed the APP and show the Iframe without authentication.
The Iframe query the Price of the Product with Heroku to another API. I use Rails, as shown in the 5 minute APP.
See this image showing the message:
and this one without (desired):
If an iframe works (your information is scrictly informational) then its src attribute should be to a root relative proxy url. The application proxy can return liquid that Shopify will interpret for you.
I am in the process of creating an iOS app with Phonegap and jQuery, however, I am running into issues trying to allow both iFrames (to load normally) and external URLs (to open in Safari). I decided to choose the path of using iframes as I was not able to send POST and open the resulting page in Safari (i was trying to create a mobile friendly login window that opens to the full site in safari).
I recently updated to v1.5 hoping to resolve the issue, but it still occurs.
I have tried the trick "[url scheme] isEqualToString:#"http"...." however this forces any page in the iframe to load in safari.
So, I would like either to have external URLs and iframes to behave just like it does in a Webapp (add to homescreen button on iOS) or be able to send POST to Safari?
Has anyone got ideas? :)
Thanks!
You could change tactic slightly and login fully using your app, but then create an authentication token which would be passed via a standard link to be opened in safari.
You could generate the token new each time. Tokens are a valid system for access.