In the past, Web developers often used ActiveX controls to provide rich client-side functionality in their Web applications. Now developers can easily build objects using the Microsoft .NET Framework that are more compact, lightweight, secure and can be hosted within Internet Explorer. By hosting .NET Windows Forms controls in Internet Explorer, developers can accomplish many client-side Web development goals. In this article, we will understand how to create Windows Forms controls and deploy them within Internet Explorer. While using Windows Forms controls from within IE, we will also demonstrate how to provide rich user experience in the client side by invoking a remote Web service from the Windows Forms control. Along the way, we will also understand how to take advantage of the .NET Security Model to provide a seamless secured execution environment for our control.
If you have developed Web applications using Java based languages, you are familiar with Java applets. Java applets are small programs that are basically designed to run in a Web browser. Java applets are executed when the browser loads an HTML document that contains the applet tag. Windows Forms within Web pages work in a manner similar to Java applets. In this approach, you create Windows Forms controls using the rich classes supplied by the Windows Forms technology and then deploy the control in a Web page. When the browser loads the Web page, it also executes the code contained in the Windows Forms control. This could be very useful on an Intranet or Extranet application scenario where you need to deploy an enterprise-wide application that requires dynamic rich user experience as provided by a fat-client application. This model is based on the same deployment and maintainability characteristics of a thin client n-tier application.
One of the great features of .NET is the seamless integration it provides with Internet Explorer. For example, we can activate a Windows Forms control from IE without even prompting the user. This is accomplished without having to do any registration while still utilizing all the features of Code Access Security provided by the .NET CLR.
When you build Windows Forms controls, you have all the features provided by the Windows Forms class hierarchy. For example, you can use Windows Forms control validation techniques to perform extensive validation on the input data entered by the user. Similarly, you can even invoke a remote Web service from your forms control. By using all of these techniques, you can create rich, powerful, dynamic state-of-the-art applications using the .NET platform.
In this section, we will see how to create a simple Windows Forms control and host it in Internet Explorer. The following list describes five steps to activate a Windows Forms control within IE.
Create a Windows Forms control
Create an HTML document with an object tag that identifies the Windows Forms control
Configure the virtual directory for proper activation of the control
Configure Code Access Permissions
Run the control
Now we will look at each of the above steps in detail.
Create a Windows Forms Control
In this step, we will create a simple Windows Forms control. This control basically displays a "Hello World" message to the users. We will start by creating a new Visual C# Windows Control Library project named HelloWorldControl as shown in the following screenshot.
Once the project is created, we will rename the default user control to HelloWorldCtl. To the user control, we will add a label control named lblMessage and a button named btnClick. When the user clicks the button, we will execute the following code to display a simple message to the user.
Now that we have created the control, let us compile the project and create the assembly.
Create an HTML Page
In this step, we will create an HTML document and insert an object tag that is used to activate the Windows Forms control. The HTML page looks like the following.
In the classid attribute of the object tag, we specify the path to the control library assembly and the fully qualified name of the control. This fully qualified name of the control includes the namespace as well as the name of the control class. As you can see from the above code, the assembly and the fully qualified name of the control are separated by # sign. The combination of these two parameters serves as the unique identifier to identify the control. It is also possible to write client side script against the control since it is identified by the unique id named HelloWorldControl1.
Configure the Virtual Directory
Now that we have created the HTML page, let us create a new virtual directory named HelloWorldControlHost and add both the control (HelloWorldControl.dll) and the HTML document (HelloWorld.htm). While configuring the virtual directory, it is important to set the execution permissions on the virtual directory to Scripts. The control will not be properly activated if the execution permissions are set to Scripts & Executables. You can verify this by opening up the Properties window for your virtual directory as shown below.
Configuration of Code Access Permissions
If your control is from an intranet site, it will execute correctly. But if you want to run the control from an Internet site, you then need to configure Internet Explorer or alter security policy to allow it to run. You can do this by identifying your hosting page as belonging to the Trusted zone. To set your site as part of the Trusted zone, from IE choose Tools->Options->Security->Trusted Sites and then add your site to the list and then click OK. Next time, when you browse to that page, it will execute properly, since you have already set the Internet permissions.
Run the Control
To run the control, just navigate to the HTML page that hosts the control from the browser. In the displayed HTML page, if you click on the Click Here command button, the control displays a Hello World message as shown in the following screenshot.
In this example, we looked at how to create a simple Windows Forms control and host it in Internet Explorer. In the next section, we will see how to access a Web service directly from the client machine using a Windows Forms control.
Accessing the Web Service from the Windows Forms Control
One of the main advantages of Windows Forms control is that it allows you to bring a rich user experience to the client machine. For example, you can access a Web service directly from the client machine and display the results to the user without even refreshing the page. To demonstrate this, we will first create a Web service and then show how to invoke the Web service from the Windows Forms control.
Creation of Web Service
To start with, we will create a Visual C# ASP.NET Web service named AuthorsWebService as shown below.
Once the Web service is created, we will change the name of the Web service class to AuthorsService. After that, we will add a new method named GetAuthors to the AuthorsService class. The GetAuthors method looks like the following.
[WebMethod]
public DataSet GetAuthors()
{
//Get the connection string from the configuration file
string connString = System.Configuration.ConfigurationSettings.AppSettings["connectionString"];
SqlConnection sqlConn = new SqlConnection(connString);
DataSet dstAuthors = new DataSet("Authors");
SqlDataAdapter adapter = new SqlDataAdapter("Select * from Authors",sqlConn);
//Fill the Dataset with the results of the executed query
adapter.Fill(dstAuthors,"Author");
//Close and dispose the opened database connection
sqlConn.Close();
sqlConn.Dispose();
//Return the Authors Dataset to the caller
return dstAuthors;
}
The code for the GetAuthors method is straightforward. We start off by retrieving the connection string from the web.config file. The connection string is stored in the appSettings section of the web.config file.
Then we create an instance of SqlConnection object passing in the connection string as an argument. After that, we create an instance of the SqlDataAdapter object and supply the query to be executed and the SqlConnection object as arguments. Then we invoke the Fill method of SqlDataAdapter object to execute the query and fill the DataSet with the results. Finally, we release all the resources and return the DataSet to the callers of the Web service. Now that the Web service is created, you are ready to start creating the client application for the Web service.
Creation of Windows Forms Control That Acts as the Web Service Client
In our case, since we want to invoke the Web service from the Windows Forms control, we will create a new Visual C# Control Library project named AuthorsWebServiceClientControl.
Once the project is created, we will rename the default user control to AuthorsControl. To the user control, we will add a DataGrid named gridAuthors and a command button named btnClick. In the click event of the command button, we will write code to invoke the Web service. Before that, we will add reference to the Web service using Add Web Reference option in Visual Studio .NET. In the Add Web Reference dialog box, we will type in the location of our Web service and press Enter. Then we click on Add Reference button to add the reference to the Web service. This basically creates the proxy for the Authors Web service.
Now that the proxy is created, we are ready to add code to invoke the Web service. We do this in the click event of the command button that we added earlier.
In the above lines of code, we create an instance of the Web service proxy class and then invoke the GetAuthors method. We assign the DataSet that is returned from the Web service to the DataSource property of the DataGrid control. Now compile the project to create an assembly, which we can deploy to the virtual directory.
Creation of HTML page and Virtual Directory
In this step, we will create an HTML page that hosts the AuthorsWebServiceClientControl that we created earlier. The code for the HTML page looks like the following.
Now that we have created the HTML page, we need to create a virtual directory that can be used to host the HTML page as well as the control. Once the virtual directory is created, copy over the HTML page and the control to the physical folder that is mapped to the virtual directory. Now you can test the control by navigating to the HTML page that we created earlier. In the HTML page, you will see a command button that is part of the forms control. If you click on the command button, it will invoke the Web service from the client browser and display the results of the Web service in a DataGrid. The output from the HTML page looks like the following.
Debugging the Windows Forms Control
To debug the control, you need to perform the following steps.
Open up the browser and make a request to the HTML page.
Bring up Visual Studio.NET and choose Tools->Debug Processes from the menu to display the following dialog box.
In the Processes dialog box, select IEXPLORE.EXE and click Attach button. When you click on Attach, it brings up the following dialog box in which you are prompted to choose the program types that you want to debug. In this dialog box, make sure Common Language Runtime is checked in the list. Then Click on OK.
Clicking on OK in the above dialog box brings you back to the Processes dialog box again where you just need to click Close.
Open up the User Control file AuthorsWebServiceClientControl.cs from the File->Open->File menu. And set breakpoints in the click event of the command button.
Go back to the browser and click on the command button. When you do that, you will automatically hit the breakpoint that you have already set up in your control. Once you hit the breakpoint, you can then debug your code using all of the features of Visual Studio .NET. This is shown in the following screenshot.
Code Access Permissions and Windows Forms Controls
As we have already discussed, when the control executes in IE, it utilizes the code access permissions provided by the .NET runtime. To understand how forms controls running in IE work with the code access security provided by the .NET runtime, let us go ahead and add a few lines of code to our Authors forms control and create a new event log source. After modification, the load event of the control looks like the following.
In the above lines of code, we check for the existence of an EventLog source named TestSource. If the event source does not exist, we create one. Otherwise we delete the existing event source and create a new event source from scratch. As you might expect, performing this kind of operation requires more privileges, and the controls downloaded from the Internet should not be allowed to perform this kind of operation. To validate this, copy the output of the control to the virtual directory. After copying the output of the control to the virtual directory, if you navigate to the HTML page that hosts the control in the browser, you will see the following dialog.
The above dialog box clearly shows that the code in our control is clearly restricted by the code access security of the .NET runtime.
Putting It All Together
However before using Windows Forms controls in IE, you need to be aware of the benefits and limitations. The main benefits include:
The ability to deliver dynamic rich user experience through the Web
Automatic caching of compiled code on the client
Seamless integration with .NET Code Access Security that allows you to leverage the .NET security model from within the client side
Improved performance over Java applets
The constraints include:
It requires Windows operating system on the client side
Internet Explorer 6.0 is the only browser that provides support for this type of hosting
It requires .NET runtime to be installed on the client machine.
It also requires Windows 2000 and IIS 5.0 or above on the server side
Due to all of the above constraints, it might be beneficial to detect the capabilities of the client machine and then deliver content that is appropriate to them. For example, since forms controls hosted in IE require the presence of the .NET runtime on the client machine, we can write code to check if the client machine has the .NET runtime installed. You can do this by checking the value of the Request.Browser.ClrVersion property. If the client machine has .NET installed, this property will return the version number; otherwise it will return 0.0.
Conclusion
In this article, we have discussed how to host Windows Forms controls in IE and demonstrated the steps to be followed for debugging the control. We have also seen how to utilize the .NET Code Access Security to configure what the control can do when running within Internet Explorer.
Even though this technology requires the presence of platform specific elements in the client machine, it holds a lot of promise, especially when you consider the fact that future versions of Windows operating systems are likely to have the .NET Framework as an integral part. The recent release of Windows Server 2003 is an example of this.
I hope you find this article useful and thanks for reading.
About the Author
Thiru has almost six years of experience in architecting, designing, developing and implementing applications using Object Oriented Application development methodologies. He also possesses a thorough understanding of software life cycle (design, development and testing).
He is an expert with ASP.NET, .NET Framework, Visual C#.NET, Visual Basic.NET, ADO.NET, XML Web Services and .NET Remoting and holds MCAD for .NET, MCSD and MCP certifications.
Conrad Jalali shows how to build Web custom controls by creating one that displays checkboxes in a categorized, hierarchical view. [Read This Article][Top]
Conrad Jalali shows how to extend the functionality of the ASP.NET Calendar control to remove some of the annoying postback delays that occur when populating a text box with a date from a popup calendar. [Read This Article][Top]
This article covers some of the essentials of building reusable Web controls. Learn how to create a Web control and its custom events and event arguments, as well as how to use the control properly within a page. [Read This Article][Top]
ASP.NET provides only one control that supports paging, the DataGrid. Tomasz Kaszuba shows how to build and implement a custom pager for different controls that change depending on the data source or presentation. [Read This Article][Top]
James Culshaw shares his experiences building his first working custom control, a basic mask control that allows input of time values, and offers advice and tips to those just starting out. [Read This Article][Top]
Rob Chartier offers a tour of the .NET Speech SDK Beta 2 and its use of the industry specification SALT. The article shows you how to create a basic speech-enabled Web user control. [Read This Article][Top]
In this article, Luther Stanton shows how to combine inheritance and server controls to create a self-populating drop-down-list control. [Read This Article][Top]
Solomon Shaffer explains custom controls, describes the complexities and issues surrounding building such controls, and walks through a useful example. [Read This Article][Top]
Mailing List
Want to receive email when the next article is published? Just Click Here to sign up.
