Active X

[ThaRubby]

When I make an Active X project and run it, it says Unknown Publisher and it doesnt even give the option to run the project or not just says it was blocked...

[RobDog888]

ActiveX projects, either ActiveX Dll or ActiveX EXE are components that are to be used in other projects/programs.
You can not directly run an ActiveX project. What are you trying to do?

[RobDog888]

If my memory serves me correctly, you want to add a new Standard Exe project to your ActiveX project so
they are both in the same instance of VB for an in-process ActiveX Dll. For an out-of-process ActiveX EXE
you need a separate VB instance of a Standard Exe test project.

[ThaRubby]

Actualy i did this...i started a blank form Active X control packed it into a cab file. Then it gave me a little test file so i put on server clicked on the accept bar it said blocked..its just a blank form...:S

[RobDog888]

Thats an issue with your browsers ActiveX permission settings?
I'm not sure what your trying to do. Are you trying
to create a cab file for packaging and downloading from the web? This is not the way if it is that.

[hassa046]

When I make an Active X project and run it, it says Unknown Publisher and it doesnt even give the option to run the project or not just says it was blocked...

You have to sign the code (.dll or .exe) before you can use it in other apps/projects.
Search for the program CodeSign on the microsoft website.

[Dave Sell]

Even then, you still have to modify your client browser's security settings by adding the web server to the list of trusted sites.

[hassa046]

Even then, you still have to modify your client browser's security settings by adding the web server to the list of trusted sites.

Actually not anymore. If you get a certificate (i use a free one http://www.ascertia.com/onlineCA/iss...aspx?linkID=40) and sign your activex cab with it, it requires only acceptation of this certificate.
I would suggest only to change security settings in IE if you still get problems. I did that first also but is hard to manage and doesn't work always.

[ThaRubby]

Oh well if you have to change browser settings it isnt worth it.

[CodeBlock]

Even then, you still have to modify your client browser's security settings by adding the web server to the list of trusted sites.

Actually not anymore. If you get a certificate (i use a free one http://www.ascertia.com/onlineCA/iss...aspx?linkID=40) and sign your activex cab with it, it requires only acceptation of this certificate.
I would suggest only to change security settings in IE if you still get problems. I did that first also but is hard to manage and doesn't work always.

No, You DONT have to change IE Settings. You just have to make your ActiveX Control Safe for Scripting and Initialization.

Hope the following would help many ppl for implementing your ActiveX control's security settings, without touching IE on the Client side.



Steps on how to create a simple Visual Basic control and mark it safe for scripting and initialization.

1. Create a new folder where you can save all files that you create in this example.

2. Get the OLE Automation Type Library Generator from the Visual Basic CD-ROM. To do this, copy all four files from the \Common\Tools\VB\Unsupprt\Typlib\ folder to your project folder.

3. Copy the following text into Notepad, and save the file in the project folder as Objsafe.odl:

Code:

[
uuid(C67830E0-D11D-11cf-BD80-00AA00575603),
helpstring("VB IObjectSafety Interface"),
version(1.0)
]
library IObjectSafetyTLB
{
importlib("stdole2.tlb");
[
uuid(CB5BDC81-93C1-11cf-8F20-00805F2CD064),
helpstring("IObjectSafety Interface"),
odl
]
interface IObjectSafety:IUnknown {
[helpstring("GetInterfaceSafetyOptions")]
HRESULT GetInterfaceSafetyOptions(
[in] long riid,
[in] long *pdwSupportedOptions,
[in] long *pdwEnabledOptions);

[helpstring("SetInterfaceSafetyOptions")]
HRESULT SetInterfaceSafetyOptions(
[in] long riid,
[in] long dwOptionsSetMask,
[in] long dwEnabledOptions);
}
}

4. At a command prompt, use the CD <path> command to move to the project folder, and type the following command to generate a .tlb file:
MKTYPLIB objsafe.odl /tlb objsafe.tlb

5. From Visual Basic, create an ActiveX Control project. In the Properties list, change the name of the project to IObjSafety and the name of the control to DemoCtl. Put a CommandButton named cmdTest on the control. In the Click event handler of the cmdTest, put a MsgBox "Test" statement.

6. On the Project menu, click References, browse to and add Objsafe.tlb, which you created earlier.

7. Add a new module to your project with the following code, and name the module basSafeCtl:

VB Code:

Option Explicit
 
Public Const IID_IDispatch = "{00020400-0000-0000-C000-000000000046}"
Public Const IID_IPersistStorage = _
"{0000010A-0000-0000-C000-000000000046}"
Public Const IID_IPersistStream = _
"{00000109-0000-0000-C000-000000000046}"
Public Const IID_IPersistPropertyBag = _
"{37D84F60-42CB-11CE-8135-00AA004BB851}"
 
Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2
Public Const E_NOINTERFACE = &H80004002
Public Const E_FAIL = &H80004005
Public Const MAX_GUIDLEN = 40
 
Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" _
(pDest As Any, pSource As Any, ByVal ByteLen As Long)
Public Declare Function StringFromGUID2 Lib "ole32.dll" (rguid As _
Any, ByVal lpstrClsId As Long, ByVal cbMax As Integer) As Long
 
Public Type udtGUID
Data1 As Long
Data2 As Integer
Data3 As Integer
Data4(7) As Byte
End Type
 
Public m_fSafeForScripting As Boolean
Public m_fSafeForInitializing As Boolean
 
Sub Main()
    m_fSafeForScripting = True
    m_fSafeForInitializing = True
End Sub

8. From Project Properties, change the Startup Object to Sub Main to execute the Sub Main above. Use the m_fSafeForScripting and m_fSafeForInitializing variables to specify the values of safe for the scripting and/or initialization variables. Make them both true, if you dont want to change your IE Settings

9. Open the code window of your control. Add the following line of code to the Declaration section (right after Option Explicit or as the first), ie., General Declarations:

VB Code:

Implements IObjectSafety

10. Copy the following two procedures to your control code:

VB Code:

Private Sub IObjectSafety_GetInterfaceSafetyOptions(ByVal riid As _
      Long, pdwSupportedOptions As Long, pdwEnabledOptions As Long)
 
          Dim Rc      As Long
          Dim rClsId  As udtGUID
          Dim IID     As String
          Dim bIID()  As Byte
 
          pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or _
                                INTERFACESAFE_FOR_UNTRUSTED_DATA
 
          If (riid <> 0) Then
              CopyMemory rClsId, ByVal riid, Len(rClsId)
 
              bIID = String$(MAX_GUIDLEN, 0)
              Rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
              Rc = InStr(1, bIID, vbNullChar) - 1
              IID = Left$(UCase(bIID), Rc)
 
              Select Case IID
                  Case IID_IDispatch
                      pdwEnabledOptions = IIf(m_fSafeForScripting, _
                    INTERFACESAFE_FOR_UNTRUSTED_CALLER, 0)
                      Exit Sub
                  Case IID_IPersistStorage, IID_IPersistStream, _
                     IID_IPersistPropertyBag
                      pdwEnabledOptions = IIf(m_fSafeForInitializing, _
                    INTERFACESAFE_FOR_UNTRUSTED_DATA, 0)
                      Exit Sub
                  Case Else
                      Err.Raise E_NOINTERFACE
                      Exit Sub
              End Select
          End If
      End Sub
 
      Private Sub IObjectSafety_SetInterfaceSafetyOptions(ByVal riid As _
      Long, ByVal dwOptionsSetMask As Long, ByVal dwEnabledOptions As Long)
          Dim Rc          As Long
          Dim rClsId      As udtGUID
          Dim IID         As String
          Dim bIID()      As Byte
 
          If (riid <> 0) Then
              CopyMemory rClsId, ByVal riid, Len(rClsId)
 
              bIID = String$(MAX_GUIDLEN, 0)
              Rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
              Rc = InStr(1, bIID, vbNullChar) - 1
              IID = Left$(UCase(bIID), Rc)
 
              Select Case IID
                  Case IID_IDispatch
                      If ((dwEnabledOptions And dwOptionsSetMask) <> _
                   INTERFACESAFE_FOR_UNTRUSTED_CALLER) Then
                          Err.Raise E_FAIL
                          Exit Sub
                      Else
                          If Not m_fSafeForScripting Then
                              Err.Raise E_FAIL
                          End If
                          Exit Sub
                      End If
 
                  Case IID_IPersistStorage, IID_IPersistStream, _
                IID_IPersistPropertyBag
                      If ((dwEnabledOptions And dwOptionsSetMask) <> _
                    INTERFACESAFE_FOR_UNTRUSTED_DATA) Then
                          Err.Raise E_FAIL
                          Exit Sub
                      Else
                          If Not m_fSafeForInitializing Then
                              Err.Raise E_FAIL
                          End If
                          Exit Sub
                      End If
 
                  Case Else
                      Err.Raise E_NOINTERFACE
                      Exit Sub
              End Select
          End If
      End Sub

11. On the File menu, save your project and files. Make an OCX file from your project. Your control now implements the IObjectSafety interface. To test it, insert the control in an .htm file.

Ref: http://support.microsoft.com/kb/q182598/


But this is not just enough. You must also Code Sign your .cab (If you are distributing it as a cab) or .ocx (if your .ocx is not archived on a cab but just directly downloadable. You can either Create CodeSign using the Visual Basic SDK. (You will find this under the Tools folder of your VStudio6 CD-ROM) or use: http://www.ascertia.com/ (where u have to create an account. TIP: Remember that in the registration process, you have to provide some valid information as they will get reflected in your certificate itself shown to the Client. So, once registered they are included in the certificate. )


If this really helps you, please rate my post, thanks.

To any Moderator: Please try to move this post to CodeBank or Utilities for better exposure.

Enjoy! Make your VB Scripting Safe :Wink:

Neo

[CodeBlock]

An easier alternative for Point #10

Point No.10 is BIG because it helps you understand by trying out the different options. If you just want a working code here it is:

VB Code:

Private Sub IObjectSafety_GetInterfaceSafetyOptions(ByVal riid As _
      Long, pdwSupportedOptions As Long, pdwEnabledOptions As Long)
          pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or _
                                INTERFACESAFE_FOR_UNTRUSTED_DATA
          pdwSupportedOptions = pdwSupportedOptions ' All options are suported:
          ' Meaning: Both Untrusted Caller(Scripting) and 
          ' Untrusted Data (Initialization) options are marked Safe.
      End Sub
 
      Private Sub IObjectSafety_SetInterfaceSafetyOptions(ByVal riid As _
      Long, ByVal dwOptionsSetMask As Long, ByVal dwEnabledOptions As Long)
    ' This is when your browser asks you to change your settings.
        ' You can ignore this Sub, if at all u need in a case where the browser 
        ' rejects the settings and sends you back to get notified of the rejection
        ' or any option change.
      End Sub

and Point #7 becomes just this (as in the Module basSafeCtl):

VB Code:

' In some Public Module
Option Explicit
 
Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2

So, this makes life easier.. hehe..

HTH
Neo
---
I just thought i could edit my post with some helpful documentation and some typos.. hehe..

[ThaRubby]

**Blink** Heh thanks ill try all of that when i get home ...I read through it and it seemed like a good step by step tutty. I agree that should go in code bank

[Dave Sell]

Thanks for that tip. I will have to try that out.

[RobDog888]

Very nice Tutorial CodeBlock. You should definately CodeBank it

[CodeBlock]

OK,

Thanks for all those who appreciated my code.

I have a prepared an article on this and posted it in the CodeBank: VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.

Thanks & Regards
Neo

[FerasA]

Here is an easier approach.

1- Create a module file and call it objsafe

2- Copy and paste the following code to the module

Imports System.Runtime.InteropServices

<ComImport()> _

<Guid("CB5BDC81-93C1-11CF-8F20-00805F2CD064")> _

<InterfaceType(ComInterfaceType.InterfaceIsIUnknown)> _

Public Interface IObjectSafety

Function GetInterfaceSafetyOptions(ByRef iid As Guid, ByRef pdwSupportedOptions As Integer, ByRef pdwEnabledOptions As Integer) As Integer

Function SetInterfaceSafetyOptions(ByRef iid As Guid, ByVal dwOptionSetMask As Integer, ByVal dwEnabledOptions As Integer) As Integer

End Interface



3- Now make your class inherits the interface as follows:

Public Class MyClass

Implements IObjectSafety



and also add the folloiwng definitions inside your class:

' Constants for implementation of the IObjectSafety interface.

Private Const INTERFACESAFE_FOR_UNTRUSTED_CALLER As Integer = &H1

Private Const INTERFACESAFE_FOR_UNTRUSTED_DATA As Integer = &H2



4- Implement the two interface methods as follows:

Public Function GetInterfaceSafetyOptions(ByRef iid As Guid, ByRef pdwSupportedOptions As Integer, ByRef pdwEnabledOptions As Integer) As Integer Implements IObjectSafety.GetInterfaceSafetyOptions

pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or INTERFACESAFE_FOR_UNTRUSTED_DATA

pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or INTERFACESAFE_FOR_UNTRUSTED_DATA

Return 0

End Function



Public Function SetInterfaceSafetyOptions(ByRef iid As Guid, ByVal dwOptionSetMask As Integer, ByVal dwEnabledOptions As Integer) As Integer Implements IObjectSafety.SetInterfaceSafetyOptions

Return 0

End Function



Now your COM object is safe for scripting and initializing.

FerasA

[tkai14]

I hope someone can advise me here, I tried implementing IObjectSafe: here's my code:
ctl:
Option Explicit
Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2

Public m_fSafeForScripting As Boolean
Public m_fSafeForInitializing As Boolean

Sub Main()
m_fSafeForScripting = True
m_fSafeForInitializing = True
End Sub

ctl
Option Explicit
Implements IObjectSafety

Private Sub IObjectSafety_GetInterfaceSafetyOptions(ByVal riid As _
Long, pdwSupportedOptions As Long, pdwEnabledOptions As Long)
pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or _
INTERFACESAFE_FOR_UNTRUSTED_DATA
pdwEnabledOptions = pdwSupportedOptions
Exit Sub
End Sub

Private Sub IObjectSafety_SetInterfaceSafetyOptions(ByVal riid As _
Long, ByVal dwOptionsSetMask As Long, ByVal dwEnabledOptions As Long)
End Sub
HTML:
<OBJECT ID="UserControl1" CLASSID="CLSID:AF8E2F9C-A1E0-4FEC-A74E-9145026D685C" CODEBASE="IObjSafety.CAB#version=1,0,0,0"></OBJECT>

My Problems are:
1) I created a button in the control, and tried creating a Click function for that in HTML, but it's not working.
2) used this to skip the first problem temporarily:
<OBJECT ID="UserControl1" CLASSID="CLSID:AF8E2F9C-A1E0-4FEC-A74E-9145026D685C" CODEBASE="IObjSafety.CAB#version=1,0,0,0" onmouseover="printIfIE()"></OBJECT>

But on mouseover, the activeX prompt is still appearing, the control is also Safe for scripting and Initialization when I packaged it to .CAB

Help please