Launching win32 native executable from public web site

Question

I've been presented with an architectural challenge and am looking for ideas.

Customer has an existing win32 native application that they are pretty resistant to changing in any but trivial ways. It is written in unmanaged c++ and uses at least one 3rd party dll so it is not a stand alone exe. What it is doesn't matter much, think of it as a customer support communication tool. Ideally the customer wants to launch this from a web site rather than publish it as an installable program. Additionally the customer needs to pass a token to the executable when it executes so it can call home and ask for more instructions.

I will go ahead and concede that how the application would be launched should have been among the first design considerations, not the last -- but it is what it is.

Security concerns over malware, spyware, trojans and the like make this a very unlikely distribution model. I have more experience in not doing this than finding a legitimate way to accomplish it.

Any ideas (positive or negative) are welcome.

Answer 1

Convince the client to let your company fix the original design flaw, most likely at your own expense. Apologize. A LOT.

Answer 2

I can't offer any advise on launching an app that is installed upon the Users' PC. So maybe someone will offer advice on that.

However, there is the alternative solution of installing the application upon your server. You can then write some code that can access the data and display via HTML. This would ideally be easily achieveable with the favoured API's, Web Services and other dohickeys. But I guess that isn't a potential solution?

Your other option is a product similar to some of the integration products from NDL MetaScype.

Their product is effectively a screen-scraping software that basically opens the app and runs what for-all-intents-and-purposes, is a macro. The benefit of this is that all business logic is retained (i.e. you're effectively typing into a field and if that field comes back with an error on the system - your web app should find out too.

Good luck - I think you'll find it remarkably tricky without getting users to alter their security settings for your specific site.

Answer 3

You can try creating an ActiveX control that will download your executable and run it, but this unfortunately limits you to IE. It also creates an additional install/run step for the control on the web page. This might not be acceptable to some of your customers if they have policies around users downloading and running ActiveX controls.

You can also try packaging the exe and it's dependencies as a resource in another exe. The user can download and run this from the web page which extracts the executable and dependencies and runs them. This might be a bit more direct than the ActiveX route, but can still have some of the same limitations around security policies.

You're not going to find a simple solution to this unfortunately - running arbitrary native code from a website is hard by design.

Answer 4

I'm not entirely sure I understand the situation, but it sounds like one option might be to run the application on a server and then use Citrix to enable the client's pcs to access the application like thin clients. My university does this with a number of programs (like Photoshop, for example). I'm not able to access the application to install it, but I can download a small file that launches Citrix and runs the application. The application always has windows-like controls, even though I'm running a Mac. Of course, I still had to install Citrix, so maybe there's not much benefit in going this route, but it might be an easier compromise than some of your other options.

A second, crazier idea would be to integrate the installer into the app so that when it launches for the first time, it installs itself, then starts itself. Then just tell the customer it takes a long time to start for the first time.

Please clarify if my answers suggest I don't understand the problem. I'm quite curious to learn more about the situation.