Accessing WSH objects from within IE

TheMSsForum.com: The Microsoft Software Forum

The code works fine in the W2K pro environment but why won't it work within
a web page. I keep getting a cannot create object error. Is there a
workaround so you can access Active Directory from within IE6?

Thanks,

Jim



Option Explicit

Dim oNetwork, UserName

Set oNetwork = CreateObject("WScript.Network")
username = oNetwork.username
MsgBox username
Top

Re: Accessing WSH objects from within IE by Michael

Michael
Sat Jul 17 23:10:09 CDT 2004

JimO wrote:
> The code works fine in the W2K pro environment but why won't it work
> within a web page. I keep getting a cannot create object error. Is
> there a workaround so you can access Active Directory from within IE6?
>


You can use any COM object inside IE hosted script provided you want to deal
with the IE enforced security model regarding "unsafe ActiveX...". Whether
the user allows this is strictly up to them. There is no way to do this
silently without some prior acknowledgement and permission from the end
user...

Whether you use JScript's new ActiveXObject() or VBScript's CreateObject()
or whether you get the prompt or the failure, the issues are still the
same...

Q195826 - PRB: CreateObject Fails from Client-Side Scripts
http://support.microsoft.com/default.aspx?kbid=195826

For an Intranet, network share, or local hard drive scenario, you can simply
use HTAs instead.

Note that an HTA solution is appropriate ***only*** for non-intERnet
scenarios. End users should never be expected to execute an HTA delivered
from an intERnet source any more than expecting them to execute an EXE,
unless they have an extremely high level of trust for the originating site.

That's why accessing an HTA via IE is treated exactly like accessing an EXE.
The end user is prompted to save or open (execute) the HTA, the exact same
prompt as for as any other file type that will execute on the client.

Converting to an HTA can be as simple as saving the file with .hta instead
of .htm as the extension. .hta files are hosted by mshta.exe rather than
iexplore.exe, and have a security model comparable to a conventional Windows
desktop application. Of course accepting and executing an HTA is also up to
the end user...

Description of Internet Explorer Security Zones Registry Entries
http://support.microsoft.com/default.aspx?kbid=182569

If I need that kind of access to client resources, I develop/deploy an HTA
with the actual content hosted as ASP on an IIS server or straight from an
ordinary network file share...

Introduction to HTML Applications (HTAs)
http://msdn.microsoft.com/workshop/author/hta/overview/htaoverview.asp
HTA Reference
http://msdn.microsoft.com/workshop/author/hta/reference/hta_ref_entry.asp

The HTAs I deploy follow a hybrid deployment model. The HTA itself is simply
a wrapper for a trusted iframe hosting an ASP page. The iframe page doesn't
have to be asp. It could be ordinary htm, php, etc., whatever the server
supports.

With this model, it doesn't matter if the user saves/runs a local copy of
the HTA - the real content is delivered via http from a web server. To test
changes to the ASP content, I keep a local copy of the HTA with the base
href URL pointing to a development web server instead of the production
server.

You can use the same model for a network file server deployment as well.
Just change the base href to "\\YourFileServer" and iframe src to
"\YourShare\YourPath\YourPage.htm".

<html>
<head><title>YourTitle</title>
<base href="http://YourProductionServer">
<hta:application id="YourAppId"
applicationName="YourAppName"
singleInstance="yes"
showInTaskbar="yes"
borderStyle="fixed"
/>
</head>
<body scroll="no" style="margin:0px">
<iframe width="100%" height="100%"
frameborder="no" border="0"
marginheight="0" marginwidth="0"
application="yes"
src="/YourSite/YourPath/YourPage.asp"
></iframe>
</body>
</html>





--
Michael Harris
Microsoft.MVP.Scripting
Sammamish WA US

Top

Re: Accessing WSH objects from within IE by nsreddy001

nsreddy001
Tue Jul 27 02:13:21 CDT 2004


Michael Harris \(MVP\) wrote:
> *JimO wrote:
> > The code works fine in the W2K pro environment but why won't i
> work
> > within a web page. I keep getting a cannot create object error.
> Is
> > there a workaround so you can access Active Directory from withi
> IE6?
> >
>
>
> You can use any COM object inside IE hosted script provided you wan
> to deal
> with the IE enforced security model regarding "unsafe ActiveX..."
> Whether
> the user allows this is strictly up to them. There is no way to d
> this
> silently without some prior acknowledgement and permission from th
> end
> user...
>
> Whether you use JScript's new ActiveXObject() or VBScript'
> CreateObject()
> or whether you get the prompt or the failure, the issues are stil
> the
> same...
>
> Q195826 - PRB: CreateObject Fails from Client-Side Scripts
> [url]http://support.microsoft.com/default.aspx?kbid=195826[/url]
>
> For an Intranet, network share, or local hard drive scenario, you ca
> simply
> use HTAs instead.
>
> Note that an HTA solution is appropriate ***only*** for non-intERnet
> scenarios. End users should never be expected to execute an HT
> delivered
> from an intERnet source any more than expecting them to execute a
> EXE,
> unless they have an extremely high level of trust for the originatin
> site.
>
> That's why accessing an HTA via IE is treated exactly like accessin
> an EXE.
> The end user is prompted to save or open (execute) the HTA, the exac
> same
> prompt as for as any other file type that will execute on th
> client.
>
> Converting to an HTA can be as simple as saving the file with .ht
> instead
> of .htm as the extension. .hta files are hosted by mshta.exe rathe
> than
> iexplore.exe, and have a security model comparable to a conventiona
> Windows
> desktop application. Of course accepting and executing an HTA is als
> up to
> the end user...
>
> Description of Internet Explorer Security Zones Registry Entries
> [url]http://support.microsoft.com/default.aspx?kbid=182569[/url]
>
> If I need that kind of access to client resources, I develop/deplo
> an HTA
> with the actual content hosted as ASP on an IIS server or straigh
> from an
> ordinary network file share...
>
> Introduction to HTML Applications (HTAs)
> [url]http://msdn.microsoft.com/workshop/author/hta/overview/htaoverview.asp[/url]
> HTA Reference
> [url]http://msdn.microsoft.com/workshop/author/hta/reference/hta_ref_entry.asp[/url]
>
> The HTAs I deploy follow a hybrid deployment model. The HTA itself i
> simply
> a wrapper for a trusted iframe hosting an ASP page. The iframe pag
> doesn't
> have to be asp. It could be ordinary htm, php, etc., whatever th
> server
> supports.
>
> With this model, it doesn't matter if the user saves/runs a loca
> copy of
> the HTA - the real content is delivered via http from a web server
> To test
> changes to the ASP content, I keep a local copy of the HTA with th
> base
> href URL pointing to a development web server instead of th
> production
> server.
>
> You can use the same model for a network file server deployment a
> well.
> Just change the base href to "\\YourFileServer" and iframe src to
> "\YourShare\YourPath\YourPage.htm".
>
> <html>
> <head><title>YourTitle</title>
> <base href="http://YourProductionServer">
> <hta:application id="YourAppId"
> applicationName="YourAppName"
> singleInstance="yes"
> showInTaskbar="yes"
> borderStyle="fixed"
> />
> </head>
> <body scroll="no" style="margin:0px">
> <iframe width="100%" height="100%"
> frameborder="no" border="0"
> marginheight="0" marginwidth="0"
> application="yes"
> src="/YourSite/YourPath/YourPage.asp"
> ></iframe>
> </body>
> </html>
>
>
>
>
>
> --
> Michael Harris
> Microsoft.MVP.Scripting
> Sammamish WA US *

Hello,
The solution model using HTA seems intresting. even I'm facing simila
problem as Jim/o.
My case is that I'm creating WSCRIPT.NETWORK and then retrieving th
properties UserName and UserDomain from the objNetwork. Yes, as state
above I got to propose to change the IE security setting but am myself
not convinced to give the proposal but of no help I did that. Can it be
possible using HTA to retrieve this info, yes in INTRANET
Only(DOMAIN\Username). If so what and how I need to proceed. Can it be
possible or not?

Thanks in advance.

Regards
Srinivas Reddy



--
nsreddy001
------------------------------------------------------------------------
Posted via http://www.codecomments.com
------------------------------------------------------------------------

Top